My current issue is to have Hybrid Microsoft Entra ID Join enabled in the environment. I have .net 4.8 and the latest version of Entra Connect Sync. Federation is being leveraged by Okta. AD Schema is 2016. The account has Hybrid Identity Administrator roles in Entra. When I go to configure Hybrid Microsoft Entra ID join - We are using Windows 10 or later domain joined devices and these are including in domain and ou filtering for synchronization. SCP configuration shows correct forest and using the domain as the authentication service. I input creds for enterprise admin level account. The containers in AD for Device Registration have the correct permissions for full control for that account. But I get the following:
[09:30:20.449] [ 7] [INFO ] Authenticate-MSAL: successfully acquired an access token. TenantID=#^&@^&$@-$&^#$@&&$@-$^%^#$&&#-$%&^%&#$*, ExpiresUTC=11/21/2024 4:33:07 PM +00:00, UserInfo=williamt@blah.com, IdentityProvider=login.windows.net.
[09:30:20.449] [ 7] [INFO ] Successfully aquired graph token.
[09:30:20.532] [ 7] [INFO ] DeviceHybridScpPage: Azure AD has 1 federated domains.
[09:30:20.534] [ 7] [INFO ] MsolDomainExtensions: Getting federation name for domain blah.com
[09:30:20.621] [ 7] [INFO ] MsolDomainExtensions: Federation name is blah.okta.com
[09:30:20.623] [ 7] [INFO ] DeviceHybridScpPage: GetConfiguredForests()
[09:30:20.623] [ 7] [INFO ] DeviceHybridScpPage: Checking device configuration for forest - blah.blahblah.com
[09:30:20.626] [ 7] [INFO ] ADDeviceConfigurationProvider: Checking device configuration for forest - blah.blahblah.com
[09:30:20.747] [ 7] [INFO ] ADDeviceConfigurationProvider: Getting configurationNamingContext from DC - SIADPC02.blah.blahblah.com
[09:30:20.757] [ 7] [INFO ] ADDeviceConfigurationProvider: Checking servicesContainerPath - LDAP://SIADPC02.blah.blahblah.com/CN=Services,CN=Configuration,DC=scc,DC=aaic,DC=com
[09:30:20.757] [ 7] [INFO ] ADDeviceConfigurationProvider: Checking drsContainerPath - LDAP://SIADPC02.blah.blahblah.com/CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=scc,DC=aaic,DC=com
[09:30:20.765] [ 7] [INFO ] ADDeviceConfigurationProvider: Checking scpObjectPath - LDAP://SIADPC02.blah.blahblah.com/CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,DC=scc,DC=aaic,DC=com
[09:30:20.773] [ 7] [INFO ] ADDeviceConfigurationProvider: Checking scpObject keywords attribute
[09:30:20.837] [ 7] [INFO ] ADDeviceConfigurationProvider: Returning keywords with property values
[09:30:20.837] [ 7] [INFO ] DeviceHybridScpPage: Forest has device configuration with 2 keywords
[09:30:20.837] [ 7] [INFO ] DeviceHybridScpPage: Checking keyword = azureADId:
[09:30:20.837] [ 7] [INFO ] DeviceHybridScpPage: Checking keyword = azureADName:blah.onmicrosoft.com
[09:30:20.837] [ 7] [INFO ] DeviceHybridScpPage: Forest does not have valid configuration - blah.blahblah.com
[09:30:20.838] [ 7] [INFO ] DeviceHybridScpPage: CreateScpScript()
[09:30:20.839] [ 7] [INFO ] DeviceHybridScpPage: Creating script at - C:\ProgramData\AADConnect\ConfigureSCP.ps1
[09:37:59.386] [ 1] [INFO ] DeviceHybridScpPage: PromptForCredentials()
[09:37:59.386] [ 1] [INFO ] DeviceHybridScpPage: Get credentials for selected forest: blah.blahblah.com
[09:38:25.724] [ 1] [ERROR] A terminating unhandled exception occurred.
Exception Data (Raw): System.ComponentModel.Win32Exception (0x80004005): The implementation is not capable of performing the request
at Microsoft.Online.Deployment.Framework.UI.Dialogs.CredentialsDialog.ShowDialog(IWin32Window owner)
at Microsoft.Online.Deployment.Framework.UI.Dialogs.CredentialsDialog.Show()
at Microsoft.Online.Deployment.OneADWizard.UI.WizardPages.DeviceHybridScpPageViewModel.PromptForCredentials(Object obj)
at MS.Internal.Commands.CommandHelpers.CriticalExecuteCommandSource(ICommandSource commandSource, Boolean userInitiated)
at System.Windows.Controls.Primitives.ButtonBase.OnClick()
at System.Windows.Controls.Button.OnClick()
at System.Windows.Controls.Primitives.ButtonBase.OnMouseLeftButtonUp(MouseButtonEventArgs e)
at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
at System.Windows.UIElement.ReRaiseEventAs(DependencyObject sender, RoutedEventArgs args, RoutedEvent newEvent)
at System.Windows.UIElement.OnMouseUpThunk(Object sender, MouseButtonEventArgs e)
at System.Windows.RoutedEventArgs.InvokeHandler(Delegate handler, Object target)
at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs routedEventArgs)
at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args)
at System.Windows.UIElement.RaiseTrustedEvent(RoutedEventArgs args)
at System.Windows.Input.InputManager.ProcessStagingArea()
at System.Windows.Input.InputManager.ProcessInput(InputEventArgs input)
at System.Windows.Input.InputProviderSite.ReportInput(InputReport inputReport)
at System.Windows.Interop.HwndMouseInputProvider.ReportInput(IntPtr hwnd, InputMode mode, Int32 timestamp, RawMouseActions actions, Int32 x, Int32 y, Int32 wheel)
at System.Windows.Interop.HwndMouseInputProvider.FilterMessage(IntPtr hwnd, WindowMessage msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at System.Windows.Interop.HwndSource.InputFilterMessage(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at MS.Win32.HwndWrapper.WndProc(IntPtr hwnd, Int32 msg, IntPtr wParam, IntPtr lParam, Boolean& handled)
at MS.Win32.HwndSubclass.DispatcherCallbackOperation(Object o)
at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Int32 numArgs, Delegate catchHandler)
[09:38:25.746] [ 1] [INFO ] Page transition from "SCP" [DeviceHybridScpPageViewModel] to "Error" [ErrorPageViewModel]
[09:38:25.748] [ 1] [INFO ] DeviceHybridScpPage.OnUnload: Selected forest - blah.blahblah.com
[09:38:25.748] [ 1] [INFO ] DeviceHybridScpPage.OnUnload: Selected provider - aaic.okta.com
[09:38:25.748] [ 1] [INFO ] DeviceHybridScpPage.OnUnload: AzureADName - blah.com
[09:38:25.748] [ 1] [INFO ] DeviceHybridScpPage.OnUnload: AzureADId - 913fbd77-c6ce-445c-ac55-0256bc3a3e1e
[09:38:25.748] [ 1] [INFO ] DeviceHybridScpPage.OnUnload: IsDeviceAuthFederated - True
[09:41:45.277] [ 1] [INFO ] Opened log file at path C:\ProgramData\AADConnect\trace-20241121-092815.log
Any ideas to resolve this would be greatly appreciated. I have run through every troubleshooting step I can find.