Unable to create a Token Binding Key issue when deploying Hybrid Cloud print

Joe Hansen 96 Reputation points
2019-12-18T22:04:28.72+00:00

I've been working on trying to get Hybrid Cloud Print set up using these article here among others: https://www.scconfigmgr.com/2018/01/22/deploy-hybrid-cloud-print/
https://learn.microsoft.com/en-us/windows-server/administration/hybrid-cloud-print/hybrid-cloud-print-deploy

I configured both proxies with Azure AD pre-authentication with windows integrated SSO, since that was the only way I seemed to be able to get it to work.
I'm now able to publish printers with the publish-cloudprinter cmdlet, and I can directly hit the public URL of discovery endpoint to see them in the JSON, But i haven't had any luck getting any workstation to actually see them.

The behavior is that when I hit the button to find a cloud printer, they get no results back. Meanwhile, in the workstation's AAD log, it records the following:

Error: 0x80070057 The parameter is incorrect.

The parameter is incorrect.

Exception of type 'class WinRTException' at oauthtokenrequestbase.cpp, line: 732, method: OAuthTokenRequestBase::QueryTokenBindingKeyId::::operator ().

Log: 0x8aa5007f Unable to create a Token Binding Key.
Logged at oauthtokenrequestbase.cpp, line: 732, method: OAuthTokenRequestBase::QueryTokenBindingKeyId::::operator ().

Request: authority: https://login.microsoftonline.com/TenantId, client:NativeApplicationId , redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/NativeApplicationId, resource: http://MopriaDiscoveryService/CloudPrint, correlation ID (request): 13e79b78-7c28-4938-a029-d6d6a12e089d

(I replaced the tenant and native application ids in the above)
I'm not quite sure where to go with this particular error. I'm not sure what parameter is being called that is incorrect, or how to troubleshoot.
Does anyone have any advice on where to look for a next step?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,383 questions
0 comments
Accepted answer
  1. Joe Hansen 96 Reputation points
    2019-12-26T22:17:22.597+00:00

    I don't think I ever quite figured out what specifically the error here was, but with guidance from Microsoft support, I deleted all 3 of the applications in azure, and set them up again per the instructions in the microsoft article I referenced above, including the optional pre-authentication. I was able to get it to work the second time.

    It seems likely I made some mistake in the config for one of them the first time around, but never spotted it.

    https://learn.microsoft.com/en-us/windows-server/administration/hybrid-cloud-print/hybrid-cloud-print-deploy

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 33,706 Reputation points Microsoft Employee
    2019-12-20T01:02:26.427+00:00

    Have you checked some of the troubleshooting guides for this? It seems there was a hot fix deployed that fixed this error for a lot of people, though I am not sure if this is related to your particular case. https://support.microsoft.com/en-us/help/3041857/code-0x80070057-the-parameter-is-incorrect-error-when-you-try-to-displ

    If you send me an email at AzCommunity@microsoft.com I can get a support case opened for you, or you are also welcome to message me there and share any relevant screenshots or logs.