I ended up disabling ESP which does not get rid of the error immediately but a couple of reboots seems to allow it to find the AAD object. Also worth noting is that it is expected that there will be two AAD device objects for hybrid joined devices which I had not seen in official documentation.
Autopilot Hybrid AD Join - Incompatible with Enable Automatic MDM Enrollment GPO?
I am having an issue with the "Account Setup - Joining your organization's network" portion of Autopilot deployment.
Just like this Technet post, I am getting a 204 and 304 event in the User Device Registration log, the only difference is that they were trying to disable automatic enrollment via GPO and we have it enabled. Is this GPO incompatible with Autopilot?
The 304 error says that "The device object with the given id {id} is not found. I went and looked at the AAD device id and it is in fact different. The device was deleted from AD, AAD and Intune before beginning deployment with a Windows 10 USB.
2 additional answers
Sort by: Most helpful
-
Jason Sandys 31,171 Reputation points Microsoft Employee
2020-11-30T19:55:35.567+00:00 What you are seeing is normal and expected to my knowledge as the device is already enrolled in Intune long before the group policy applies.
Are you actually experiencing an issue?
-
Taylor Artunian 171 Reputation points
2020-12-01T01:47:52.397+00:00 Thank you for the replies. I have since moved my Autopilot devices to a new OU with no GPO's and changed both the Domain Join profile and AAD Connect to include the new OU and am still encountering the same issue.
During user ESP the install process hangs on "Joining Your Organization's Network". Looking at the logs, the device appears to try 3 times to run the Automatic-Device-Join task before giving up, each time generating the 304 and 204 events with the 0x801c03f3 error:
Automatic registration failed at join phase. Exit code: Unknown HResult Error code: 0x801c03f3 Server error: The device object by the given id (e2f251bb-c6e1-4378-b65a-f8dfd1622ba9) is not found. Tenant type: Managed Registration type: sync Debug Output: joinMode: Join drsInstance: azure registrationType: sync tenantType: Managed tenantId: 235907c4-a81a-4ff8-80a3-32d8a3730c36 configLocation: undefined errorPhase: join adalCorrelationId: 62693e8a-a008-48c2-8d47-5335f93eaeae adalLog: undefined adalResponseCode: 0x0
I have two devices which are doing this and I think they may be caused by separate issues.
On one device, if I manually start the Automatic-Device-Join after ensuring that the AD object has been synced to AAD, the ESP completes fine (though the Autopilot device only shows an Associated Intune device while the Associated Azure AD device shows N/A).
I have another device that won't get past the same "Joining Your Organization's Network" step despite it having resolved the 204 and 304 Device Join errors on its own. To make it more confusing, the corresponding AAD device has a DeviceID which is different from the one that the device is looking for and different from the AD ObjectGUID. The AD connect sync rules are stock so the AAD DeviceID should be the ObjectGUID.
I think I may need to go the support ticket route since this is looking like multiple issues. Thanks.