Hi @Andreas
Regarding your question about the UPN, you are correct that logging in with a UPN that is not synced to Azure AD might cause issues with the device registration process. It is recommended to use a UPN that is synced to Azure AD for logging in to the affected machines.
The error code OxCAAA9006 indicates a failure in acquiring a token via the WS-Trust flow it may causes problem with the federation server in a Hybrid Azure AD join configuration or might be the network issue preventing the device from reaching the Domain controller.
if you are using Hybrid Azure AD join with a federated environment could check the authentication logs in the federation server and share to us.
https://learn.microsoft.com/en-us/entra/identity/devices/troubleshoot-hybrid-join-windows-current#other-errors-1
Event ID 1097 is an error that indicates Group Policy processing has failed because Windows could not determine the computer account to enforce Group Policy settings. for more details, please refer Event ID 1097 and Event ID 1098
Hope this helps. Do let us know if you any further queries.
Thanks,
Akhilesh.
If this answers your query, do click Accept Answer
and Yes
for was this answer helpful. And, if you have any further query do let us know.