search

Gerenios / AADInternals

AADInternals PowerShell module for administering Azure AD and Office 365
http://aadinternals.com/aadinternals
MIT License
1.3k stars 217 forks source link

KeySignTest : FAILED (transport key) #82

Open dkschruteBeets opened 9 months ago

dkschruteBeets commented 9 months ago

Any ideas on how to resolve this failure? I'm currently testing Azure AD join using the following snippet:

Get-AADIntAccessTokenForAADJoin -Credentials $credential -SaveToCache
Join-AADIntDeviceToAzureAD -DeviceName $computerName -DeviceType "Windows" -OSVersion $version
Join-AADIntLocalDeviceToAzureAD -UserPrincipalName $username -PfxFileName .\a16d9283-379f-4ff1-af28-28e763a7393c.pfx

Once I reboot and sign in with an Azure account, I'm greeted with a "Contact your IT admin" pop up and the transport key failure when running dsregcmd /status.

Much appreciated!

dkschruteBeets commented 7 months ago

I don't know if this is related but it seems that running Export-AADIntLocalDeviceTransportKey results in the following error:

Exception calling "copyLsassToken" with "0" argument(s): "Access is denied"
At C:\Program Files\WindowsPowerShell\Modules\AADInternals\0.9.3\CommonUtils.ps1:1787 char:20
+                 if([AADInternals.Native]::copyLsassToken())
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : Win32Exception

Transport key exported to ef5daede-5444-4826-93f9-5a888394a52e_tk.pem

Just figured I'd mention it in case it's a potential smoking gun.