V
Vladislav GennFom
Guest
Hi! Help me please!
I used instruction for set up WHFB( on-premis on the key trust).
I set up and every step of the guide and checked 10 times over.
I use third-party MFA, I registrated MFA in ADFS and check. My MFA work.
The client log Microsoft-Windows-HelloForBusiness/Operational errors out with:
1. The Primary Account Primary Refresh Token prerequisite check failed (Event ID 7201).
2. The device registration prerequisite check failed(Event ID 7200).
3. Windows Hello for Business prerequisites check failed. Error: 0x0(Event ID 7054).
and repeat...
Result comands DSREGCMD /DEBUG and DSREGCMD /STATUS:
dsregcmd::wmain logging initialized.
PreJoinChecks Complete.
preCheckResult: DoNotJoin
isPrivateKeyFound: undefined
isJoined: undefined
isDcAvailable: undefined
isSystem: NO
keyProvider: undefined
keyContainer: undefined
dsrInstance: undefined
elapsedSeconds: 0
resultCode: 0x1
The device can NOT be joined. The process MUST run as NT AUTHORITY\SYSTEM.
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : YES
DomainName : WINHELLO
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
Diagnostics Reference : www.microsoft.com/aadjerrors
User Context : UN-ELEVATED User
Client Time : 2019-07-10 11:49:29.000 UTC
AD Connectivity Test : PASS
AD Configuration Test : PASS
DRS Discovery Test : PASS
DRS Connectivity Test : PASS
Token acquisition Test : FAIL [0xcaa9002c/0xcaa1000e] Correlation-id: {EE96163B-8710-42E0-8AC6-1F358EB5D6CD}
Fallback to Sync-Join : ENABLED
Previous Registration : 2019-07-10 11:16:58.000 UTC
Registration Type : fed
Error Phase : auth
Client ErrorCode : 0xcaa1000e
Correlation Id : {65934446-ABB9-468C-991E-DC6E78BFB692}
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : YES
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision
More...
I used instruction for set up WHFB( on-premis on the key trust).
I set up and every step of the guide and checked 10 times over.
I use third-party MFA, I registrated MFA in ADFS and check. My MFA work.
The client log Microsoft-Windows-HelloForBusiness/Operational errors out with:
1. The Primary Account Primary Refresh Token prerequisite check failed (Event ID 7201).
2. The device registration prerequisite check failed(Event ID 7200).
3. Windows Hello for Business prerequisites check failed. Error: 0x0(Event ID 7054).
and repeat...
Result comands DSREGCMD /DEBUG and DSREGCMD /STATUS:
dsregcmd::wmain logging initialized.
PreJoinChecks Complete.
preCheckResult: DoNotJoin
isPrivateKeyFound: undefined
isJoined: undefined
isDcAvailable: undefined
isSystem: NO
keyProvider: undefined
keyContainer: undefined
dsrInstance: undefined
elapsedSeconds: 0
resultCode: 0x1
The device can NOT be joined. The process MUST run as NT AUTHORITY\SYSTEM.
+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+
AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : YES
DomainName : WINHELLO
+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+
NgcSet : NO
WorkplaceJoined : NO
WamDefaultSet : NO
+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+
AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO
+----------------------------------------------------------------------+
| Diagnostic Data |
+----------------------------------------------------------------------+
Diagnostics Reference : www.microsoft.com/aadjerrors
User Context : UN-ELEVATED User
Client Time : 2019-07-10 11:49:29.000 UTC
AD Connectivity Test : PASS
AD Configuration Test : PASS
DRS Discovery Test : PASS
DRS Connectivity Test : PASS
Token acquisition Test : FAIL [0xcaa9002c/0xcaa1000e] Correlation-id: {EE96163B-8710-42E0-8AC6-1F358EB5D6CD}
Fallback to Sync-Join : ENABLED
Previous Registration : 2019-07-10 11:16:58.000 UTC
Registration Type : fed
Error Phase : auth
Client ErrorCode : 0xcaa1000e
Correlation Id : {65934446-ABB9-468C-991E-DC6E78BFB692}
+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+
IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : YES
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision
More...