Hi,
We have recently configured CMG in our SCCM environment for internet based clients. We are running SCCM 2006 in our environment and managing both servers and workstations. All the VPN boundaries associated with CMG Management Point.
I am having couple of issues in Hybrid AD joined as described below.
- Many of our Laptops are hybrid AD joined and communicate with CMG for content download. There are few Windows 10 laptops (irrespective of OS Build version) which shows Hybrid Azure AD joined in Azure Portal but the information is not registered in SCCM database. ex. AAD TenentID shows NULL in CM database and Hybrid AD value set to 0. I tried clean reinstalling client and ran HW inventory and DDR cycle but nothing worked out. Could you please advise what could be the issue and how do i get those information updated in SCCM DB?
- There are some Windows 10 1607 or older build version having issue with joining Hybrid Azure AD. I tried the below commands which work for few laptops but not all. Please advice
dsregcmd /leave /debug
dsregcmd /debug /join
Error:
"AdalLog: Token response is not successfull. Status:400 ResponseText:{"error":"in
valid_grant","error_description":"AADSTS51004: The user account AFG9DKIeVkuS5Iln
cvHizw== does not exist in the 24df34ab-a358-4b62-ba14-e5dfb43b9d63 directory. T
o sign into this application, the account must be added to the directory.\r\nTra
ce ID: f0df8c14-a4af-4749-9728-8400ef163900\r\nCorrelation ID: 6f5531cc-cda4-4f7
a-9392-2836786cca46\r\nTimestamp: 2021-02-25 07:04:56Z","error_codes":[51004],"t
imestamp":"2021-02-25 07:04:56Z","trace_id":"f0df8c14-a4af-4749-9728-8400ef16390
0","correlation_id":"6f5531cc-cda4-4f7a-9392-2836786cca46","error_uri":"https://
login.microsoftonline.com/error?code=51004"} ; HRESULT: 0x0
AdalLog: Webrequest returns error code:invalid_grant and error description:AADST
S51004: The user account AFG9DKIeVkuS5IlncvHizw== does not exist in the 24df34ab
-a358-4b62-ba14-e5dfb43b9d63 directory. To sign into this application, the accou
nt must be added to the directory.
Trace ID: f0df8c14-a4af-4749-9728-8400ef163900
Correlation ID: 6f5531cc-cda4-4f7a-9392-2836786cca46
Timestamp: 2021-02-25 07:04:56Z ; HRESULT: 0x0
AdalLog: HRESULT: 0xcaa20003
AdalLog: HRESULT: 0xcaa90006
LogFatalAuthError: AdalMessage: GetStatus returned failure
AdalErrorCode: 0xcaa90006
AdalCorrelationId: 6f5531cc-cda4-4f7a-9392-2836786cca46
AdalLog: HRESULT: 0xcaa90006
AdalLog: HRESULT: 0xcaa20003
AdalLog: Webrequest returns error code:invalid_grant and error description:AADST
S51004: The user account AFG9DKIeVkuS5IlncvHizw== does not exist in the 24df34ab
-a358-4b62-ba14-e5dfb43b9d63 directory. To sign into this application, the accou
nt must be added to the directory.
Trace ID: f0df8c14-a4af-4749-9728-8400ef163900
Correlation ID: 6f5531cc-cda4-4f7a-9392-2836786cca46
Timestamp: 2021-02-25 07:04:56Z ; HRESULT: 0x0
AdalLog: Token response is not successfull. Status:400 ResponseText:{"error":"in
valid_grant","error_description":"AADSTS51004: The user account AFG9DKIeVkuS5Iln
cvHizw== does not exist in the 24df34ab-a358-4b62-ba14-e5dfb43b9d63 directory. T
o sign into this application, the account must be added to the directory.\r\nTra
ce ID: f0df8c14-a4af-4749-9728-8400ef163900\r\nCorrelation ID: 6f5531cc-cda4-4f7
a-9392-2836786cca46\r\nTimestamp: 2021-02-25 07:04:56Z","error_codes":[51004],"t
imestamp":"2021-02-25 07:04:56Z","trace_id":"f0df8c14-a4af-4749-9728-8400ef16390
0","correlation_id":"6f5531cc-cda4-4f7a-9392-2836786cca46","error_uri":"https://
login.microsoftonline.com/error?code=51004"} ; HRESULT: 0x0
Thanks,
VJ
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 5%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
