This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 40%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES0%3C/text%3E%3C/svg%3E)
Hi,
We are facing intermittent issue were 4 out of 5 attempts made to do Windows Autopilot hybrid AD join fails. When new devices assigned with Hybrid AAD join profile are initiated, the setup fails for the device after user enter the credential. The user credentials are validated and device is enrolled in Intune, however the device does not initiate the domain join activity and there are no event for the device joining activity on the Intune AD connector. And the setup fails with the error code 80070774. We have also noticed that when we connect three devices at the same time, two among them fails with this case and one goes through. Devices ending up in this error never seems to have picked up the domain join profile and no ODJ blob events were created for this devices on the Intune AD connector server. Also noiced we dont have any issue when doing this outside client network using VPN configuration.
Any help or advise on any fix for the issue is appreciated.
PS: all MS URL mentioned on both links below are already whitelisted in firewall appliance.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints
https://learn.microsoft.com/en-us/mem/autopilot/windows-autopilot-requirements
i have an updated strange observation on the failed device, the failed machine when left connected to LAN without a rest,after couple of hour (not sure how long it took as machine was left untouched overnight). At Intune i can see the machine updated with right name later, however user side machine is still stuck with the error and left with no other option than a reset it. i have used the diagnostic tool below but since the case was as described above it did not help much.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 66%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
I would suggest reviewing this link and checking the event logs to see what is going on - https://oofhours.com/2020/07/19/troubleshooting-windows-autopilot-hybrid-azure-ad-join/
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 84%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Error 0x80070774: Something went wrong. Confirm you are using the correct sign-in information and that your organization uses this feature. You can try to do this again or contact your system administrator with the error code 80070774.
This issue typically occurs before the device is restarted in a Hybrid Azure AD Autopilot scenario, when the device times out during the initial Sign in screen. It means that the domain controller can't be found or successfully reached because of connectivity issues. Or that the device has entered a state which can't join the domain.
Cause: The most common cause is that Hybrid Azure AD Join is being used and the Assign user feature is configured in the Autopilot profile. Using the Assign user feature performs an Azure AD join on the device during the initial sign-in screen which puts the device in a state where it can't join your on-premises domain. Therefore, the Assign user feature should only be used in standard Azure AD Join Autopilot scenarios. The feature should be not used in Hybrid Azure AD Join scenarios.
Another possible cause for this error is that the Autopilot object's associated AzureAD device has been deleted. To resolve this, delete the Autopilot object and reimport the hash to generate a new one.
Refer the solutions and check if it works : https://learn.microsoft.com/en-us/mem/intune/enrollment/troubleshoot-windows-enrollment-errors#resolution-16
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi ,
We don't have user assigned for devices for deployment activity and the Intune AD connector has delegated access to OU as needed. As mentioned the setup is not a complete failure, however success rate is 1/5, stuck with a scenario where it works expected at times and fails most of the time. I strongly suspect its some communication trouble with internal DC within network, but not sure where to look for a lead to prove this.