Warning: Undefined array key "is_rate_editable" in /home/vhosts/itexperience.net/httpdocs/wp-content/plugins/wpdiscuz/class.WpdiscuzCore.php on line 1303
Error 0x801c005b during Hybrid Join Azure AD - easy fix - itexperience.net

Error 0x801c005b during Hybrid Join Azure AD – easy fix

Error 0x801c005b , accompanied with server message The verification of the signature failed for device <device_id>, prevents you from hybrid joining your on-prem Windows device to Azure Active Directory.

0x801c005b

Symptoms of 0x801c005b

When this error state 0x801c005b is present, you will notice an ending dollar sign $ in your device name in Azure Active Directory. This is the symptom the active Directory object has been synced from on-prem to the cloud. But you have not joined your device itself yet.

In a healthy state, you could run dsregcmd /join on your Windows device to attempt a hybrid join. However, in this case the device match with the cloud object could not be made.

Fix 0x801c005b

The easiest way to fix 0x801c005b, is to delete the device object in Azure Active Directory.

Then, make a very small change in the computer object in the on-prem Active Directory. Like adding a space in the Description field.

After doing so, wait for the next Azure Active Directory Sync in AAD Connect. Or force a sync yourself in case of impatience 😉

Once the device object is reappears in your Azure AD (note the dollar sign in the name, like dev00013$), return to your Windows device and run dsregcmd /join . To verify the join succeeded, check:

  • on the Windows device, check the status: dsregcmd /status . AzureAdJoined should be YES, as well as DomainJoined
  • in Azure Active Directory, the device is named dev00013 (without $)
afbeelding

Reference log

C:\WINDOWS\system32>dsregcmd /status

+———————————————————————-+
| Device State |
+———————————————————————-+

         AzureAdJoined : NO
      EnterpriseJoined : NO
          DomainJoined : YES
            DomainName : test
           Device Name : dev00013@test.com

+———————————————————————-+
| User State |
+———————————————————————-+

                NgcSet : NO
       WorkplaceJoined : NO
         WamDefaultSet : NO

+———————————————————————-+
| SSO State |
+———————————————————————-+

            AzureAdPrt : NO
   AzureAdPrtAuthority : NO
         EnterprisePrt : NO
EnterprisePrtAuthority : NO

+———————————————————————-+
| Diagnostic Data |
+———————————————————————-+

 Diagnostics Reference : www.microsoft.com/aadjerrors
          User Context : SYSTEM
           Client Time : 2022-07-01 11:44:06.000 UTC
  AD Connectivity Test : PASS
 AD Configuration Test : PASS
    DRS Discovery Test : PASS
 DRS Connectivity Test : PASS
Token acquisition Test : SKIPPED
 Fallback to Sync-Join : ENABLED

 Previous Registration : 2022-07-01 11:41:39.000 UTC
     Registration Type : sync
           Error Phase : join
      Client ErrorCode : 0x801c005b
      Server ErrorCode : invalid_request
   Server ErrorSubCode : error_computer_signature_check_failure
      Server Operation : DeviceRenew
        Server Message : The verification of the signature failed for device  in domain .
          Https Status : 400
            Request Id : 

+———————————————————————-+
| IE Proxy Config for System Account |
+———————————————————————-+

  Auto Detect Settings : YES
Auto-Configuration URL :
     Proxy Server List :
     Proxy Bypass List :

+———————————————————————-+
| URL Specific Proxy Config |
+———————————————————————-+

Auto Detect PAC Status : Failed to auto detect the Proxy Auto-Configuration (PAC) script using WPAD. code: 0x80072f94

Executing Account Name : test\dev00013$, dev00013$@test.com

+———————————————————————-+
| IE Proxy Config for Current User |
+———————————————————————-+

  Auto Detect Settings : YES
Auto-Configuration URL :
     Proxy Server List :
     Proxy Bypass List :

+———————————————————————-+
| WinHttp Default Proxy Config |
+———————————————————————-+

           Access Type : PROXY
     Proxy Server List : 
     Proxy Bypass List :

+———————————————————————-+
| Ngc Prerequisite Check |
+———————————————————————-+

        IsDeviceJoined : NO
         IsUserAzureAD : NO
         PolicyEnabled : NO
      PostLogonEnabled : YES
        DeviceEligible : YES
    SessionIsNotRemote : YES
        CertEnrollment : none
          PreReqResult : WillNotProvision

For more information, please visit https://www.microsoft.com/aadjerrors

Last note

If this article did not help you solve your problem, please leave a comment! This website is visited thousands of times a day. There is a good chance that I or someone else has an answer to your question.

In addition, if you have a better solution for this problem, please leave a comment too! It may help me improve this article, as well as you may help other users facing this issue.

3.3 3 votes
Article Rating
Subscribe
Notify of
guest
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Lee@LPM

Stumbled over this with the exact same issue on a couple of customer devices but this didn’t resolve unfortunately

Roberto

same here, im stuck on this. unjoined, deleted everything, and it continue working with device$.

2
0
Would love your thoughts, please comment.x
()
x