none
Intune - Hybrid Domain Join Error RRS feed

  • Question

  • Hi guys, i seem to have autopilot set up correctly, having intune support agents confirm that i did it right but they couldnt seem to figure out why im getting this error.

    Basically. i have a laptop im testing with autopilot. Hash imported into autopilot, AD permissions assigned to the Intune Connector Server, but my OOBE screen on my laptop gets stuck at "Please wait while we set up your device" and eventually ends with a 80070774 when this laptop is forsure connected to the network. All profiles are setup correctly.

    I get an error on my intune connector server, heres the error:

    {
    "Metric":{
    "Dimensions":{
    "RequestId":"24c6ff16-6632-4dfc-b4e3-02c8cf79981e",
    "DeviceId":"110f70eb-b660-4a0d-adeb-1834b81b226b",
    "DomainName":"domxxxxx.local",
    "ErrorCode":"9560",
    "RetryCount":"1",
    "ErrorDescription":"We are unable to complete your request because a server-side error occurred. Please try again.",
    "InstanceId":"CCC55336-A613-4D25-B397-BB8DF01A5049",
    "DiagnosticCode":"0x0FFFFFFF",
    "DiagnosticText":"We are unable to complete your request because a server-side error occurred. Please try again. [Exception Message: \"DiagnosticException: 0x0FFFFFFF. We are unable to complete your request because a server-side error occurred. Please try again.\"] [Exception Message: \"Failed to call NetProvisionComputerAccount machineName=XXX-%SERIAL%vPQ\"]"
    },
    "Name":"RequestOfflineDomainJoinBlob_Failure",
    "Value":0
    }
    }

    Has anyone experienced this?

    Wednesday, January 9, 2019 2:33 PM

All replies

  • Are you placing the computers in a custom OU during domain join or are you just letting them go in to the computers container? Is it just this one computer failing or do they all fail? If the are all failing and you are specifying an ensure the correct format is used for the OU and ensure that you properly configured permissions on that OU. 

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Wednesday, January 9, 2019 5:24 PM
  • Just saw this in another post where someone is having the same issue that you describe:

    After you import the Autopilot devices, please don't assign user to the device. If you use the "Assign user" feature with Hybrid Azure AD join AutoPilot, you may experience this problem.

    If the problem occurs, you must delete the AutoPilot device, and re-upload the device into AutoPilot.


    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Wednesday, January 9, 2019 5:48 PM
  • Hey, i tried using a OU at first and got this error, switched it so it would just go into the computer container to just test and had the same problem.
    Wednesday, January 9, 2019 6:00 PM
  • Thanks for this, the AP was assigned. Ill unassign it and try again and ill let you know.
    Wednesday, January 9, 2019 6:01 PM
  • The first time that I was getting this error I had put LDAP:xxxx in the OU path and that's incorrect. ;-)

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Wednesday, January 9, 2019 6:40 PM
  • Hey i actually did what you said by deleting it and re-adding it. It seems to have worked but now im getting a different error... 0x80180005 is the error. Any thoughts?
    Thursday, January 10, 2019 6:12 PM
  • Has hybrid domain join ever worked for you? I assume you are using at least Windows 10 1809? And the user account you are using can enroll devices in to Azure and has a EMS license assigned?

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Thursday, January 10, 2019 6:28 PM
  • I've been trying to get this work for about the last month since 1809 came out.  From what I understand the only way to make this work is to use User-Driven profile, with Hybrid Azure AD joined set.  When I go through and do the startup on an 1809 install specifying its a business computer and then supply my user ID and password everything works except the domain join. 

    I set it up with the Intune Device Configuration Profile for Domain Join (Preview) and provided the settings and properties and then assigned it to a group that is dynamically updated with the computer when its identified.  That appears to happen before the computer gets around to applying the system level profiles, so it should be assigned.  The profile is set to add the computer to an OU, and I made sure that the security policies in AD permit it.

    When I check the device status of the profile it shows "Not Applicable" which I understand is a known bug.  I could live with that, but the device doesn't join the domain.  Looking at the event log there isn't anything obvious showing up.  Any where else I can look for a log for this?


    Bob


    • Edited by Bob Panick Thursday, January 10, 2019 7:28 PM
    Thursday, January 10, 2019 7:05 PM
  • Not so far no.

    the account im using is the global admin tenant, and all users can enroll currently. I have a E3 licensed to myself as well.

    Thursday, January 10, 2019 7:29 PM
  • Not applicables were happening to me on devices that weren't imported into Windows Autopilot with their hardware hash just so you know. Did you do that portion?
    Thursday, January 10, 2019 7:33 PM
  • I was doing that, but that didn't seem like it supported the Hybrid AD Join, so I switched to doing User-Driven which doesn't require the hardware hash.  Which honestly I prefer, it avoids an administrative headache that I can see would happen.

    As I said, everything except the domain join works great.

    I've been trying to find the log entries that JustinAPHSYS mentioned, but haven't found them yet.



    Bob

    Thursday, January 10, 2019 7:39 PM
  • Just out of curiosity, I tried using the device assignment through the S4B and assigning the Domain Join Profile to it.  It showed pending for a while, but didn't work and I'm still getting Not Applicable.

    If it matters the OU I used was in the format OU=Azure Hybrid Computers,OU=XXXXXX,DC=YYYYY,DC=local.


    Bob

    Thursday, January 10, 2019 8:53 PM
  • Usually the error you're seeing occurs if you've hit the maximum join limit of 10 machines (if you don't have delegated permissions to join computers to the domain.)  Have you delegated permissions for creating computers to the machine running the hybrid AAD join connector?  You mentioned it above, but what permissions did you give?  Alternatively you can increase the max from 10, but delegation is the better way.
    Thursday, January 10, 2019 9:00 PM
  • In my case, its delegated, following the instructions for the connector setup.  Nothing shows up in the container.

    Bob

    Thursday, January 10, 2019 9:05 PM
  • Anything unusual in the ODJ Connector Service application eventlog?
    Thursday, January 10, 2019 9:37 PM
  • Russ, the log i posted above is from the ODJ Connector.
    Thursday, January 10, 2019 9:41 PM
  • Nope.  Just two info events 30121 and 30150, looks like about every 60 seconds.

    Bob

    Thursday, January 10, 2019 9:41 PM
  • Hey, i did the permissions inside the autopilot instructions seen here: https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid

    I just up the limit to give it a try. Though i 100 percent added the permissions as shown in the link above.

    Thursday, January 10, 2019 9:57 PM
  • I saw that one, was just wondering what events you have in the ODJ app log.  There should be a 30120 event when the blob is available to it.  If you bump it up to 11 computers and it works, at least you know it's hitting the limit.

    Is it possible the computer name is exceeding the 15 char NetBIOS name limit (how long are your serial numbers?)  Try a shorter name to see if it changes, like XXX-%SERIAL% without the other chars at the end as a test.

    Definitely do make sure you don't have a user assigned as mentioned above.

    Thursday, January 10, 2019 10:48 PM
  • I find it most reliable to upload the csv files in the windows store for business and assign the Autopilot profile there during testing. I’m also seeing issues and errors with dynamic groups but I think that’s just me not creating the memberships correctly.

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Friday, January 11, 2019 12:56 AM
  • I saw that one, was just wondering what events you have in the ODJ app log.  There should be a 30120 event when the blob is available to it.  If you bump it up to 11 computers and it works, at least you know it's hitting the limit.

    Is it possible the computer name is exceeding the 15 char NetBIOS name limit (how long are your serial numbers?)  Try a shorter name to see if it changes, like XXX-%SERIAL% without the other chars at the end as a test.

    Definitely do make sure you don't have a user assigned as mentioned above.

    Russ.... Is the XXX-%SERIAL% working for you? I've not been able to get that to work reliably doing HDJ. Just doing AAD join for one of my customers I'm unable to get the prefix to work as well. I always get DESKTOP-xxxx

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Friday, January 11, 2019 3:03 AM
  • I was doing that, but that didn't seem like it supported the Hybrid AD Join, so I switched to doing User-Driven which doesn't require the hardware hash.  Which honestly I prefer, it avoids an administrative headache that I can see would happen.

    As I said, everything except the domain join works great.

    I've been trying to find the log entries that JustinAPHSYS mentioned, but haven't found them yet.



    Bob

    You have to import the computer for it to work. 

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Friday, January 11, 2019 3:13 AM
  • I'm in the same boat with John Marcum, I get DESKTOP-xxxxxx.  BTW, xxxxxx is NOT the serial number.  If I had to guess its something Windows is coming up with.  I setup a naming template, but that's not picking up for devices using Self-Deploying mode in the enrollment profile.  That is set to ZZZZZ%RAND:4% in the settings.

    I think the Hybrid Domain Join feature may have been pulled back by Microsoft.  When I went to Microsoft Intune > Device Configuration - Profiles and looked at the Domain Join (Preview) profile the Properties > Profile type is blank.  I decided to create a new one to see what was going on and Domain Join (Preview) is no longer available.  So I'm guessing they pulled it back because it isn't working.  If anyone else has a better interpretation, I'd love to hear it.


    Bob

    Friday, January 11, 2019 4:03 PM
  • I tried importing too, doesn't work.

    Bob

    Friday, January 11, 2019 4:04 PM
  • I tried importing too, doesn't work.


    I have never noticed before whether Hybrid Domain Join was available for Self-deploying mode. I checked couple of tenants, and yes hybrid domain join is NOT available for Self deployment scenario. However, Hybrid Domain Join is still available for User-Driven.

    But the documentation only says Hybrid Domain Join with User-Driven method. https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid#create-and-assign-an-autopilot-deployment-profile


    Anoop C Nair

    Blog- https://www.AnoopCNair.com Video Blog- https://howtomanagedevices.com/ Twitter- @anoopmannur Facebook Page- https://www.facebook.com/ConfigMgr/

    Friday, January 11, 2019 4:20 PM
  • I'm in the same boat with John Marcum, I get DESKTOP-xxxxxx.  BTW, xxxxxx is NOT the serial number.  If I had to guess its something Windows is coming up with.  I setup a naming template, but that's not picking up for devices using Self-Deploying mode in the enrollment profile.  That is set to ZZZZZ%RAND:4% in the settings.

    I think the Hybrid Domain Join feature may have been pulled back by Microsoft.  When I went to Microsoft Intune > Device Configuration - Profiles and looked at the Domain Join (Preview) profile the Properties > Profile type is blank.  I decided to create a new one to see what was going on and Domain Join (Preview) is no longer available.  So I'm guessing they pulled it back because it isn't working.  If anyone else has a better interpretation, I'd love to hear it.


    Bob

    Others are stating this morning that HDJ has been pulled temporarily per CSS. As far as the naming goes it seems to work for me using a random number but not if I add %SERIAL% or even the variable for random. 


    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Friday, January 11, 2019 4:27 PM
  • Yep, and if you select User-Driven you get to select the "Hybrid Azure AD joined (Preview)".  But one thing I noticed about this is it doesn't give you an option to specify the OU for the devices in AD.  So the question is do you need the Domain Join profile as well.  So far none of this works, so who knows.

    Bob

    Friday, January 11, 2019 4:28 PM
  • I think its a really interesting way to do Auto Pilot, I hope they get the kinks worked out.

    Bob

    Friday, January 11, 2019 4:29 PM
  • I think its a really interesting way to do Auto Pilot, I hope they get the kinks worked out.

    Bob

    Intune Support team confirmed that this issue is getting fixed soon. More details here.

    Anoop C Nair

    Blog- https://www.AnoopCNair.com Video Blog- https://howtomanagedevices.com/ Twitter- @anoopmannur Facebook Page- https://www.facebook.com/ConfigMgr/

    Friday, January 11, 2019 10:06 PM
  • That's good, now if we can get it to actually work that would be even better.

    Bob

    Friday, January 11, 2019 10:08 PM
  • I saw that one, was just wondering what events you have in the ODJ app log.  There should be a 30120 event when the blob is available to it.  If you bump it up to 11 computers and it works, at least you know it's hitting the limit.

    Is it possible the computer name is exceeding the 15 char NetBIOS name limit (how long are your serial numbers?)  Try a shorter name to see if it changes, like XXX-%SERIAL% without the other chars at the end as a test.

    Definitely do make sure you don't have a user assigned as mentioned above.

    Russ.... Is the XXX-%SERIAL% working for you? I've not been able to get that to work reliably doing HDJ. Just doing AAD join for one of my customers I'm unable to get the prefix to work as well. I always get DESKTOP-xxxx

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo


    John - no it doesn't let you yet for Hybrid AAD join.  If you mouse over it, it says you can enter a prefix and it'll randomly generate the rest.  It's still preview, so give it some time, it'll come :).
    Friday, January 11, 2019 10:51 PM
  • That's good, now if we can get it to actually work that would be even better.

    Bob


    It definitely works, but the Domain Join (Preview) configuration option disappearing was a bit of a surprise for me too!
    Friday, January 11, 2019 11:03 PM
  • Hey all, work has been busy so i havent been troubleshooting. I find it odd that 3 of us are having problems using XXX-%serial% , tomorrow ill re-import and trying a different name.

    Also i looked into my serials, and it would be 14 chars.

    Tuesday, January 15, 2019 1:40 AM
  • {
    "Metric":{
    "Dimensions":{
    "NumRequests":"1",
    "ActivityId":"9f3c8286-a603-4cc5-ae2d-164528accf37",
    "RequestIds":"[ 359279ac-3c37-43fc-8b40-347676c26880 ]",
    "DeviceIds":"[ a50e6670-e378-42ca-a265-d953f3088bc2 ]",
    "DomainNames":"[ domxxxxxx.local ]",
    "ComputerNameStaticPrefixes":"[ xxxx%RAND:4% ]",
    "ComputerNameSuffixCounts":"[ 3 ]",
    "InstanceId":"CCC55336-A613-4D25-B397-BB8DF01A5049",
    "DiagnosticCode":"0x00000000",
    "DiagnosticText":"Successful"
    },
    "Name":"RequestHandlingPipeline_DownloadSuccess",
    "Value":0
    }
    }

    Heres the 30120

    Tuesday, January 15, 2019 2:15 AM
  • Any thoughts on this guys? I have some time to do some testing today
    Tuesday, January 15, 2019 5:01 PM
  • On a positive note the Domain Join Profile is back.  But it still doesn't work.  So far the machine rename and the domain join both seem to do absolutely nothing.

    I think I'm going to go back step by step and verify the settings.  I'm sure they are all according to what the documentation shows. 


    Bob

    Tuesday, January 15, 2019 5:12 PM
  • Same spot. The idea of it is so perfect and would help my company so much. I just want it to work. Hoping one of the techs review my 30210 error above, if not i will do the same.
    Tuesday, January 15, 2019 5:23 PM
  • Good news guys, i think i got some new clarification from Microsoft and theyre aware of the problem we're having.

    "We were working with our internal team and found that this is an ongoing issue and being checked by our Intune engineering team and will be fixed in the Intune upcoming releases.

    The team is currently working on a fix and its postponed to end of this month and there is no confirmation.

    We request you to please refer the below link at least every alternate week that would help you with the new features coming up in Intune."



    Ill keep the thread updated with the solution. I asked them what exactly the issue is so ill try to clarify what the problem is.
    • Edited by JustinAPHSYS Tuesday, January 15, 2019 7:16 PM
    • Marked as answer by JustinAPHSYS Tuesday, January 15, 2019 7:39 PM
    • Unmarked as answer by JustinAPHSYS Tuesday, January 15, 2019 7:39 PM
    Tuesday, January 15, 2019 7:15 PM
  • That's good information Justin, thanks for posting.  Just out of curiosity, where did you find this at?

    Bob

    Tuesday, January 15, 2019 7:18 PM
  • Ive had a support ticket with Microsoft in my tenant, i've been in support calls with them trying to fix my problem and they werent able to fix it. I missed their call and i was then messaged that. 

    Tuesday, January 15, 2019 7:34 PM
  • I think I may have found a prerequisite that's required to make the Hybrid AD mode work.  I was doing some related stuff around Hybrid AD and discovered that there is a requirement for Windows Server 2016 domain controllers to make it work, and likely a newer version of the connector than what I'm running.  I'm in the process of upgrading my DCs to test this out.  It will likely take a day or two to get through that.  Fortunately its a lab so I can get it done without lots of hassle. 

    What's interesting here is that there isn't anything in the documentation for the Intune stuff that calls this out.  Of course, it may not be required, but I'm betting this may be why some of us are seeing problems.


    Bob

    Thursday, January 17, 2019 8:38 PM
  • I think I may have found a prerequisite that's required to make the Hybrid AD mode work.  I was doing some related stuff around Hybrid AD and discovered that there is a requirement for Windows Server 2016 domain controllers to make it work,

    Out of interest, how did you find out this requirement for 2016 Domain controller requirement? Is there any support case raised for this?

    Anoop C Nair

    Blog- https://www.AnoopCNair.com Video Blog- https://howtomanagedevices.com/ Twitter- @anoopmannur Facebook Page- https://www.facebook.com/ConfigMgr/

    Thursday, January 17, 2019 9:23 PM
  • I was looking into some stuff for doing Co Management with Intune and SCCM and one of its requirements is Hybrid Azure AD, and it had some links about how to set it up.  Most of it looked similar to what I had setup previously, and then I noticed a comment that it required Windows Server 2016, and I believe version 85 of the schema.  I don't know for sure if this makes it a requirement for Intune being able to do it or not, but it makes a certain amount of sense.

    Bob

    Thursday, January 17, 2019 9:40 PM
  • Well, it took most of the day to upgrade the domain controllers to 2016 and get the Azure connector working again in Hybrid AD mode.  Unfortunately, it didn't make any difference, the computer name is still not matching the template/prefix and its not doing the domain join.

    Bob

    Friday, January 18, 2019 9:37 PM
  • Well, it took most of the day to upgrade the domain controllers to 2016 and get the Azure connector working again in Hybrid AD mode.  Unfortunately, it didn't make any difference, the computer name is still not matching the template/prefix and its not doing the domain join.

    Bob

    Make sure you have the October 2018 or newer CU applied to your Win10 image.  What I did was service my 1809 WIM with the latest CU and then convert it to a VHDX with Convert-WindowsImage (i'm using Hyper-V VMs).  The connector install requires server 2016, but AFAIK not 2016 domain controllers.

    For Hybrid AAD join, you can supply a prefix and the rest will be random for now.  That seems to work for me.  If you haven't tried this walkthrough, I feel it's one of the better ones out there to follow.


    Saturday, January 19, 2019 4:33 AM
  • Interesting, I didn't even think about a CU being available, largely because the WIM hasn't been out all that long.  I'll have to think about the best approach to doing that and see what I get.

    Bob

    Saturday, January 19, 2019 5:04 AM
  • Well, it took most of the day to upgrade the domain controllers to 2016 and get the Azure connector working again in Hybrid AD mode.  Unfortunately, it didn't make any difference, the computer name is still not matching the template/prefix and its not doing the domain join.


    Bob

    Make sure you have the October 2018 or newer CU applied to your Win10 image.  What I did was service my 1809 WIM with the latest CU and then convert it to a VHDX with Convert-WindowsImage (i'm using Hyper-V VMs).  The connector install requires server 2016, and 2016 domain level (schema level 85)

    For Hybrid AAD join,you can supply a prefix and the rest will be random for now.  That seems to work for me.  If you haven't tried this walkthrough, I feel it's one of the better ones out there to follow.

    https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains



    Saturday, January 19, 2019 6:08 AM
  • I think I may have found a prerequisite that's required to make the Hybrid AD mode work.  I was doing some related stuff around Hybrid AD and discovered that there is a requirement for Windows Server 2016 domain controllers to make it work,

    Out of interest, how did you find out this requirement for 2016 Domain controller requirement? Is there any support case raised for this?

    Anoop C Nair

    Blog- https://www.AnoopCNair.com Video Blog- https://howtomanagedevices.com/ Twitter- @anoopmannur Facebook Page- https://www.facebook.com/ConfigMgr/


    It’s mentioned here. https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains
    Saturday, January 19, 2019 6:11 AM
  • I see no requirement for a 2016 DC, just a 2016 server.

    Tuesday, January 22, 2019 4:14 PM
  • WOW.

    Seriously.... i removed the naming standard i have as suggested above, and as soon as i did it went through.

    I really hope microsoft fixes this issue!

    Also to those saying 2016 DC Is required, my config is with a 2012 DC, but the connector is on a 2016 server.
    Tuesday, January 22, 2019 4:59 PM
  • WOW.

    Seriously.... i removed the naming standard i have as suggested above, and as soon as i did it went through.

    I really hope microsoft fixes this issue!

    Also to those saying 2016 DC Is required, my config is with a 2012 DC, but the connector is on a 2016 server.

    Hi Justin,

    What naming convention are you now using? Or are you using no naming convention at all?

    Friday, February 1, 2019 3:05 PM
  • When I was looking through the requirements for Hybrid Azure AD there was a qualification on the schema level required.  After I upgraded my DCs to 2016 and updated the Azure AD sync connector my domain joined machines showed up in Azure AD.  Interestingly I hadn't updated my schema at the time. Oddly though I had forgot about raising the functional level of the forest.

    I also looked into applying updates into the WIM and came to the conclusion if that's the required fix then there isn't any point doing it.  Particularly with machines from the factory that likely won't have the updates applied.  I was curious so I started a fresh install of 1809, using the version that was released in December, to see if Windows would load the updates prior to running the Auto Pilot instructions.  If it did it didn't make any difference.

    Justin, how did you remove the prefix?  Its a required field in the Domain Join Profile and the Self Deploying Windows Enrollment Profile. 



    Bob

    Friday, February 1, 2019 4:30 PM
  • I"m just using the %RAND% for now. It seems to work sometimes using %SERIAL% but not all the time. As I stated before I think if the prefix plus the serial exceeds the support number of characters that makes it bomb. (VM's are always more than the supported number) 

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Saturday, February 2, 2019 12:47 AM
  • Hi JustinAPHSYS:

    I am running in to the same problem, and I post it to TechNet. One of the MSFT Zoe Mo is helping me trouble shot at it, he is very kind. He told me about your post, and seems like you had the problem fixed. Would you mind helping me shed light into my problem please? and there is my post about what I have done with hybrid Domain Join autopilot deployment:

    https://social.technet.microsoft.com/Forums/windows/en-US/fc2a8b82-7ee2-4e65-9b4a-b4ad4a0e102f/computer-stuck-at-quotplease-wait-while-we-set-up-your-devicequot-when-autopilot-profile-is?forum=win10itprosetup#9abd247c-9be9-415f-a7f8-4937092b11c5

    Thanks very much


    yan

    Tuesday, February 12, 2019 8:23 PM
  • I just discovered this discussion - good to know I'm not the only one banging my head and trying to figure it out...

    So, to summarise - no one made Hybrid Domain Join working fully, right?

    Friday, February 15, 2019 1:05 PM
  • Hi Toffitomek:

    Same here, good to know I am not the only one. Could you share where you stuck at please? may be I can get some idea from you for my problem , and by the way there is my post of where I stuck, and I got one of the MSFT Zoe Mo helping me for troubleshoot, help it can help you as well.

    https://social.technet.microsoft.com/Forums/windows/en-US/fc2a8b82-7ee2-4e65-9b4a-b4ad4a0e102f/computer-stuck-at-quotplease-wait-while-we-set-up-your-devicequot-when-autopilot-profile-is?forum=win10itprosetup#9abd247c-9be9-415f-a7f8-4937092b11c5

    thanks  


    yan

    Friday, February 15, 2019 6:21 PM
  • I got stuck with basically nothing happening.  I've decided to put it on hold for a few weeks and I'll try it again then.  We told the customer to push off their plans for using it for a while.  Looks like we are going to be using SCCM instead, they wanted to try moving off of it, but right now doing Intune doesn't look like its going to work, besides for domain join to work it has to be connected to the corporate network anyway. 

    Bob

    Friday, February 15, 2019 9:37 PM
  • I just discovered this discussion - good to know I'm not the only one banging my head and trying to figure it out...

    So, to summarise - no one made Hybrid Domain Join working fully, right?

    It does work but keep in mind this is still a preview feature so it's not expected to be flawless. 

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Tuesday, February 19, 2019 6:50 PM
  • Hi toffitomek:

    I Just fixed my problem for my Hybrid Autopilot deployment, it was my user right problem, I forget to give user right to enroll device to MDM, once I change it. my testing computer fully ad and aad enrolled.


    yan

    Friday, February 22, 2019 10:40 PM
  • For the Hybrid Domain Join preview feature you currently cannot use any variables such as %SERIAL%, but only a simple Prefix such as W10-, XYZ- or ABC-with or without a dash. If you attempt to use a variable, you will get "Server Error Code 80180005" or "Error code 80070774". You get the message "Something went wrong" on the client device.

    I was able to reproduce this issue both in my lab (with no firewalls or proxies) and in my customer's environment.

    I've created a post on my blog site which you can find linked below with all the details and screenshots.

    https://www.moderndeployment.com/intune-hybrid-domain-join-error-80180005/

    Regards,

    Nathan


    • Edited by Nathan_Bridges Sunday, February 24, 2019 1:56 AM added additional note with example variable that cannot be used.
    • Proposed as answer by Nathan_Bridges Sunday, February 24, 2019 1:57 AM
    Sunday, February 24, 2019 1:54 AM
  • For the Hybrid Domain Join preview feature you currently cannot use any variables, but only a simple Prefix such as W10-, XYZ- or ABC-with or without a dash. If you attempt to use a variable such as %SERIAL%, you will get "Server Error Code 80180005" or "Error code 80070774". You get the message "Something went wrong" on the client device.

    I was able to reproduce this issue both in my lab (with no firewalls or proxies) and in my customer's environment.

    I've created a post on my blog site which you can find linked below with all the details and screenshots.

    https://www.moderndeployment.com/intune-hybrid-domain-join-error-80180005/

    Regards,

    Nathan

    • Proposed as answer by Nathan_Bridges Sunday, February 24, 2019 1:57 AM
    Sunday, February 24, 2019 1:55 AM
  • To also update this guys, all i did with my computer name is do my regular lettering then if you place nothing else it randomizes the rest of the name.

    Sunday, February 24, 2019 10:12 PM
  • Can you mark my comment as the answer? Glad you came to the same conclusion.

    Nathan

    my web blog:

    https://www.moderndeployment.com/

    Sunday, February 24, 2019 11:48 PM
  • Hi All,

    So I have tried this process many times and for me it only worked when the preview just started. I use no variables in our naming convention. But for us it makes no difference, I still get the 80070774 error code. 

    To me this seems like an intermittent issue that does not affect all tenants. I hope MS will soon fix this and make it stable again.

    regards, Jeroen Dijkman

    Monday, February 25, 2019 12:03 PM
  • I understand.

    What does your Intune Connector Server Event Viewer log show under "ODJ Connector Service" as shown in this screenshot? Does it show an error for the Request Offline Domain Join blob; or successful?

    Of does it show an error like below? That will tell you if the computer name prefix you are using in incorrect for sure. If you don't get an error like this you need to suppress the Enrollment Status page until Microsoft can address that separate issue.

    Disable SkipUserStatusPage enrollment page using the steps outlined here.

    Monday, February 25, 2019 2:33 PM
  • Did you go through the two troubleshooting blogs that Niehaus posted? You should be able to get detailed problem description that way. 

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Monday, February 25, 2019 10:37 PM
  • I understand.

    What does your Intune Connector Server Event Viewer log show under "ODJ Connector Service" as shown in this screenshot? Does it show an error for the Request Offline Domain Join blob; or successful?

    Of does it show an error like below? That will tell you if the computer name prefix you are using in incorrect for sure. If you don't get an error like this you need to suppress the Enrollment Status page until Microsoft can address that separate issue.

    Disable SkipUserStatusPage enrollment page using the steps outlined here.

    Actually the ODJ connector log does not show anything. Just generic messages. It looks like the request is not even picked up. I have double checked all connections, network and that all seems fine. I will need to check if maybe some firewall rules have changed.
    Tuesday, February 26, 2019 9:19 AM
  • Did you go through the two troubleshooting blogs that Niehaus posted? You should be able to get detailed problem description that way. 

    BI For SCCM https://www.fatstacks.tech/home/bi | Register for a Free Demo

    Yes I went through these troubleshooting guides. This gave me the info that the 80070774 is an error of not finding the domain/dc. But this does not really help because when I check from the effected device I can connect to the DC.
    Tuesday, February 26, 2019 9:22 AM
  • I would double-check if your companies web proxy is setup to allow this traffic for Hybrid Domain join Intune Service Connector to actually access the cloud service. 

    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-connectors-with-proxy-servers

    https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid

    Thanks

    Nathan

    Tuesday, February 26, 2019 11:38 PM
  • I would double-check if your companies web proxy is setup to allow this traffic for Hybrid Domain join Intune Service Connector to actually access the cloud service. 

    https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-connectors-with-proxy-servers

    https://docs.microsoft.com/en-us/intune/windows-autopilot-hybrid

    Thanks

    Nathan

    Thanks for the tip. I followed the instructions in the web proxy setup document but the result is the same. Still the 80070774 error. 

    I am wondering if it is possible that incoming traffic to the connector is blocked by a firewall. This is the next thing I am checking. When I look at the ODJconnector log the only entries I can find are the 30121 and 30150 which seem to be ok. But I never see the Domain Join request coming in.

    Does anyone know if a firewall could block the incoming requests. And if there is a way to check some logs on the Intune side.

    thanks,

    Jeroen

    Thursday, February 28, 2019 11:40 AM
  • Hi All,

    An update from my side. We still have the same issue with the 80070774 error. I have made sure that the server with the ODJ connector on it has full and unrestricted internet access. No proxies or firewall that can block anything.

    Still not working. The ODJ connector log does not show the ODJ request at all. Just the two generic ones that check for requests.

    I am wondering if there could be an issue between Intune and the connector. 

    Any feedback is highly appreciated.

    regards,

    Jeroen Dijkman

    Thursday, March 14, 2019 1:25 PM
  • For the Hybrid Domain Join preview feature you currently cannot use any variables such as %SERIAL%, but only a simple Prefix such as W10-, XYZ- or ABC-with or without a dash. If you attempt to use a variable, you will get "Server Error Code 80180005" or "Error code 80070774". You get the message "Something went wrong" on the client device.

    I was able to reproduce this issue both in my lab (with no firewalls or proxies) and in my customer's environment.

    I've created a post on my blog site which you can find linked below with all the details and screenshots.

    https://www.moderndeployment.com/intune-hybrid-domain-join-error-80180005/

    Regards,

    Nathan


    This is correct. The domain join prefix doesn't support variables. It works fine for me without variables.If you use a variable you will get the error code 80180005.
    Thursday, March 28, 2019 10:36 PM
  • HI Jeroen,

    Hybrid Azure AD worked for me. Please try this.

    1. In OOBE stage, enter SHIFT+F10 and access the command prompt

    2. Be able to ping the domain controller of the domain you are trying to join.

    3. Add DNS entry in to network and sharing setting (Control.exe)

    Wednesday, May 15, 2019 4:02 PM
  • I have the exact same problem, i currently have a ticket open with Microsoft, there's like 5 techs looking at this issue and they're not sure what the root cause is.

    The ODJ connector shows active but I get those generic logs and nothing changes.

    Microsoft tech got me to also try to manually enrolling the non domain joined device in work/school account, and it does not enroll either with the workplacejoin Azure profile. They tried to pawn it off as a network issue but couldn't come up with the conclusion it is network related. They just escalated the ticket to their engineering team today.

    

    Friday, May 24, 2019 4:00 PM
  • I am running into the exact same issue. ODJ connector log only shows 30121 and 30150. Initial autopilot setup will eventually time out with error 80070774. Intune connector is active, installed on a file server with Windows Server 2016. AD services are installed and permission is delegated as in Microsoft's article. PDC is running Windows Server 2012.
    Thursday, June 27, 2019 8:43 PM
  • Followed the suggestions here to apply the domain join profile to the intune device rather than user and it worked! I successfully joined the domain in autopilot! https://social.technet.microsoft.com/Forums/en-US/4bd625dc-38db-46cf-b982-d70d91dbbc34/autopilot-azure-hybrid-ad-join-error-80070774?forum=microsoftintuneprod
    Friday, June 28, 2019 11:57 AM