Hybrid Azure AD device Join issue

Having enabled Hybrid Azure AD device join through the AD Connect Wizard (Seamless SSO and hash sync, no ADFS) and having deployed GPs I am seeing the following in the AAD event log

AAD Cloud AP plugin call Plugin initialize returned error: 0xC00484B2

Device is not cloud domain joined: 0xC00484B2

PS C:\Users\office365test1> dsregcmd /status

+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+

          AzureAdJoined : NO
       EnterpriseJoined : NO
               DeviceId : 602d02e8-e435-4c6c-bdee-affea1723aab
             Thumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
         KeyContainerId : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
            KeyProvider : Microsoft Platform Crypto Provider
           TpmProtected : YES
           KeySignTest: : MUST Run elevated to test.
                    Idp : login.windows.net
               TenantId : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
             TenantName : My Tenant Name
            AuthCodeUrl : https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxx/oauth2/authorize
         AccessTokenUrl : https://login.microsoftonline.com/xxxxxxxxxxxxxxxxxxxxxx/oauth2/token
                 MdmUrl : https://wip.mam.manage.microsoft.com/Enroll
              MdmTouUrl :
       MdmComplianceUrl :
            SettingsUrl : biglongstring
         JoinSrvVersion : 1.0
             JoinSrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/device/
              JoinSrvId : urn:ms-drs:enterpriseregistration.windows.net
          KeySrvVersion : 1.0
              KeySrvUrl : https://enterpriseregistration.windows.net/EnrollmentServer/key/
               KeySrvId : urn:ms-drs:enterpriseregistration.windows.net
     WebAuthNSrvVersion : 1.0
         WebAuthNSrvUrl : https://enterpriseregistration.windows.net/webauthn/xxxxxxxxxxxxxxxxxxxxxxxx/
          WebAuthNSrvId : urn:ms-drs:enterpriseregistration.windows.net
 DeviceManagementSrvUrl : https://enterpriseregistration.windows.net/manage/xxxxxxxxxxxxxxxxxxxxxxxxx/
  DeviceManagementSrvId : urn:ms-drs:enterpriseregistration.windows.net
           DomainJoined : YES
             DomainName : mydomain

+----------------------------------------------------------------------+
| User State                                                           |
+----------------------------------------------------------------------+

                 NgcSet : NO
        WorkplaceJoined : YES
      WorkplaceDeviceId : 602d02e8-xxxxxxxxxxxxxxxxxxxxxxxxxx
    WorkplaceThumbprint : xxxxxxxxxxxxxxxxxxxxxxxxxx
           WorkplaceIdp : login.windows.net
      WorkplaceTenantId : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    WorkplaceTenantName : my tenant name
        WorkplaceMdmUrl : https://wip.mam.manage.microsoft.com/Enroll
   WorkplaceSettingsUrl : biglongstring=
          WamDefaultSet : NO
             AzureAdPrt : NO
    AzureAdPrtAuthority : NO
          EnterprisePrt : NO
 EnterprisePrtAuthority : NO

+----------------------------------------------------------------------+
| Ngc Prerequisite Check                                               |
+----------------------------------------------------------------------+

          IsUserAzureAD : NO
          PolicyEnabled : NO
         DeviceEligible : YES
     SessionIsNotRemote : YES
         CertEnrollment : none
      AadRecoveryNeeded : NO
           PreReqResult : WillNotProvision

---

Jimmy White, MCSE Consultant Gigasoft Ltd.