question

HarrySun-8884 avatar image
0 Votes"
HarrySun-8884 asked HarrySun-8884 edited

windows hello for business On-Premises deployment error event

I try to deploy the on-prem HfB. We are running at domain function level of 2012R2. The single AD FS server runs 2019. I followed exactly the microsoft guide. But when I start my domain PC, the enroll process never happen.
Here is the event 1021 messge under ADFS/admin:

Encountered error during OAuth token request.

Additional Data

Exception details:
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthJWTBearerException: MSIS9426: Received invalid OAuth JWT Bearer request. The JWT Bearer payload must contain 'scope'.
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateJWTBearer()
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthToken.OAuthJWTBearerRequestContext.ValidateCore()


And under "Device Registration Servcie/DRS/Admin", there is the error event 3036:

The description for Event ID 3036 from source Device Registration Service cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

none.
System.InvalidOperationException: Invalid or missing tenant information in Active Directory. Make sure you have configured the Service Connection Point (SCP) here: CN=62a0ff2e-97b9-4513-943f-0d221bd30080,CN=Device Registration Configuration,CN=Services,CN=Configuration,(forest-dn).
Exception (if any): none
at Microsoft.DeviceRegistration.ADAdapter.AdrsTenantInfoUtil.GetTenantInfo(AdrsTenantConfigStore StoreType)
at Microsoft.DeviceRegistration.ADAdapter.AdrsTenantInfoUtil.GetTenantInfo()
at Microsoft.DeviceRegistration.ADAdapter.ADStore.<>c.<LookupTenantNameAsync>b_180_0()
at System.Threading.Tasks.Task`1.InnerInvoke()
at System.Threading.Tasks.Task.Execute()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.DeviceRegistration.Utilities.DRServiceManager.<RefreshKeyReceiptPublicCertsAsync>d
_114.MoveNext()

The locale specific resource for the desired message is not present


Anybody know what's root cause or how to fix it?
Thanks!!!

adfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

HarrySun-8884 avatar image
0 Votes"
HarrySun-8884 answered HarrySun-8884 edited

I already add the "ugs" scope as Microsoft asks to do for windows server 2019. still same error.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.