not able to connect to vm with 365 credentialsTried to do a "dsregcmd /join" to revert but it kicks back and error

Question

not able to connect to vm with 365 credentialsTried to do a "dsregcmd /join" to revert but it kicks back and error

Sunshine Admin 60

I was trouble shooting an issue with my terminal server and copilot had me do a "dsregcmd /leave", and now my users can't login with thier 365 credemtails anymore. Tried to do a "dsregcmd /join" to revert but it kicks back and error

C:\Users\DBadmin>dsregcmd /join /debug

DsrCLI: logging initialized.

DsrCmdJoinHelper::Join: ClientRequestId: 83f

PreJoinChecks Complete.

preCheckResult: DoNotJoin

deviceKeysHealthy: undefined

isJoined: undefined

isDcAvailable: NO

isSystem: YES

keyProvider: undefined

keyContainer: undefined

dsrInstance: undefined

elapsedSeconds: 0

resultCode: 0x1

The device can NOT be joined because a domain controller could not be located.

VEMULA SRISAI 9,820 Reputation points Microsoft External Staff Moderator

2026-02-19T19:47:54.03+00:00
Hello Sunshine Admin,

This issue occurred because the terminal server was previously Hybrid Microsoft Entra ID joined, and running dsregcmd /leave removed the device’s Entra ID registration.

When you attempted to rejoin using dsregcmd /join, Windows tried to perform a Hybrid Join, which requires line‑of‑sight to an on‑premises Active Directory domain controller. The error confirms the root cause:

isDcAvailable : NO The device can NOT be joined because a domain controller could not be located

Since the server cannot currently locate a domain controller (DNS, network connectivity, or broken secure channel), Hybrid Join cannot complete. As a result, users are unable to sign in using Microsoft 365 credentials.

What needs to be done:

Verify the server is still domain‑joined.

Ensure DNS is pointing only to Active Directory domain controllers.

Confirm DC connectivity:
nltest /dsgetdc:<domain>

If the secure channel is broken, repair it or rejoin the server to the domain.

Once DC connectivity is restored, rerun:
dsregcmd /join
and reboot the server.

dsregcmd /join

and reboot the server.

Hybrid Entra ID Join cannot succeed without domain controller connectivity, so restoring AD communication is required before Microsoft 365 sign‑in will work again.
Sunshine Admin 60 Reputation points

2026-02-19T20:01:04.3133333+00:00
AzureAdJoined : NO EnterpriseJoined : NO DomainJoined : NO

Tried the join command and reboot but didn't do anything
VEMULA SRISAI 9,820 Reputation points Microsoft External Staff Moderator

2026-02-19T20:25:12.76+00:00
Sunshine Admin Thank you for sharing the latest output. This clarifies the situation.

AzureAdJoined : NO EnterpriseJoined : NO DomainJoined : NO

This confirms that the server is no longer domain‑joined. Once dsregcmd /leave was executed, the device lost both its Hybrid Microsoft Entra ID registration and its Active Directory domain trust.

At this stage, dsregcmd /join will not work because:

Hybrid Entra ID Join requires the device to already be domain‑joined

Since DomainJoined : NO, Windows cannot locate or authenticate against a domain controller, so the join process never starts Why Microsoft 365 sign‑in is failing

Microsoft 365 (Entra ID) sign‑in on a server relies on Hybrid Entra ID Join, which depends on:

Active Directory domain membership

A healthy secure channel to a domain controller

Because the server is currently workgroup‑joined, Microsoft 365 credentials cannot be used for login.

The solution is

Rejoin the server to Active Directory

You must first rejoin the server to the on‑premises domain using local administrator credentials:

Join the server to the domain via:

System Properties, or

PowerShell:

PowerShell Add-Computer -DomainName <domain> -Restart Show more lines

Reboot when prompted

After reboot, verify:

DomainJoined : YES

2.Verify domain connectivity:

Confirm the server can locate a domain controller:

BAT

nltest /dsgetdc:<domain>

Show more lines

Ensure DNS is pointing only to Active Directory DNS servers.

3.Re-register Hybrid Entra ID Join

Once domain‑joined and DC connectivity is restored, run:

BAT

dsregcmd /join

Show more lines

Then reboot again.

Final expected state:

DomainJoined : YES EnterpriseJoined : YES AzureAdJoined : YES
Sunshine Admin 60 Reputation points

2026-02-19T20:44:40.2133333+00:00

this isn't on prem, it is in azure
VEMULA SRISAI 9,820 Reputation points Microsoft External Staff Moderator

2026-02-19T21:00:19.0666667+00:00

Sunshine Admin could you please check private message for further assistance.
Sunshine Admin 60 Reputation points

2026-02-19T23:16:21.2233333+00:00

dude disappeared on me, but i really need this fixed!
VEMULA SRISAI 9,820 Reputation points Microsoft External Staff Moderator

2026-02-20T01:34:57.8533333+00:00
Sunshine Admin could you please try the below steps once to get issue resolved:

Enable Entra ID Login

In Azure Portal → VM → Settings → Login with Microsoft Entra ID, make sure it’s turned ON.

Verify Extension

Go to Extensions + applications.

Confirm AADLoginForWindows shows Provisioning succeeded.

If not, uninstall and reinstall the extension.

The AADLoginForWindows extension must install successfully in order for the VM to complete the Azure AD join process. This is a critical step to troubleshoot if you are unable to RDP Azure VM using AAD credentials.

Here you should see the AADLoginForWindows extension. The status of this extension must be Provisioning succeeded

If the AADLoginForWindows extension fails to install, you must always make a note of the exit code. The failed AADLoginForWindows extension should have the following exit codes.

AADLoginForWindows extension fails to install with terminal error code ‘1007’ and exit code: -2145648574.

AADLoginForWindows extension fails to install with Exit code: -2145648607

AADLoginForWindows extension fails to install with Exit code: 51

Each of these exit codes have a unique solution. You can refer to this excellent AADLoginForWindows extension troubleshooting guide

Assign RBAC Roles Azure Portal > Virtual machines > Access control (IAM) >Add >Add role assignment:

Add the below roles : Virtual Machine Administrator Login

Virtual Machine User Login

Use Correct Login Format

For RDP, use:

AzureAD******@domain.com
Sunshine Admin 60 Reputation points

2026-02-20T02:25:53.58+00:00

Answer accepted by question author

0 additional answers

Your answer

VEMULA SRISAI 9,820 Reputation points Microsoft External Staff Moderator

2026-02-19T19:47:54.03+00:00

Hello Sunshine Admin,

This issue occurred because the terminal server was previously Hybrid Microsoft Entra ID joined, and running dsregcmd /leave removed the device’s Entra ID registration.

When you attempted to rejoin using dsregcmd /join, Windows tried to perform a Hybrid Join, which requires line‑of‑sight to an on‑premises Active Directory domain controller. The error confirms the root cause:

isDcAvailable : NO The device can NOT be joined because a domain controller could not be located

Since the server cannot currently locate a domain controller (DNS, network connectivity, or broken secure channel), Hybrid Join cannot complete. As a result, users are unable to sign in using Microsoft 365 credentials.

What needs to be done:

Verify the server is still domain‑joined.

Ensure DNS is pointing only to Active Directory domain controllers.

Confirm DC connectivity:
nltest /dsgetdc:<domain>

If the secure channel is broken, repair it or rejoin the server to the domain.

Once DC connectivity is restored, rerun:
dsregcmd /join
and reboot the server.

dsregcmd /join

and reboot the server.

Hybrid Entra ID Join cannot succeed without domain controller connectivity, so restoring AD communication is required before Microsoft 365 sign‑in will work again.
Sunshine Admin 60 Reputation points

2026-02-19T20:01:04.3133333+00:00

AzureAdJoined : NO EnterpriseJoined : NO DomainJoined : NO

Tried the join command and reboot but didn't do anything
VEMULA SRISAI 9,820 Reputation points Microsoft External Staff Moderator

2026-02-19T20:25:12.76+00:00

Sunshine Admin Thank you for sharing the latest output. This clarifies the situation.

AzureAdJoined : NO EnterpriseJoined : NO DomainJoined : NO

This confirms that the server is no longer domain‑joined. Once dsregcmd /leave was executed, the device lost both its Hybrid Microsoft Entra ID registration and its Active Directory domain trust.

At this stage, dsregcmd /join will not work because:

Hybrid Entra ID Join requires the device to already be domain‑joined

Since DomainJoined : NO, Windows cannot locate or authenticate against a domain controller, so the join process never starts Why Microsoft 365 sign‑in is failing

Microsoft 365 (Entra ID) sign‑in on a server relies on Hybrid Entra ID Join, which depends on:

Active Directory domain membership

A healthy secure channel to a domain controller

Because the server is currently workgroup‑joined, Microsoft 365 credentials cannot be used for login.

The solution is

Rejoin the server to Active Directory

You must first rejoin the server to the on‑premises domain using local administrator credentials:

Join the server to the domain via:

System Properties, or

PowerShell:

PowerShell Add-Computer -DomainName <domain> -Restart Show more lines

Reboot when prompted

After reboot, verify:

DomainJoined : YES

2.Verify domain connectivity:

Confirm the server can locate a domain controller:

BAT

nltest /dsgetdc:<domain>

Show more lines

Ensure DNS is pointing only to Active Directory DNS servers.

3.Re-register Hybrid Entra ID Join

Once domain‑joined and DC connectivity is restored, run:

BAT

dsregcmd /join

Show more lines

Then reboot again.

Final expected state:

DomainJoined : YES EnterpriseJoined : YES AzureAdJoined : YES
Sunshine Admin 60 Reputation points

2026-02-19T20:44:40.2133333+00:00

this isn't on prem, it is in azure
VEMULA SRISAI 9,820 Reputation points Microsoft External Staff Moderator

2026-02-19T21:00:19.0666667+00:00

Sunshine Admin could you please check private message for further assistance.
Sunshine Admin 60 Reputation points

2026-02-19T23:16:21.2233333+00:00

dude disappeared on me, but i really need this fixed!
VEMULA SRISAI 9,820 Reputation points Microsoft External Staff Moderator

2026-02-20T01:34:57.8533333+00:00

Sunshine Admin could you please try the below steps once to get issue resolved:

Enable Entra ID Login

In Azure Portal → VM → Settings → Login with Microsoft Entra ID, make sure it’s turned ON.

Verify Extension

Go to Extensions + applications.

Confirm AADLoginForWindows shows Provisioning succeeded.

If not, uninstall and reinstall the extension.

The AADLoginForWindows extension must install successfully in order for the VM to complete the Azure AD join process. This is a critical step to troubleshoot if you are unable to RDP Azure VM using AAD credentials.

Here you should see the AADLoginForWindows extension. The status of this extension must be Provisioning succeeded

If the AADLoginForWindows extension fails to install, you must always make a note of the exit code. The failed AADLoginForWindows extension should have the following exit codes.

AADLoginForWindows extension fails to install with terminal error code ‘1007’ and exit code: -2145648574.

AADLoginForWindows extension fails to install with Exit code: -2145648607

AADLoginForWindows extension fails to install with Exit code: 51

Each of these exit codes have a unique solution. You can refer to this excellent AADLoginForWindows extension troubleshooting guide

Assign RBAC Roles Azure Portal > Virtual machines > Access control (IAM) >Add >Add role assignment:

Add the below roles : Virtual Machine Administrator Login

Virtual Machine User Login

Use Correct Login Format

For RDP, use:

AzureAD******@domain.com
Sunshine Admin 60 Reputation points

2026-02-20T02:25:53.58+00:00

Answer 1

VEMULA SRISAI 9,820 Microsoft External Staff Moderator

Sunshine Admin Since the AADLoginForWindows extension was already reinstalled, Entra ID login is enabled, and RBAC roles are assigned, the remaining cause of the “Your credentials did not work” error is a broken Microsoft Entra ID device trust created after running dsregcmd /leave.

The fix is to delete the VM’s device object from Microsoft Entra ID, remove and reinstall the AADLoginForWindows extension, and allow the VM to re‑register. After re‑registration (DeviceAuthStatus: SUCCESS), Entra ID sign‑in works again.

Sunshine Admin 60 Reputation points

2026-02-20T20:43:29.4033333+00:00

IT worked...Nice...thank you!
VEMULA SRISAI 9,820 Reputation points Microsoft External Staff Moderator

2026-02-20T21:05:46.0366667+00:00

Sunshine Admin Thank you for Informing. If the resolution was helpful, kindly take a moment to click on and if you have any further query do let us know.

Share via

not able to connect to vm with 365 credentialsTried to do a "dsregcmd /join" to revert but it kicks back and error

0 additional answers

Your answer