Can't do Azure AD Hybrid Join - help needed

John Q 11 Reputation points

I am simply trying to get Azure AD Hybrid join to work so I can manage our laptops via Azure InTune.
We have an on-prem AD and we use Okta for our authentication of users to Azure/O365.
The lack of details and support form both vendors is astounding and only thing holding us back from giving people our money.

I ran the configuration in Azure AD Connect client to do device joining and the SCP page gave me 2 options: or Azure AD. I chose the Okta one. Nothing else stood out as odd in the wizard.

Thereafter I'm still not sure what to do. I check my computer's event logs and it gives me this error under Applications and Service Logs > Microsoft > Windows > User Device Registration > Admin:

Automatic registration failed at authentication phase. Unable to acquire access token.
Exit code: Unknown HResult Error code: 0x801c0515
Tenant Name:
Tenant Type: Federated
Server error:
AdalMessage: ADALUseWindowsAuthenticationTenant failed, unable to preform integrated auth
AdalErrorCode: 0x2ee6
AdalCorrelationId: undefined
AdalLog: HRESULT: 0x2ee6
AdalLog: HRESULT: 0x2ee6
AdalLog: HRESULT: 0x2ee6
AdalLog: AggregatedTokenRequest::GetAppliesTo: using resource ID "urn:federation:MicrosoftOnline" for authority "". ; HRESULT: 0x0
AdalLog: AggregatedTokenRequest::UseWindowsIntegratedAuth- received realm info ; HRESULT: 0x0
AdalLog: HRESULT: 0x4aa90010
AdalLog: AggregatedTokenRequest::UseWindowsIntegratedAuth w Tenant ; HRESULT: 0x0
AdalLog: AggregatedTokenRequest::AcquireToken- returns false ; HRESULT: 0x0
AdalLog: AggregatedTokenRequest::AcquireToken- refresh token is not available ; HRESULT: 0x0
AdalLog: AggregatedTokenRequest::AcquireToken get refresh token info ; HRESULT: 0x0
AdalLog: Authority validation is completed ; HRESULT: 0x0
AdalLog: Authority validation is enabled ; HRESULT: 0x0
AdalLog: Token is not available in the cache ; HRESULT: 0x0

Microsoft Entra
{count} votes