Workplace Join discovery failed. Exit code 0x80072F19

Workplace Join discovery failed. Exit code 0x80072F19

I was trying to setup with Web Application Proxy Lab on Server 2012 R2 RTM and ran into issue with Workplace Join as it failed to join and encountered error :

Confirm you are using the correct sign-in info, and that your workplace uses this feature. Also the connection to your workplace might not be working right now. Please wait and try again



My Setup was like this :

DC :       Server 2012 R2 RTM
ADFS :   Server 2012 R2 RTM
WAP :    Server 2012 R2 RTM
Client  :  Windows 8.1 RTM

To troubleshoot the issue, I had a look at the Events for Workplace Join in Event Viewer on the Client :

Event Viewer >> Application and Service Logs >> Microsoft >>  Windows >> Workplace Join - Admin

By default they are disabled and on right side of the Event Viewer we need to enable it.

After that tried to join again and then checked Workplace Join Admin events again.

Here we saw Error Event 102 : Workplace Join discovery failed. Exit code 0x80072F19



Connection to EnterpriseRegistration Enrollment website was successful as I was able to access it without any errors.



I had a look at Exit code 0x80072F19 in Err



So it is saying ERROR_INTERNET_SEC_CERT_REV_FAILED

I enabled CAPI Events in Event Viewer as they are disabled by default

Event Viewer >> Application and Service Logs >> Microsoft >>  Windows >> CAPI2 - Operational

Here I saw CAPI2 Event 81 which talks about Failure for Revocation (80092013)



However I was able to access my CRL successfully from the client machine



To fix this I had to disable CRL Check in Internet Explorer Advanced Settings

Unchecked the option "Check for server certificate revocation " - Don't do it on production setup



Then after that I tried Workplace Join again and it worked fine



I am still investigating the CRL issue as CRL is accessible from client. I will update this Wiki Article as soon as I will get it working with revocation check enabled till then you can play with you LAB without CRL check :)

More information regarding Web Application Proxy 2012



Junaid Jan
MSD - Escalation Services


Sort by: Published Date | Most Recent | Most Useful
Comments
  • BIG THX for this!!! Had the same error, this fixed the error.

  • Hi Junaid,

    Did you ever manage to find the root cause for this? We're having the same problem and obviously as you have mentioned, turning off the check for server revocation in a production environment is not advised.

  • I have log enabled, but there is no log there even though workplace join fails. why ?

  • I had the same issue in my lab despite having configured my PKI to publish CRL's to an HTTP location accessible to a non-domain joined client. In the end I resolved by...

    1. Re-publishing (non-delta) CRL. Obviously my PKI had already published a CRL prior to me configuring an HTTP location and the Freshest CRL location in that already published CRL only contained the default LDAP location. After re-publishing the CRL, both LDAP and HTTP locations appeared in the Freshest CRL location

    2. Clearing the CRL cache on the client to force it to go to the network and pull the re-published CRL. I used the information at blogs.technet.com/.../how-to-refresh-the-crl-cache-on-windows-vista.aspx to do this

    After these two things, everything worked fine

Page 1 of 1 (4 items)