Share via

Error 0x80070088 While Enrolling in Microsoft Endpoint Manager

HWhite 1 Reputation point
2022-12-14T18:38:23.03+00:00

I am attempting to set up GPO enrollment (User credential) for Hybrid Azure AD joined windows devices, but am running into 2 main problems. I can get the devices to enroll no problem off of a fresh windows installation on a test PC. However, when I attempt to enroll devices that have been Azure AD registered previously (I removed the registration before attempting to enroll) I am unable to get the device to enroll and get the following error:

Error 0x80070088 "Auto MDM Enroll: Device Credential (0x1), Failed (The system tried to delete the JOIN of a drive that is not joined" while attempting to enroll a laptop into Microsoft Endpoint Manager.

My understanding of this error is that the device is not able to register because the laptop is not Hybrid Azure AD registered fully. The main issue with this is that I can't get the devices that have previously been Azure AD registered to Hybrid AD join through Azure AD Connect on our DC. When I try to do so, the PC is will show in azure devices as pending.

Running dsregcmd /status gives me error 0x801c03f3 which seems to be suggest that the registration is looking for a device object but cannot find it. The device ID that it is trying to find matches the device ID that is shown as pending in Azure. This is where I am currently stuck trying to figure out how to resolve the error.

The system I am currently trying to enroll is a Microsoft Surface Laptop 3 running OS version 21h1.

Any help is appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator
    2022-12-23T10:17:24.063+00:00

    Hello @HWhite

    Kindly try the following:

    • Validate if the device is part of the OU you are trying to sync. If the computer objects belong to specific organizational units (OUs), configure the OUs to sync in Azure AD Connect. To learn more about how to sync computer objects by using Azure AD Connect, see Organizational unit–based filtering
    • Once added kindly run Start-ADSyncSyncCycle -PolicyType Delta in admin PowerShell.
    • Apart from this try dsregcmd /join and see if you are able to do AAD join (this would help in validating if AAD endpoints are reachable).

    Thanks,
    Akshay Kaushik

    Please "Accept the answer", "Upvote" and rate your experience if the suggestion works as per your business need. This will help us and others in the community as well.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.