Error when you perform a Workplace Join: Confirm you are using the current sign-in info

This article describes a problem in which an error occurs when you perform a Workplace Join operation.

Original product version:   Windows 8.1 Enterprise, Windows Server 2012 R2 Datacenter, Windows Server 2012 R2 Standard, Azure Active Directory
Original KB number:   3045386


When you try to perform a Workplace Join operation, you receive this error message:

Confirm you are using the current sign-in info, and that your workplace uses this feature. Also, the connection to your workplace might not be working right now. Please wait and try again.

Additionally, an administrator may see the following event details in Event Viewer:

Event ID: 103
Log Name: Microsoft-Windows-Workplace Join/Admin
Source: Microsoft-Windows-Workplace Join
Level: Error
Description: Workplace Join discovery failed. Server returned http status 404.


This problem occurs for one of the following reasons:

  • The client is being redirected to the internal Device Registration Service (DRS) instance where the DRS endpoint is disabled or stopped.
  • The DNS records for the EnterpriseRegistration service are missing or misconfigured.
  • The domain suffix of the currently logged-on user is not accounted for in the SSL certificate of DRS.
  • The network or firewall is blocking traffic, or transient network issues are causing packet loss.


Verify DNS

Verify the DNS configuration by using the NSlookup tool, and verify that the answers are correct.

To do this, open a Command Prompt window, and then run the following command:

  • If you use Azure Active Directory Join
    • This should return the CNAME result of as the target.
  • If you use Windows Server Workplace Join
    • The internal host should return the internal AD FS node.
    • The external host should return the external AD FS proxy address.

Verify that Device Registration is enabled

If you try to perform Workplace Join to Azure Active Directory, follow these steps:

  1. Sign in to Azure portal, or launch the Azure AD console from the M365 admin center as a Company Administrator.
  2. Locate the directory where the user is trying the join operation.
  3. Go to Configure.
  4. Scroll down to the Device Registration section.
  5. Make sure that the setting that's labeled ENABLE WORKPLACE JOIN is toggled to Yes (Yes will be blue).

If you try to perform a Workplace Join to your local Active Directory domain, follow these steps:

  1. Start the AD FS Management console, and then select Relying Party Trusts to determine whether the Device Registration Service trust is Enabled on each node of the AD FS farm.
  2. If Device Registration Service is Enabled, check the Services Console to make sure that the Device Registration Service is started.

Check the SSLCertificate bindings

If you try to perform Workplace Join to your local Active Directory domain, follow these steps:

  1. Open a Command Prompt window as an administrator, type the following commands, and press Enter after each command to display the bindings on the ADFS Proxy or ADFS Server:

    Http Show SSLCert
  2. Determine whether the IP Port Binding (not Name binding) is present.

  3. If the IP Port binding is not present, review to determine whether the EnterpriseRegistration Name binding is present.

More information

For more troubleshooting information, see the following article in the Microsoft Knowledge Base:

Diagnostic logging for troubleshooting Workplace Join issues.