question

GonWild-8986 avatar image
0 Votes"
GonWild-8986 asked GonWild-8986 answered

AAD joined Windows 10 login fail - domain not avaliable

Hi!
We're testing hybrid join in our environment.
Got a hybrid joined Windows 10 PC (v20H2) that gives login error (translated): We can't login with your credentials, the domain is not avaliable.

The user I'm testing is AAD user, synced from OnPrem AD. Account is OK, as I can login from a browser.
On the hybrid joined computer, I have tried loggin in with :
username@domain.com (users UPN)
username@domain.onmicrosoft.com
AzureAD\username@domain.com

still no luck. Computer is connected to a mobile hotspot wifi, so no company network, firewall etc. (PC is also enrolled in Intune)
I can login using UPN with previous logged on user, but not this new user.

any ideas?






windows-10-generalazure-active-directory
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Are you able to login with the same account in different network?
Are you able to login with this credential on Azure Customer Portal?

0 Votes 0 ·

Hi,
I am able to login with user UPN, when connected to corporate network. Probably because the client is able to talk to our OnPrem domain controller.

User is able to login to the Azure portal, yes.

0 Votes 0 ·

Have you checked log files to get some clue of what might causing the problem?

0 Votes 0 ·
Show more comments
GonWild-8986 avatar image
0 Votes"
GonWild-8986 answered GonWild-8986 edited

Hello,
I have already verified the join status.

Came accross some info that indicates a new user cannot login on a hybrid joined windows 10 (without line of sight to local DC), as it is primary source of authenication is local domain controller. Needs to be AAD joined only. Too bad MS hasn't emphasized this (or I have missed it), would've saved me quite some time.

https://oofhours.com/2020/05/23/digging-into-hybrid-azure-ad-join/

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GonWild-8986 avatar image
0 Votes"
GonWild-8986 answered

I read in a blog that a hybrid AAD joined device is primarily dependent on OnPrem AD, for new user login and other things. So far this is my best answer as to why this isn't working as I thought it would

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.