deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added Important Note #5295

Browse Source
This commit is contained in:
Jose Ortega 2019-11-22 02:17:23 -06:00
parent 0207b20bb0
commit 2dfeb3013a
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
View File

@ -499,6 +499,11 @@ Before you continue with the deployment, validate your deployment progress by re
You need to verify the AD FS service has properly enrolled for an enrollment agent certificate template. You can verify this is a variety ways, depending on if your service account is a normal user account or if the service account is a group managed service account. You need to verify the AD FS service has properly enrolled for an enrollment agent certificate template. You can verify this is a variety ways, depending on if your service account is a normal user account or if the service account is a group managed service account.
> [!IMPORTANT]
> if after following the previous steps you are unable to validate that the devices are, in fact, being registrered automatically, there is a group Policy at:
> Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Device Registration -> "Register Domain Joined Computers As Devices", set it to enabled.
> and the registration will happens automatically.
### Event Logs ### Event Logs
Use the event logs on the AD FS service to confirm the service account enrolled for an enrollment agent certificate. First, look for the AD FS event ID 443 that confirms certificate enrollment cycle has finished. Once confirmed the AD FS certificate enrollment cycle completed review the CertificateLifecycle-User event log. In this event log, look for event ID 1006, which indicates a new certificate was installed. Details of the event log should show Use the event logs on the AD FS service to confirm the service account enrolled for an enrollment agent certificate. First, look for the AD FS event ID 443 that confirms certificate enrollment cycle has finished. Once confirmed the AD FS certificate enrollment cycle completed review the CertificateLifecycle-User event log. In this event log, look for event ID 1006, which indicates a new certificate was installed. Details of the event log should show