none
Problems with enterprise state roaming. RRS feed

  • Question

  • Running an on site domain, using AD Connect to sync devices to Azure.  I have been following the guide https://docs.microsoft.com/en-au/azure/active-directory/devices/enterprise-state-roaming-enable and I've enabled device sync, I can see the device in question in my Azure AD devices as Hybrid Azure AD joined. 

    

    I have enabled my test user to allow sync.

    However when I check sync settings on that machine with that user, I get an error about sync not being available on this account.

    I have verified that the same account is listed under Email & App Accounts.

    I have also assigned a license in Azure AD "Enterprise Mobility + Security E3"

    Not sure what else to check?  Any suggestions?


    • Edited by Anhvariel Monday, September 9, 2019 3:21 AM
    Monday, September 9, 2019 3:05 AM

All replies

  • Hi,

    Can you confirm if you are noticing the same behavior after restarting the PC? Also, include the output of dsregcmd /status from the command prompt.

    Ref: https://docs.microsoft.com/en-au/azure/active-directory/devices/enterprise-state-roaming-troubleshooting


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    Wednesday, September 11, 2019 7:57 AM
    Moderator
  • Seems like I am now able to get the sync settings enabled (maybe reboot, or just allowing a little time for devices to fully sync to Azure), but settings are still not syncing for the user.  Tried locking, rebooting, sign in/out.


    +----------------------------------------------------------------------+
    | Device State                                                         |
    +----------------------------------------------------------------------+
    
            AzureAdJoined : YES
         EnterpriseJoined : NO
                 DeviceId : 561b5dc8-fc0d-4448-8668-c0d79be7f80a
               Thumbprint : 0FB34CC979CC632244AA2A4F3E8682D92F37144B
           KeyContainerId : 7de5f9c9-053d-412b-9932-f7fd53a7796d
              KeyProvider : Microsoft Platform Crypto Provider
             TpmProtected : YES
             KeySignTest: : MUST Run elevated to test.
                      Idp : login.windows.net
                 TenantId : 40ef0784-9076-4932-a61b-0d0074f6324f
               TenantName : mydomain.com
              AuthCodeUrl : https://login.microsoftonline.com/40ef0784-9076-4932-a61b-0d0074f6324f/oauth2/authorize
           AccessTokenUrl : https://login.microsoftonline.com/40ef0784-9076-4932-a61b-0d0074f6324f/oauth2/token
                   MdmUrl : 
                MdmTouUrl : 
         MdmComplianceUrl : 
              SettingsUrl : eyJVcmlzIjpbImh0dHBzOi8va2FpbGFuaTEwLm9uZS5taWNyb3NvZnQuY29tLyIsImh0dHBzOi8va2FpbGFuaTExLm9uZS5taWNyb3NvZnQuY29tLyJdfQ==
           JoinSrvVersion : 1.0
               JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
                JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
            KeySrvVersion : 1.0
                KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
                 KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
             DomainJoined : YES
               DomainName : DOMAIN
    
    +----------------------------------------------------------------------+
    | User State                                                           |
    +----------------------------------------------------------------------+
    
                   NgcSet : NO
          WorkplaceJoined : NO
            WamDefaultSet : YES
      WamDefaultAuthority : organizations
             WamDefaultId : https://login.microsoft.com
           WamDefaultGUID : {B16898C6-A148-4967-9171-64D755DA8520} (AzureAd)
               AzureAdPrt : YES
    
    +----------------------------------------------------------------------+
    | Ngc Prerequisite Check                                               |
    +----------------------------------------------------------------------+
    
            IsUserAzureAD : YES
            PolicyEnabled : NO
           DeviceEligible : YES
       SessionIsNotRemote : YES
           CertEnrollment : none
             PreReqResult : WillNotProvision
    


    • Edited by Anhvariel Monday, September 16, 2019 11:45 PM
    Monday, September 16, 2019 11:45 PM
  • Can you check the event logs under Event Viewer > Applications and Services Logs > Microsoft > Windows > Settingsync-Azure? 

    Also, take a look at the known issues section in this article to see if your device falls under the category.


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!


    Thursday, September 19, 2019 9:27 AM
    Moderator
  • Can you check the event logs under Event Viewer > Applications and Services Logs > Microsoft > Windows > Settingsync-Azure? 

    Also, take a look at the known issues section in this article to see if your device falls under the category.


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!


    I can see the following error from a week in SettingSync-Azure, but haven't been able to trigger any further activity in the logs today.  Is there a command to force a sync?

    Log Name:      Microsoft-Windows-SettingSync-Azure/Debug
    Source:        Microsoft-Windows-SettingSync-Azure
    Date:          18/09/2019 11:05:06 AM
    Event ID:      6013
    Task Category: None
    Level:         Error
    Keywords:      
    User:          DOMAIN\stafftest
    Computer:      LARRTIMO-LAPTOP.domain.local
    Description:
    onecoreuap\shell\roaming\enterpriseclientsync\settingsync\azure\lib\azuresettingsyncprovider.cpp(113)\AzureSettingSyncProvider.dll!00007FF81B0ABEDB: (caller: 00007FF75BAE886B) ReturnHr(10) tid(750) 80040410     CallContext:[\GetChangeDetectorActivity] 
    

    Tuesday, September 24, 2019 4:28 AM
  • Ideally, if you change a setting alike wallpaper and sign-in to another device with the same users, that should trigger a sync on the new device. 

    Can you try this in your environment and check the logs on the new device?


    Please take a moment to "Mark as Answer" and/or "Vote as Helpful" wherever applicable. Thanks!

    13 hours 54 minutes ago
    Moderator