Scribd Logo
Upload

Welcome to Scribd!

  • Trubleshooting Stesp for enrolling device in Intune

    Uploaded by

    pankajvistascloud
    2 views2 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    2 views2 pages

    Trubleshooting Stesp for enrolling device in Intune

    Uploaded by

    pankajvistascloud

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    1.

    Check the Auto Enrollment Group Policy


    Login on the Server and Goto the Group policy console

    Check the Group for Automatic Enrollment. Make sure it is enabled and in the “Select Credential Type to Use”
    Section User Credentials selected.

    Also Confirm the Policy linked with the right Organizational Unit.

    2. Check the Device status whether it is under the group policy or not.

    Open the CMD in Device and run the Commands gpresult /h gporesult.html

    Go to the C drive and find the gpresult .HTML file and open in the any browser.

    Find the Applied Policies

    3. Check the Other settings in the Client Machine


    Run the Commands dsregcmd /status

    Make sure device under the “Device State” It must showing AzureAdJoined & DomainJoined Yes for both options.

    Also under the “Tenant Details” MDMUrl, MDMTouUrl & MDMComplianceUrl must be visible.

    If these URLs are not visible pls follow the step Number 4

    4. Add Active Directory Domains and Trusts in the Server


    Go to the Server Manager in the Server and in the right side click on the Tools and find the Active Directory
    Domain and Trusts.

    New widows will open. Right click on the ADDT and click on the Properties.

    Add the alternative UPN suffixes from the Azure AD overview page (domain..onmicrosoft.com)

    Also Change the upn for all users if necessary.

    Sign-out from the client machine and login with Azure AD profile via Other user option.

    5. Check the Task Scheduler


    Search the Task Scheduler in the Client machine and open it.

    Under this location

    Task Scheduler Library\Microsoft\Windows\EnterpriseMgmt\GUID

    Make sure there are process in the schedule mode or in the ready mode.
    6. Check the Event Viewer
    Search the Event Viewer in the Client Machine and open it

    Under this location

    Event Viewer (Local)\Application and Services Logs\Microsoft\Windows\DeviceManagemen-Enterprise-


    Diagnostics-Provider

    Make sure there are no error related to the Enrollment or Device

    7. HOW TO FIX GROUP POLICY: ERROR WINDOWS COULD NOT DETERMINE IF


    THE USER AND COMPUTER ACCOUNTS ARE IN THE SAME FOREST

    Click on Start

    Type in Services and select the one with the gear icon

    Scroll down and look for Netlogon, if the status is not Running, then that’s why you’re getting this issue

    Double-Click on Netlogon and change the Startup Type to Automatic and click the Start button

    Once the service is running, click the OK button

    Now try running gpupdate again

    Run the command dcdaig

    Rsop.msc to check which group policies applied to windows machine

    You might also like