Autopilot Hybrid AD Join - Incompatible with Enable Automatic MDM Enrollment GPO?

Taylor Artunian 171 Reputation points
2020-11-27T18:00:10.057+00:00

I am having an issue with the "Account Setup - Joining your organization's network" portion of Autopilot deployment.

Just like this Technet post, I am getting a 204 and 304 event in the User Device Registration log, the only difference is that they were trying to disable automatic enrollment via GPO and we have it enabled. Is this GPO incompatible with Autopilot?

The 304 error says that "The device object with the given id {id} is not found. I went and looked at the AAD device id and it is in fact different. The device was deleted from AD, AAD and Intune before beginning deployment with a Windows 10 USB.

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
407 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,244 questions

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jason Sandys 31,151 Reputation points Microsoft Employee
    2020-11-30T19:55:35.567+00:00

    What you are seeing is normal and expected to my knowledge as the device is already enrolled in Intune long before the group policy applies.

    Are you actually experiencing an issue?

    0 comments
  2. Taylor Artunian 171 Reputation points
    2020-12-01T01:47:52.397+00:00

    Thank you for the replies. I have since moved my Autopilot devices to a new OU with no GPO's and changed both the Domain Join profile and AAD Connect to include the new OU and am still encountering the same issue.

    During user ESP the install process hangs on "Joining Your Organization's Network". Looking at the logs, the device appears to try 3 times to run the Automatic-Device-Join task before giving up, each time generating the 304 and 204 events with the 0x801c03f3 error: 

    Automatic registration failed at join phase. 
Exit code: Unknown HResult Error code: 0x801c03f3 
Server error: The device object by the given id (e2f251bb-c6e1-4378-b65a-f8dfd1622ba9) is not found. 
Tenant type: Managed 
Registration type: sync 
Debug Output: 
joinMode: Join
drsInstance: azure
registrationType: sync
tenantType: Managed
tenantId: 235907c4-a81a-4ff8-80a3-32d8a3730c36
configLocation: undefined
errorPhase: join
adalCorrelationId: 62693e8a-a008-48c2-8d47-5335f93eaeae
adalLog:
undefined
adalResponseCode: 0x0

    I have two devices which are doing this and I think they may be caused by separate issues.

    On one device, if I manually start the Automatic-Device-Join after ensuring that the AD object has been synced to AAD, the ESP completes fine (though the Autopilot device only shows an Associated Intune device while the Associated Azure AD device shows N/A).

    I have another device that won't get past the same "Joining Your Organization's Network" step despite it having resolved the 204 and 304 Device Join errors on its own. To make it more confusing, the corresponding AAD device has a DeviceID which is different from the one that the device is looking for and different from the AD ObjectGUID. The AD connect sync rules are stock so the AAD DeviceID should be the ObjectGUID.

    I think I may need to go the support ticket route since this is looking like multiple issues. Thanks.