Windows AadCloudAPPlugin错误事件1081,1085,1118为什么? [英] Windows AadCloudAPPlugin errors event 1081,1085,1118 why?
问题描述
我已经设置了两个AD DS林,它们都是使用AAD Connect最新版本为Azure Active Directory进行域连接设置的。
I have setup two AD DS forest which are both setup for domain join with Azure Active Directory using AAD Connect latest version.
我有一个使用ADFS 2016的联合方案一切似乎都很好。我现在还使用密钥信任方案激活了Hello for Business,这也可以解决任何问题。
I have a federated scenario using ADFS 2016 and everything seems to work fine. I now also activated Hello for Business with Key trust scenario, and also this works without detecting any problems.
因为我有ADFS,ADCS并且还有服务,具体取决于智能卡身份验证(证书身份验证)我想将Hello for Business切换到证书信任而不是密钥信任。
Because I have ADFS, ADCS and also have services depending on smartcard authentication (certificate auth) I would like to switch Hello for Business to certificate trust instead of Key trust.
所以我开始检查是否每次都是为了让这个工作。我注意到以下 AadCloudAPPlugin事件错误,是否有人可以解释我在这里遇到的一般问题。或者如何解决这个问题。
So I started checking if everythings is in order to get this working. I noticed the following AadCloudAPPlugin event errors, is there anybody who can explain what general problem I am having here. Or how to fix this.
Mike Couwenbergh IT Infrastructuur Architect
Mike Couwenbergh IT Infrastructuur Architect
推荐答案
当您的设备回写未正确设置或您看到此设备的设备尚未写回本地AD时,可以看到错误。您收到错误的Windows客户端正在检查ADFS PRT(客户端在Windows登录时获得
的主刷新令牌。)PRT基于用户和设备Auth,在Win Hello注册开始之前。这需要将设备写回本地AD中的RegisteredDevices容器。在此之前,你可能会得到上述错误
。请验证设备是否已写回到本地目录。您可以按照以下步骤操作,我希望他们能帮助您解决此问题。
The error can be seen when your device writeback is not setup correctly or the device where you see this , has not been written back to the local AD. The Windows client where you are getting the error is checking the ADFS PRT (Primary refresh token which the client obtains at windows logon.) The PRT is based on user and device Auth before Win Hello registration starts. And this requires the device to be written back to the RegisteredDevices container in local AD . Until that happens you may get the above error like that. Please verify that the device is written back to the on-prem directory . You can follow the following steps and I hope they will help you fix this issue.
1。在计算机上使用dsregcmd / status来获取设备ID。
2.然后使用以下代码段搜索本地活动目录。请使用您的域名适当的distingushed名称。
1. use dsregcmd /status on the machine to obtain the device ID .
2. Then use the following snippet to search your local active directory. Please use your domains appropriate distingushed name.
DeviceId =<机器的设备ID>
获取-ADObject -LDAPFilter"(cn =
DeviceId = <Device ID of the machine>
Get-ADObject -LDAPFilter "(cn=
deviceid)" -SearchBase" CN = RegisteredDevices,DC =< domain> ;, DC =< local>"
3.如果输出没有显示任何内容,则设备尚未回写。
4.确保在同步工具AAD connect中启用设备Writeback ( https://docs.microsoft.com / en-us / azure / active-directory / connect / active-directory-aadconnect-feature-device-writeback
)
5.您可以使用设备ID在AD中搜索连接metaverse。
6.如果未启用设备回写,则应启用它并确保设备已同步。只有当设备同步后,您才应该尝试再次启动Win hello注册。
7.如果您确定设备注册正常,则会以某种方式回写并删除对象,那么解决问题的时间就越少,就可以使用Azure AD重新注册设备以下命令。
DSREGCMD / LEAVE DSREGCMD / DEBUG
deviceid)" -SearchBase "CN=RegisteredDevices,DC=<domain>,DC=<local>"
3. If the output does not show anything , then the device has not yet written back.
4. Ensure that device Writeback is enabled in sync tool AAD connect (https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-feature-device-writeback )
5. You can use the device ID to search in AD connect metaverse.
6. If the device writeback is not enabled then you should enable it and make sure device is synced . Only when device is synced back you should try to start the Win hello registration again.
7. If you are sure device registration is fine ad the object was written back and deleted somehow , then the less time taking solution would be to re-register the device in Azure AD using the following commands.
DSREGCMD /LEAVE DSREGCMD /DEBUG
我希望上述信息可以帮助您修复错误。如果您有任何疑问,请随时告诉我们。如果信息对您有帮助,请将答案标记为相同,以便此帖子对社区中的其他人有用。
I hope the above information helps you fix the error. In case you have any further queries , feel free to let us know. Please mark the same as answer in case the information helped you so that this post is useful to others in the community .
谢谢。
这篇关于Windows AadCloudAPPlugin错误事件1081,1085,1118为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
