When researching this I found that the Token Broker Research indicated that AADTokenBrokerPlugin is a The error logs for the user state issue was consistent in the event logs but research was not finding distinctive results however we decided to investigate in the device category of the event log rather than the event ID which is where we found the resolution. The only option remaining out the three was toįurther investigate the Alternate Login ID due to the user previously having a Were able to successfully enrol the devices and other devices Proxy would not be the root cause otherwise this would fail for everyone, users State working for multiple users post migration. To the new migrated AD object by using the ms-DS-ConsistencyGuid source anchor.Ĭould not determine if the login account was causing the issue due to the user UPN was matching the primary SMTP and username in office 365 which was linked Bad storage key (STK) in TPM associated with theĭevice upon registration (check the KeySignTest while running elevated).īad storage key (STK) never failed on the machines when running the status as elevated:.The existing user account still fails on their own machine.ĭefaultwamset this leads to three possible resolutions: State error clears and turns to Yes, the device then enrols into Intune however If another user logs on the device then the user The delta sync on AD connect to re-establish the machine as hybrid joined inĪlso ran the dsregcmd /leave which removes the deviceįrom azure and then re-joins on the next delta sync, but this made noĮvent logs showing the following two errors: Removed all instances of the device in Azure and ran Many user wamdefaultset shows yes and enrols theĮrror message when running dsregcmd /status:.User state when running dsregcmd /status shows.All the devices azureadjoin and pull down the.Account source anchor is ms-DS-ConsistencyGuid.Previous UPN was different then new UPN due to.Machines and user accounts were migrated using.Log: 0xcaa5001c Token broker operation failed.
Exception of type 'class Exception' at enumerateaccountsbrokeroperation.cpp, line: 37, method: EnumerateAccountsBrokerOperation::Executelmpl.Error: 0xCAA10009 The value specified for 'clientId' must be non-empty.Device state looks fine, user state still looks hosed.Ībout 17 minutes after logging in, I see another error in the Analytical event log.Validate the computer is now in Azure again (Get-MsolDevice -name *computername*).manually run an Azure AD Sync (Start-SyncSyncCycle -policytype delta).Manually delete the computer from Azure (Get-MsolDevice -name *computername* | Remove-MsolDevice -force).I'm running a hybrid environment with Azure AD Connect, no ADFS here.ĭsregcmd /status shows the information I'd expect to see for the device state I am able to successfully leave and join the computer to and from Azure without a problem.
0 kommentar(er)
