WCD Bulk Provisioning issue

Question

WCD Bulk Provisioning issue

NP 201

We are using Windows 10 2019 LTSC with the latest version of the ADK - WCD

Keep getting the below when trying to retrieve bulk tokens

Has anyone got any ideas?

Also, all the documentation says the token can be valid for 180 days but the gui only shows 30 days. Is there somewhere else to set this value?

The person that did this prior to me has to log a support request every month since we seem to have to generate the file every 30 days and every 30 days we seem to get this error. Then we contact MS and they do something on the backend and it mysteriously works for us

Akshay-MSFT 3,881 Reputation points Microsoft Employee

2022-09-07T11:55:19.487+00:00
Hello @NP ,

Thaks for posting your query, I was able to test this and was able to generate the token.

On Azure AD, I was able to see the provisioning user account being generated

Kindly check the following any confirm:

If there are any other bulk token user being created on Azure AD with same settings and its inactive, please remove it and try to fetch a new token via WCD.

Check if there are any kind on policy configured to set token lifetime like in screenshot below:

If you find any then that should be removed to have default token lifetime:

Thanks,
Akshay
NP 201 Reputation points

2022-09-08T00:55:43.857+00:00

@Akshay-MSFT

thanks for the response

I have cleaned up the accounts i can see in Azure
Strangely, even though i still get the error, an an account with the name packag... gets created
But still the same error

Also i get this?

Akshay-MSFT 3,881 Reputation points Microsoft Employee

2022-09-07T11:55:19.487+00:00

Hello @NP ,

Thaks for posting your query, I was able to test this and was able to generate the token.

On Azure AD, I was able to see the provisioning user account being generated

Kindly check the following any confirm:

If there are any other bulk token user being created on Azure AD with same settings and its inactive, please remove it and try to fetch a new token via WCD.

Check if there are any kind on policy configured to set token lifetime like in screenshot below:

If you find any then that should be removed to have default token lifetime:

Thanks,
Akshay
NP 201 Reputation points

2022-09-08T00:55:43.857+00:00

@Akshay-MSFT

thanks for the response

I have cleaned up the accounts i can see in Azure
Strangely, even though i still get the error, an an account with the name packag... gets created
But still the same error

Also i get this?

Answer 1

Hello @NP ,

Kindly try the following steps:

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process  
Install-Module AADInternals  
Import-Module AADInternals  
  
Get-AADIntAccessTokenForAADGraph -SaveToCache   
Get-AADIntCache  
  
Get-AADIntAccessTokenForAADGraph -Resource urn:ms-drs:enterpriseregistration.windows.net -SaveToCache  
  
Saving the token to a service account:  
  
$bprt = New-AADIntBulkPRTToken -Name "svc_dem@CONTOSO.COM"  
  
  
- Once you saved, we can fetch it from location in PowerShell output:

- Now navigate back to WCD -> advanced settings-> Accounts -> Azure :

In Authority field use: "https://login.microsoftonline.com/common"
In BPRT filed use: <refresh token from .JSON file>
- Save the project and export the PPKG.
Now use the PPKG file to AAD join your device.

Ref article used: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/how-to-retrieve-an-azure-ad-bulk-token-with-powershell/ba-p/2944894

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

WCD Bulk Provisioning issue

0 additional answers

Activity