Microsoft Endpoint Manager: Troubleshoot Hybrid Device Joined

Good day everyone, hope you all are taking care of your health and safety during this pandemic. Hope you guys are also getting your booster shots.

Today’s issue is related to Microsoft Endpoint Manager, on hybrid device joined. I notice that when a device’s Azure AD Registered icon is removed from the Endpoint Manager portal and if the machine didn’t reboot immediately and leaving the device there for more than an hour after I have made the changes in the portal, the device will have issue in joining/registering as hybrid join.

There is this cache that the device stored, I’m not too sure about what is the refresh time that the device retrieve the new update from portal.

Symptoms that your hybrid join was not successful:

  1. The device’s Register status keeps showing/stuck at Pending, at Endpoint Manager
  2. The device’s MDM status keeps showing/stuck System Center Configuration instead of Microsoft Intune, at Endpoint Manager
  3. Command prompt keeps showing the MDM warning, when I perform “gpupdate /force” even though the machine’s object is no longer found in Endpoint Manager
  4. In the dsregcmd /status shows the DeviceAuth: Failed.Device is either disconnected or deleted.

Steps to resolve:

  1. First clear the machine object from Endpoint Manager
  2. Run an Azure AD Connect synchronization from on-premises
  3. Once the Azure AD Connect synchronization completed then proceed to the next step…
  4. Reboot the machine
  5. Launch the command prompt as administrator on the affected machine, and run the following command “dsregcmd /leave”
  6. Then run “dsregcmd /status”, check to make sure the the device is unjoined
  7. Go to the registry editor, “HKLM\SOFTWARE\MICROSOFT\Enrollments” delete all the GUID looking keys
  8. Reboot the machine
  9. Try again the hybrid join procedure

If you can’t delete some of the keys due to the system not allow, then it is fine, you can proceed deleting the ones that can delete.

References:

  1. https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/pending-devices
  2. https://www.itpromentor.com/troubleshooting-weird-azure-ad-join-issues/

Author: sabrinaksy

Just an ordinary lady who love what she does best.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: