- Remove From My Forums
-
Question
-
hi All,
it has been highlighted in our environment that «Windows 10 devices are trying to register to Azure AD and failing«.
we have Azure AD (infra) configured but we don’t want to register our Windows 10 devices, which are on-prem AD joined to register to Azure AD.
do anyone know what is causing this error? and how to stop devices trying to register to azure AD.
Here is the screenshot of the error event:
Thanks in advance.
All replies
-
I am not sure about the error, but has someone set a GPO to automatically register the machines? I would do a gpresult /scope computer /h gpresult.html one of the machines and see if there has been a GPO set.
The GPO can be found at Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration. Right-click Register domain-joined computers as devices or Computer Configuration > Policies > Administrative
Templates > Windows Components > Workplace Join > Automatically workplace join client computers -
Thanks for your reply Nick.
The problem is that I have already set «Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration. Right-click Register domain-joined computers as devices
» as DisabledAlso, I can’t find Computer Configuration > Policies > Administrative Templates > Windows Components > Workplace Join > Automatically workplace join client computers
-
Automatically workplace join client computers is older. It doesn’t matter.
Can you do a gpresult like mentioned above to see that it isn’t picking up a GPO from somewhere else to automatically register? And that it is picking up your disabled GPO.
-
Sorry my bad. I realised that after I posted my comment. Thanks for highlighting that.
The policy where I have disabled (Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration. Right-click Register
domain-joined computers as devices)is getting deployed. I am currently checking all the other policies that are currently deployed to the windows 10 devices.
But I have noticed on these devices that:
- the scheduled task (Automatic-Device-Join) is disabled
2) The Registry value (AutoWorkplacejoin) = 0)
-
Also, confirmed that in all the other GPOs (applied to windows 10 devices), this setting is not configured
-
-
Proposed as answer by
Sunday, April 9, 2017 5:35 AM
-
Proposed as answer by
-
I experience the same issue. We want to prevent our WS2016 Servers from Azure AD join. Even when Register
domain-joined computers as devices is disabled they continue with Azure AD domain join. I have noticed they do it even after policy is disabled and i do gpupdate. For the moment i could say this happens when RDH role is installed on servers. -
Anyone find a solution for this?
Having the same problem with Windows Server 2016 LTSB.
GPO applied.
Task Scheduler shows the task disabled, but history continues to log the task executing, then being disabled again.
Events 304 and 307 keep occurring.
There’s no place like 127.0.0.1
-
Any solution so far for this?
Have the same Problem with Windows 10 1803 Clients US-version…no problem on DE-versions!
-
Same issue here… does anyone have a solution?
I also get the message in Eventlog:
«Error: ‘invalid_tenant’ Description: ‘Tenant <domainname.local.com> not found. This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator’. TraceId: {ebf91047-a1a6-48f2-81ef-fe13c8dac807}»
-
anyone have any luck in stopping devices from registering with azure?
-
Setting the GPO to Disabled does not stop me from seeing the event log messages where it is trying to do something. I do not want my servers to even try to reach out to Azure AD so can this be stopped?
Computer Configuration (Enabled)hide
Administrative Templateshide
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/Device Registrationhide
Policy Setting Comment <span gpmc_settingdescription=»This setting lets you configure how domain joined computers become registered as devices. When you enable this setting, domain joined computers automatically and silently get registered as devices with Azure Active Directory.
Note: Additional requirements may apply on certain Windows SKUs. Refer to Azure Active Directory Device Registration Overview.
http://go.microsoft.com/fwlink/?LinkId=307136
» gpmc_settingname=»Register domain joined computers as devices» gpmc_settingpath=»Computer Configuration/Administrative Templates/Windows Components/Device Registration» gpmc_supported=»At least Windows Server 2012 R2 or Windows
8.1″ tabindex=»0″>Register domain joined computers as devicesDisabled -
Log Name: Microsoft-Windows-User Device Registration/Admin
Source: Microsoft-Windows-User Device Registration
Date: 7/15/2019 1:32:16 PM
Event ID: 304
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: TESTxxx.xxx.com
Description:
Automatic registration failed at join phase. Exit code: Unknown HResult Error code: 0x801c03f2. Server error: empty. Debug Output:\r\n joinMode: Join
drsInstance: azure
registrationType: sync
tenantType: managed
tenantId: bx1400-f938-4×49-xx
configLocation: undefined
errorPhase: join
adalCorrelationId: undefined
adalLog: undefined
adalLog: undefined
adalResponseCode: 0x0
.
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
<System>
<Provider Name=»Microsoft-Windows-User Device Registration» Guid=»{2xxxx-67xD-4xA3-xx36-D43E5xx5″ />
<EventID>304</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime=»2019-07-15T18:32:16.062888600Z» />
<EventRecordID>358</EventRecordID>
<Correlation />
<Execution ProcessID=»3572″ ThreadID=»3576″ />
<Channel>Microsoft-Windows-User Device Registration/Admin</Channel>
<Computer>TESTxxxx.xxx.vom</Computer>
<Security UserID=»S-1-5-18″ />
</System>
<EventData>
<Data Name=»ExitCode»>-2145647630</Data>
<Data Name=»ServerErrorMessage»>empty</Data>
<Data Name=»TenantName»>joinMode: Join
drsInstance: azure
registrationType: sync
tenantType: managed
tenantId: bccc61400-f9c38-49c49-8caf-cc24
configLocation: undefined
errorPhase: join
adalCorrelationId: undefined
adalLog: undefined
adalLog: undefined
adalResponseCode: 0x0
</Data>
</EventData>
</Event> -
Run this Powershell command on each of the clients:
Get-ScheduledTask
*-join | Unregister-ScheduledTask -Confirm:$FalseShould work on W10/server 2012/2016/2019.
Ciao,
Claudio
MCSA, MCSE, MCT, MCITP:EA
-
This PowerShell command will disable the scheduled task
disable-scheduledtask -taskpath «\Microsoft\Windows\Workplace Join» -taskname Automatic-Device-Join
-
Proposed as answer by
KWJ76
Wednesday, December 18, 2019 8:17 PM
-
Proposed as answer by
-
#1
Добрый день, заметил в логах windows server 2019 ошибки с кодами 304 и 307, источник события User Device Registration.
Automatic registration failed at join phase.
Exit code: Unknown HResult Error code: 0x801c001d
Server error:
Tenant type: undefined
Registration type: undefined
Debug Output:
joinMode: Join
drsInstance: undefined
registrationType: undefined
tenantType: undefined
tenantId: undefined
configLocation: undefined
errorPhase: discover
adalCorrelationId: undefined
adalLog:
undefined
adalResponseCode: 0x0
и вторая ошибка
Automatic registration failed. Failed to lookup the registration service information from Active Directory. Exit code: Unknown HResult Error code: 0x801c001d.
Регистрация сервера {4991D34B-80A1-4291-83B6-3328366B9097} DCOM не выполнена за отведенное время ожидания.
Подскажите из-зи чего ошибки ?? С виду все работает
-
#2
Еще подозрительные предупреждения обнаружил
Поставщик DMWmiBridgeProv1 зарегистрирован в пространстве имен root\cimv2\mdm\dmmap инструментария управления Windows и будет использовать учетную запись LocalSystem. Она обладает повышенными привилегиями, поэтому, если поставщик некорректно олицетворяет запросы пользователей, безопасность может оказаться под угрозой.
——
Служба «Update Orchestrator Service» завершена из-за ошибки
Возврат из операции произошел из-за превышения времени ожидания.
-
#3
Руководство по Настройке гибридного присоединения к Azure Active Directory для федеративных доменов
Эти коды событий возникают, когда инфраструктура не готова к гибридному соединению. Когда устройство пытается выполнить гибридное соединение, регистрация завершается неудачно, и события регистрируются.
-
#4
я понял, короче это норма. А по другой ошибке подскажете ?
- Remove From My Forums
-
Question
-
hi All,
it has been highlighted in our environment that «Windows 10 devices are trying to register to Azure AD and failing«.
we have Azure AD (infra) configured but we don’t want to register our Windows 10 devices, which are on-prem AD joined to register to Azure AD.
do anyone know what is causing this error? and how to stop devices trying to register to azure AD.
Here is the screenshot of the error event:
Thanks in advance.
All replies
-
I am not sure about the error, but has someone set a GPO to automatically register the machines? I would do a gpresult /scope computer /h gpresult.html one of the machines and see if there has been a GPO set.
The GPO can be found at Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration. Right-click Register domain-joined computers as devices or Computer Configuration > Policies > Administrative
Templates > Windows Components > Workplace Join > Automatically workplace join client computers -
Thanks for your reply Nick.
The problem is that I have already set «Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration. Right-click Register domain-joined computers as devices
» as DisabledAlso, I can’t find Computer Configuration > Policies > Administrative Templates > Windows Components > Workplace Join > Automatically workplace join client computers
-
Automatically workplace join client computers is older. It doesn’t matter.
Can you do a gpresult like mentioned above to see that it isn’t picking up a GPO from somewhere else to automatically register? And that it is picking up your disabled GPO.
-
Sorry my bad. I realised that after I posted my comment. Thanks for highlighting that.
The policy where I have disabled (Computer Configuration > Policies > Administrative Templates > Windows Components > Device Registration. Right-click Register
domain-joined computers as devices)is getting deployed. I am currently checking all the other policies that are currently deployed to the windows 10 devices.
But I have noticed on these devices that:
- the scheduled task (Automatic-Device-Join) is disabled
2) The Registry value (AutoWorkplacejoin) = 0)
-
Also, confirmed that in all the other GPOs (applied to windows 10 devices), this setting is not configured
-
-
Proposed as answer by
Sunday, April 9, 2017 5:35 AM
-
Proposed as answer by
-
I experience the same issue. We want to prevent our WS2016 Servers from Azure AD join. Even when Register
domain-joined computers as devices is disabled they continue with Azure AD domain join. I have noticed they do it even after policy is disabled and i do gpupdate. For the moment i could say this happens when RDH role is installed on servers. -
Anyone find a solution for this?
Having the same problem with Windows Server 2016 LTSB.
GPO applied.
Task Scheduler shows the task disabled, but history continues to log the task executing, then being disabled again.
Events 304 and 307 keep occurring.
There’s no place like 127.0.0.1
-
Any solution so far for this?
Have the same Problem with Windows 10 1803 Clients US-version…no problem on DE-versions!
-
Same issue here… does anyone have a solution?
I also get the message in Eventlog:
«Error: ‘invalid_tenant’ Description: ‘Tenant <domainname.local.com> not found. This may happen if there are no active subscriptions for the tenant. Check with your subscription administrator’. TraceId: {ebf91047-a1a6-48f2-81ef-fe13c8dac807}»
-
anyone have any luck in stopping devices from registering with azure?
-
Setting the GPO to Disabled does not stop me from seeing the event log messages where it is trying to do something. I do not want my servers to even try to reach out to Azure AD so can this be stopped?
Computer Configuration (Enabled)hide
Administrative Templateshide
Policy definitions (ADMX files) retrieved from the central store.
Windows Components/Device Registrationhide
Policy Setting Comment <span gpmc_settingdescription=»This setting lets you configure how domain joined computers become registered as devices. When you enable this setting, domain joined computers automatically and silently get registered as devices with Azure Active Directory.
Note: Additional requirements may apply on certain Windows SKUs. Refer to Azure Active Directory Device Registration Overview.
http://go.microsoft.com/fwlink/?LinkId=307136
» gpmc_settingname=»Register domain joined computers as devices» gpmc_settingpath=»Computer Configuration/Administrative Templates/Windows Components/Device Registration» gpmc_supported=»At least Windows Server 2012 R2 or Windows
8.1″ tabindex=»0″>Register domain joined computers as devicesDisabled -
Log Name: Microsoft-Windows-User Device Registration/Admin
Source: Microsoft-Windows-User Device Registration
Date: 7/15/2019 1:32:16 PM
Event ID: 304
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: TESTxxx.xxx.com
Description:
Automatic registration failed at join phase. Exit code: Unknown HResult Error code: 0x801c03f2. Server error: empty. Debug Output:\r\n joinMode: Join
drsInstance: azure
registrationType: sync
tenantType: managed
tenantId: bx1400-f938-4×49-xx
configLocation: undefined
errorPhase: join
adalCorrelationId: undefined
adalLog: undefined
adalLog: undefined
adalResponseCode: 0x0
.
Event Xml:
<Event xmlns=»http://schemas.microsoft.com/win/2004/08/events/event»>
<System>
<Provider Name=»Microsoft-Windows-User Device Registration» Guid=»{2xxxx-67xD-4xA3-xx36-D43E5xx5″ />
<EventID>304</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime=»2019-07-15T18:32:16.062888600Z» />
<EventRecordID>358</EventRecordID>
<Correlation />
<Execution ProcessID=»3572″ ThreadID=»3576″ />
<Channel>Microsoft-Windows-User Device Registration/Admin</Channel>
<Computer>TESTxxxx.xxx.vom</Computer>
<Security UserID=»S-1-5-18″ />
</System>
<EventData>
<Data Name=»ExitCode»>-2145647630</Data>
<Data Name=»ServerErrorMessage»>empty</Data>
<Data Name=»TenantName»>joinMode: Join
drsInstance: azure
registrationType: sync
tenantType: managed
tenantId: bccc61400-f9c38-49c49-8caf-cc24
configLocation: undefined
errorPhase: join
adalCorrelationId: undefined
adalLog: undefined
adalLog: undefined
adalResponseCode: 0x0
</Data>
</EventData>
</Event> -
Run this Powershell command on each of the clients:
Get-ScheduledTask
*-join | Unregister-ScheduledTask -Confirm:$FalseShould work on W10/server 2012/2016/2019.
Ciao,
Claudio
MCSA, MCSE, MCT, MCITP:EA
-
This PowerShell command will disable the scheduled task
disable-scheduledtask -taskpath «\Microsoft\Windows\Workplace Join» -taskname Automatic-Device-Join
-
Proposed as answer by
KWJ76
Wednesday, December 18, 2019 8:17 PM
-
Proposed as answer by
I just noticed something this week when I built another 2019 VM, this time I changed my build procedure by disabling the Scheduled Task PRIOR to moving the server to the Member Servers OU and this time after multiple reboots, the task is still disabled…so it probably has something to do with one of the multitude of GPOs that are assigned that’s causing it to either get re-enabled or prohibits me from disabling a system created scheduled task.
I built it on Tuesday (11th):
1 found this helpful
thumb_up
thumb_down
Windows server. User Device Registration Error Event ID 304 / 307. Automatic registration failed at join phase.
Оглавление
Инцидент
Лог сервера забит ошибками 304 и 307 “USER DEVICE REGISTRATION”, Automatic registration failed at join phase:
Решение
Открываете планировщик заданий taskschd.msc, спускаетесь до \Microsoft\Windows\Workplace Join и отключаете задание Automatic-Device-Join
Ссылки
Windows Server 2016 – User Device Registration Error Event ID 304 / 307