Intune (ODJ) Connector Event Viewer - new location -- #Iwork4Dell

Intune (ODJ) Connector Event Viewer - new location -- #Iwork4Dell

Daniel Davila Daniel Davila

Daniel Davila

Design Architect at Dell Technologies

发布日期: 2022年8月2日
+ 关注

I switched tenants a few months ago and ended up keeping it 100% Azure AD Join for simplicity, but recently had to configure Hybrid AAD Join support again due to testing and customer-facing demos. I've configured all the requirements so often in the past I know all the steps from memory, but still did a sanity check of monitoring the Event Viewer and Active Directory while enrolling a machine for a test run. To my surprise the AD object was created but logging was never generated an Event Viewer entry!

Troubleshooting Offline Domain Join (ODJ) during provisioning

When the ODJ blob download times out on an endpoint there's no local log that shows why it timed out, which leaves having to check logs on the on-premises server where the Intune Connector is installed for more detailed information.

Michael Niehaus's troubleshooting post from 2020 is still the best reference for troubleshooting Hybrid AAD Join on the server side. As explained in his post, normal entries in Event viewer would show

[a] series of three events (30120, 30130, 30140) shows a request being downloaded (30120), processed (30130), and uploaded (30140).

These events used to be under the "ODJ Connector Service" but have now moved to Microsoft-Intune-ODJConnectorService/Admin which now logs 30120, and Microsoft-Intune-ODJConnectorService/Operational which now logs 30130, 30140, communication errors and polling status events.

For troubleshooting purposes I do recommend two settings:

  • Change the settings for the Maximum Log Size in Event Viewer to as high as it can go (about 10MB), this will help show trends over time that indicate a service issue on the Microsoft side
  • As mentioned by Niehaus's article, add a filter to temporarily hide the usual pings to the Microsoft service (-30121,-30150), these entries are created every time it pings the service which I've seen from every few seconds to minutes.

No alt text provided for this image


I take shortcuts in my lab environment by installing AAD Connect and the Intune Connector which is why you'll see the AzureADConnect Event viewer, otherwise this is a summary of the changes observed:

No alt text provided for this image

A search on the documentation site didn't seem to have any information this change, both articles still reference the old location.

No alt text provided for this image


Need help with troubleshooting?

Check out my updated article: Troubleshoot Hybrid Azure AD Join Autopilot provisioning 0x80070002 error

Damon Ellenton

Linux Systems Administrator | IT Specialist | Programmer

1 年

Thank you very much for this, it was driving me insane seeing not a single log, especially after double, triple checking the Microsoft "learn" articles. The only thing I've learned is to not use the official Microsoft documentation lol.
回复
1 次回应

要查看或添加评论,请登录

Daniel Davila的更多文章