Merge pull request #17773 from MicrosoftDocs/main

[AutoPublish] main to live - 04/17 15:30 PDT | 04/18 04:00 IST

Author: Ruchika-mittal01

autopilot/known-issues.md

@@ -8,7 +8,7 @@ author: frankroj
 ms.author: frankroj
 ms.reviewer: madakeva
 manager: aaroncz
-ms.date: 04/08/2025
+ms.date: 04/17/2025
 ms.collection:
   - M365-modern-desktop
   - highpri
@@ -45,19 +45,23 @@ This article describes known issues that can often be resolved with configuratio
 
 Date added: *April 8, 2025*
 
+Date updated: *April 18, 2025*
+
 The following issues are under active investigation:
 
 - **Error `MSA account <accountName> is not valid` when signing in.**
-  
-  This error occurs when the connector successfully creates the MSA but fails to retrieve the data from the domain controller. Various issues can cause the error, including replication delays between domain controllers in single domain, or when the user account exists in a different domain to the connector machine.
 
+  This error occurs when the connector successfully creates the MSA but fails to retrieve the data from the domain controller. Various issues can cause the error, including replication delays between domain controllers in single domain, or when the user account exists in a different domain to the connector machine.
+  
+  This issue is resolved in build **6.2504.2001.8.**
+  
 - **Error `Failed to create a managed service account - Element not found`.**
 
 - **Error `Cannot start service ODJConnectorSvc on computer '.'. ---> System.ComponentModel.Win32Exception: The service did not start due to a logon failure` after the MSA is created.**
-  
-  This error occurs when the service can't run as the MSA. The service not being able to run as the MSA can be caused by various issues, including group or local policy restricting **Log on as a service** privileges.
 
-- **Error `System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A constraint violation occurred.`**
+  This error occurs when the service can't run as the MSA. The service not being able to run as the MSA can be caused by various issues, including group or local policy restricting **Log on as a service** privileges. For more information on how to mitigate, see [Troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-the-intune-connector-for-active-directory).
+  
+- **Error `System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A constraint violation occurred.`** For more information on how to mitigate, see [Troubleshooting FAQ](/autopilot/troubleshooting-faq#troubleshooting-the-intune-connector-for-active-directory).
 
 ### TPM attestation isn't working for TPMs which use high-range RSA 3072EK
 

autopilot/troubleshooting-faq.yml

@@ -9,7 +9,7 @@ metadata:
   ms.author: frankroj
   ms.reviewer: madakeva
   manager: aaroncz
-  ms.date: 04/04/2025
+  ms.date: 04/17/2025
   ms.collection:
     - M365-modern-desktop
     - highpri
@@ -472,10 +472,23 @@ sections:
           - The administrator installing and configuring the Intune Connector for Active Directory doesn't have the required permissions as outlined in the [Intune Connector for Active Directory Requirements](windows-autopilot-hybrid.md?tabs=intune-connector-requirements#requirements).
           - The organization unit (OU) specified in the Intune Connector for Active Directory `ODJConnectorEnrollmentWiazard.exe.config` XML configuration file doesn't exist.
 
-          For detailed information on the error and what caused it, see the `ODJConnectorUI.log` normally located in the folder `C:\Program Files\Microsoft Intune\ODJConnector\ODJConnectorEnrollmentWizard`.
+          For detailed information on the error and what caused it, see the `ODJConnectorUI.log` normally located in the folder `C:\Program Files\Microsoft Intune\ODJConnector\ODJConnectorEnrollmentWizard`. If you see an error **`System.AggregateException: One or more errors occurred. ---> System.DirectoryServices.DirectoryServicesCOMException: A constraint violation occurred.`** in the log file, follow the steps to [Increase the computer account limit in the Organizational Unit](tutorial/user-driven/hybrid-azure-ad-join-computer-account-limit.md?tabs=updated-connector).
 
           For more information, see [Install the Intune Connector for Active Directory on the server](windows-autopilot-hybrid.md?tabs=updated-connector#install-the-intune-connector-for-active-directory-on-the-server).
 
+      - question: |
+          Why is the error "Cannot start service ODJConnectorSvc on computer '.'" occurring when setting up the Intune Connector for Active Directory?
+        answer: |
+          This error might occur for several reasons including:
+
+          - The domain has more than one domain controller with a replication latency policy. The MSA was created in one of the domain controllers but the search happened against another domain controller. Wait until replication has completed in accordance with your policy or manually sync, then open the connector and choose **Configure MSA**.
+          - A group policy is configured that doesn't allow services to be started as a non-privileged account. Make sure the MSA account has **Log on as a service** privileges granted. For example, see this instance with Operations Manager to [Enable service logon](/system-center/scom/enable-service-logon#enable-service-log-on-permission-for-run-as-accounts).
+
+      - question: |
+          Why is the error "Microsoft Edge can't read and write to its data directory" occurring?
+        answer: |
+          This error indicates that the user needs read/write permissions to the listed directory. For more information on how to grant these permissions, see [Manage user data folders](/microsoft-edge/webview2/concepts/user-data-folder?tabs=win32).
+
       - question: |
           Why did enrollments start failing when using the Intune Connector for Active Directory?
         answer: |

autopilot/whats-new.md

@@ -8,7 +8,7 @@ author: frankroj
 ms.author: frankroj
 manager: aaroncz
 ms.reviewer: madakeva
-ms.date: 02/27/2025
+ms.date: 04/17/2025
 ms.collection:
   - M365-modern-desktop
   - tier2
@@ -32,11 +32,24 @@ appliesto:
 >
 > For more information on using RSS for notifications, see [How to use the docs](/mem/use-docs#notifications) in the Intune documentation.
 
+## Updated build for the low privileged account for Intune Connector for Active Directory
+
+Date added: *April 18, 2025*
+
+We've updated the low-privileged Intune Connector for Active Directory build. New in build **6.2504.2001.8:**
+
+- Updated the sign in page to use WebView2, built on Edge, instead of WebBrowser.
+- **Error `MSA account <accountName> is not valid`** when signing in has been fixed.
+- **Error `Cannot start service ODJConnectorSvc on computer '.'`** can now be mitigated. For more information, see [Troubleshooting FAQ](/autopilot/troubleshooting-faq).
+- **Error `System.DirectoryServices.DirectoryServicesCOMException (0x8007202F): A constraint violation occurred.`** can now be mitigated. For more information, see [Troubleshooting FAQ](/autopilot/troubleshooting-faq).
+
+Download and install the latest version to get these changes.
+
 ## Low privileged account for Intune Connector for Active Directory for Hybrid join Windows Autopilot flows
 <!--9544276-->
 Date added: *February 27, 2025*
 
-We've updated the Intune Connector for Active Directory to use a low privileged account to increase the security of your environment. The old connector will continue to work until deprecation in late May 2025.
+We've updated the Intune Connector for Active Directory to use a low privileged account to increase the security of your environment. The old connector will continue to work until deprecation in late June 2025.
 
 For more information, see [Deploy Microsoft Entra hybrid joined devices by using Intune and Windows Autopilot](windows-autopilot-hybrid.md).