We are running instant clone Win 10 1909 environment with hybrid AD joined devices and have begun to see periodic instances where a given device fails to authenticate with AAD/AD FS, but when the user signs into a different VM, it works fine. The O365 components of the desktop fail to activate (unable to aquire a license and activate) . The event log shows that hybrid AD join is successful and the user PRT is issued, the problem seems to lie when the application requests an access or refresh token frrom the PRT. The logs in AAD > Operational show:
Error: 0xCAA5001C Token broker operation failed.
Operation name: GetTokenSilently, Error: -895025142 (0xcaa7000a), Description: The Internet connection has timed out.
Logged at webaccountprocessor.cpp, line: 593, method: AAD::Core::WebAccountProcessor::ReportOperationError.
Error: 0xCAA7000A The Internet connection has timed out.
Exception of type 'class HttpException' at xmlhttpwebrequest.cpp, line: 171, method: XMLHTTPWebRequest::ReceiveResponse.
Log: 0xcaa90051 Sending OAuth request failed.
Logged at oauthtokenrequestbase.cpp, line: 237, method: OAuthTokenRequestBase::SendRequest.
Error: 0xCAA7000A The Internet connection has timed out.
Code: authentication_failed
Description: The Internet connection has timed out.
TokenEndpoint: https://login.microsoftonline.com/common/oauth2/token
Logged at oauthtokenrequestbase.cpp, line: 237, method: OAuthTokenRequestBase::SendRequest.
The internet connection appears to be fine - we use zScaler with ADFS to authenticate and a .pac file on the desktop. Note - during Startup we perform dsregcmd /join - so the internet connection is required there and when the user logs in the second /join takes place and this is succesful, so something is causing the oAuth mechanism for the 365 apps to fail -any ideas how we troubleshoot this or what else to try and make this work?
Again, this only happens on some VM's - it's not consistent on the device name either, it can be any random VM and any random user.
Dave