4

User is logged in (Windows 10) and connected to Azure AD, but can't setup any software since administrator account is required. When I try to use admin account, like I do in other desktops, I get the following error on logs (Azure): "50155 Device authentication failed" and "Wrong user or password" on the desktop.

On other devices it works fine, but not on this one.

Vixed
  • 3,429
  • 5
  • 37
  • 68

1 Answers1

0

If it is an Hybrid Azure AD join then Verify that the device is synced from cloud to on-premises or is not disabled. Sync cycles may be delayed since it syncs the Key after the object is synced.

If it is only Azure AD join kindly remove the device from Azure AD and try joining back then check whether you were receiving error message again. If you have any further queries kindly let me know.

Thirgiftthub - MSFT Identity
  • 591
  • 3
  • 7
  • The think is that I can't see the devices at all on Azure. This seems to happen with just two of our 30 devices. – Vixed Sep 22 '20 at 12:36
  • Kindly check dsregcmd /status. If Azure AD join is Yes then it is joined to Azure AD and you will be able to see in Azure Portal. If it is No - then go to settings and try join the machine to Azure AD. The user account that used to join the device to Azure AD will be administrator for that Machine. Kindly let me know if you have any further queries – Thirgiftthub - MSFT Identity Sep 29 '20 at 12:58
  • The answer is YES, but still can't see it on portal. – Vixed Sep 29 '20 at 13:05
  • Check whether Domain Join is Yes . If domain join and Azure AD is yes then we have to check for PRT status. If Domain join is NO. Then kindly remove the device from the Azure AD by going to settings and remove it. Then again try joining it to Azure AD. – Thirgiftthub - MSFT Identity Sep 29 '20 at 13:08
  • Can't logout since the device have no local user. – Vixed Sep 29 '20 at 13:16
  • To re-register hybrid Azure AD joined Windows 10 and Windows Server 2016/2019 devices, take the following steps: Open the command prompt as an administrator. Enter dsregcmd.exe /debug /leave. Sign out and sign in to trigger the scheduled task that registers the device again with Azure AD. For Azure AD join only devices Enter dsregcmd /forcerecovery (Note: You need to be an administrator to perform this action).Click "Sign in" in the dialog that opens up and continue with the sign in process. Sign out and sign in back to the device to complete the recovery. – Thirgiftthub - MSFT Identity Sep 29 '20 at 13:22
  • For pure azure Ad join device you can directly go to Settings > Accounts > Access Work or School. Select your account and select Disconnect. Follow the prompts and provide the local administrator credentials when prompted. Reboot the device to finish the unjoin process. – Thirgiftthub - MSFT Identity Sep 29 '20 at 13:24
  • I don't have, don't know the local administrator account, normally I use the azure admin account which is not working on that PC. – Vixed Sep 29 '20 at 13:31
  • Kindly try with Global administrator account. – Thirgiftthub - MSFT Identity Sep 29 '20 at 13:36
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/222241/discussion-between-thirgiftthub-msft-identity-and-vixed). – Thirgiftthub - MSFT Identity Sep 29 '20 at 13:36