"Confirm you are using the current sign-in info" error when you perform a Workplace Join

Applies to: Windows 8.1 EnterpriseWindows Server 2012 R2 DatacenterWindows Server 2012 R2 Standard

Symptoms


When a user tries to perform a Workplace Join operation, he or she receives the following error message:

Confirm you are using the current sign-in info, and that your workplace uses this feature. Also, the connection to your workplace might not be working right now. Please wait and try again.

Additionally, an administrator may see the following event details in Event Viewer:

Event ID:103
Log Name:Microsoft-Windows-Workplace Join/Admin
Source:Microsoft-Windows-Workplace Join
Level:Error
Description:Workplace Join discovery failed. Server returned http status 404.

https://EnterpriseRegistration.domain.com:443/EnrollmentServer/contract?api-version=1.0

Cause


This problem occurs for one of the following reasons:
  • The client is being redirected to the internal Device Registration Service (DRS) instance where the DRS endpoint is disabled or stopped.
  • The DNS records for the EnterpriseRegistration service are missing or misconfigured.
  • The domain suffix of the currently logged-on user is not accounted for in the SSL certificate of DRS.
  • The network or firewall is blocking traffic, or transient network issues are causing packet loss.

Resolution


Verify DNS

Verify the DNS configuration by using the NSlookup tool, and verify that the answers are correct.

To do this, open a Command Prompt window, and then run the following command:
 
Nslookup enterpriseregistration.domain.com
  • If you use Azure Active Directory Join
    • This should return the CNAME result of EnterpriseRegistration.windows.net as the target.
  • If you use Windows Server Workplace Join
    • The internal host should return the internal AD FS node.
    • The external host should return the external AD FS proxy address.
 

Verify that Device Registration is enabled

If you try to perform Workplace Join to Azure Active Directory, follow these steps:
  1. Sign-in to Azure Management Portal, or launch the Azure AD console from the M365 admin center as a Company Administrator.
  2. Locate the directory where the user is trying the join operation.
  3. Go to Configure.
  4. Scroll down to the Device Registration section.
  5. Make sure that the setting that's labeled ENABLE WORKPLACE JOIN is toggled to Yes (Yes will be blue).

If you try to perform a Workplace Join to your local Active Directory domain, follow these steps:
  1. Start the AD FS Management console, and then select Relying Party Trusts to determine whether the Device Registration Service trust is Enabled on each node of the AD FS farm.
  2. If Device Registration Service is Enabled, check the Services Console to make sure that the Device Registration Service is started.
 

Check the SSLCertificate bindings

If you try to perform Workplace Join to your local Active Directory domain, follow these steps:
  1. Open a Command Prompt window as an administrator, type the following commands, and press Enter after each command to display the bindings on the ADFS Proxy or ADFS Server:
     
    Netsh

    Http Show SSLCert
  2. Determine whether the IP Port Binding (not Name binding) is present.
  3. If the IP Port binding is not present, review to determine whether the EnterpriseRegistration Name binding is present.

References


For more troubleshooting information, see the following article in the Microsoft Knowledge Base:

3045377  Diagnostic logging for troubleshooting Workplace Join issues