Windows-itpro-docs: Troubleshooting guide missing

@MVDB1984. Will you send an email to [email protected]

Mail sent... thanks for the advice

@MVDB1984 I'm not claiming to be an expert, by any means...but it sounds like you may have simply run into a timing issue. We also setup hybrid mode and fortunately, I knew about sync delays so was not surprised.

In hybrid mode with a key trust a lot of syncs need to happen after enrollment for authentication to work. If a user enrolls and then reboots or logs out before the syncs occur, authentication will fail. For us, it is approximately 30 min before everything is available.

Keep in mind the info needs to get from your local DC to the the one that syncs wih ADConnect server. Then ADConnect needs to sync to Azure. Our ADConnect/Azure sync runs every 30 min and that doesn't take into account syncs between DCs.

I don't believe this info is in any of the deployment guides and we only knew about it from our Microsoft reps.

I know about the delay.... This is not what is causing the issue...

We took networktraces, and it is a cert issue... But doc doesn't seem to be correct on the kdc cert and the oid's

@MVDB1984 Gotcha. If it helps, this is doc I used to get the cert part up and running: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki

Thx for the doc, but this is cert trust deployment, not key trust 😉

@MVDB1984 We also set up key trust, this is still the doc needed. I got it linked from another microsoft blog here if you don't believe me: https://blogs.technet.microsoft.com/chadcox/2018/03/19/my-notes-on-setting-up-a-poc-windows-hello-for-business-lab-using-hybrid-key-trust/

I believe you, but explains a lot.... Thanks for the tip. I'll double check on the doc.
Doc really isn't clear as it should be

@MVDB1984 Thank you for providing feedback.

The issue is under investigation and you will be notified with any changes on the way.

I can only do copy edit after PR is opened.

Closing via #6057