Autopilot - troubleshooting reboots during device enrollments

Bas Hoog 1 Reputation point
2020-10-14T09:16:17.613+00:00

Hello, posting for the first time here, hoping it will reach the right audience.

When we enroll a (for example 1909) system, during the ‘Setting up your device for work’, when it moves from Device Setup to Account setup the system is rebooted.
It ends up at a login screen where the user has to fill in their username and password, and after that has to confirm identity with MFA.

Trying to figure out how to troubleshoot what is casing this reboot.

In the System log I can see.
The process C:\Windows\System32\CloudExperienceHostBroker.exe (DESKTOP-2AB16JF) has initiated the restart of computer DESKTOP-2AB16JF on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Reconfiguration (Unplanned)
Reason Code: 0x20004
Shutdown Type: restart
Comment:

Digging a bit further in the Shell-Core - Operational log at the same time
CloudExperienceHost Web App Activity started. CXID: 'Reboot'.

A second earlier in the Shell-Core - Operational log
CloudExperienceHost Web App Event 1. Name: 'Autopilot device rename completed'.

Checked all possible other event logs but nothing is jumping out.
Also nothing in the IntuneManagementExtension.log

These event details don't get me many results on the WWW, besides CloudExperienceHostBroker.exe reboots is causing the same for others, no resolution though.

Any help would be appriciated.
Bas Hoog

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
407 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,247 questions
0 comments

7 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Nick Hogarth 3,436 Reputation points
    2020-10-14T20:58:38.067+00:00

    A good post on troubleshooting Autopilot is here https://oofhours.com/2019/10/08/troubleshooting-windows-autopilot-a-reference/

    If you can't find what you are looking for, you may have to remove policies/apps and trial it out by adding them back slowly to find out what is causing the reboot.

    0 comments
  2. Crystal-MSFT 42,961 Reputation points Microsoft Vendor
    2020-10-15T01:38:14.74+00:00

    @Bas Hoog , Research and find a similar issue with you. The cause is the preview security baseline. Please check if we have the same setting and remove it to see if it is working:
    https://www.reddit.com/r/Intune/comments/cgvnlj/reboot_after_device_setup/
    Note: Non-Microsoft link, just for the reference.

    However, if the issue still persists, we can follow Nick's suggestion to find out what is the affected policy /app.

    Hope it can help.

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  3. Bas Hoog 1 Reputation point
    2020-10-16T10:56:40.877+00:00

    Searched a bit further for the word 'reboot' in all the Autopilot related event viewer logs

    The Shell-Core - Operational log is jumping out still

    No clue what might be causing the reboots still, if the user logs on and doesn't respond to the MFA prompt who knows what would happen in the background. There are many applications in line to be installed in 'User' mode after this step.

    ProviderName: Microsoft-Windows-Shell-Core
    TimeCreated Message

    13/10/2020 14:36:51 CloudExperienceHost Web App Activity started. CXID: 'RebootZtd'.
    13/10/2020 14:36:51 CloudExperienceHost Web App Event 1. Name: 'UnifiedEnrollment_ProvisioningProgressPage_CoalescedRebootRequired'.
    13/10/2020 14:30:25 CloudExperienceHost Web App Activity started. CXID: 'OobeWirelessAfterRebootZtd'.
    13/10/2020 14:30:25 CloudExperienceHost Web App Activity started. CXID: 'RebootZtd'.
    13/10/2020 14:29:32 CloudExperienceHost Web App Activity started. CXID: 'OobeProvisioningRebootAfterConnectivity'.
    13/10/2020 14:29:32 CloudExperienceHost Web App Activity started. CXID: 'OobeWirelessAfterZDPReboot'.
    13/10/2020 14:29:32 CloudExperienceHost Web App Activity stopped. Result: 'OobeWirelessAfterZDPReboot'.
    13/10/2020 14:29:32 CloudExperienceHost Web App Event 2. Name: 'Done', Value: 'OobeWirelessAfterZDPReboot'.
    13/10/2020 14:29:31 CloudExperienceHost App Event 2. Name: 'AppResuming', Value: 'OobeWirelessAfterZDPReboot'.
    13/10/2020 14:28:54 CloudExperienceHost Web App Activity started. CXID: 'Reboot'.
    13/10/2020 14:28:50 CloudExperienceHost Web App Event 2. Name: 'NavigationSucceed', Value: '{"webErrorStatus":18,"uri":"ms-appx-web://microsoft.windows.cloudexperiencehost/webapps/inclusiveOobe/view/Oobeautopilotreboot-main.html"}'.

  4. Bas Hoog 1 Reputation point
    2020-10-22T13:08:17.513+00:00

    @Crystal-MSFT . Sorry I was offline for a few days. Thank you very for this article. I will try to digest it, looks very interesting.

  5. Bas Hoog 1 Reputation point
    2020-10-29T09:32:03.613+00:00

    Thank you Chrystal-MSFT. What we did is create a group and excluded all Win32 Apps from that, same result.

    Ran this and nothing is jumping ot to me with these results. Thinking about opening a case with Microsoft for this now.

    PS C:\WINDOWS\system32> Get-AutopilotDiagnostics

    AUTOPILOT DIAGNOSTICS

    OS version: 10.0.19041
    Profile:
    TenantDomain: xxxxxxxxx.onmicrosoft.com
    TenantID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    ZTDID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    EntDMID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
    OobeConfig: 1308
    Skip keyboard: Yes 1 - - - - - - - - - -
    Enable patch download: No - 0 - - - - - - - - -
    Skip Windows upgrade UX: Yes - - 1 - - - - - - - -
    AAD TPM Required: No - - - 0 - - - - - - -
    AAD device auth: No - - - - 0 - - - - - -
    TPM attestation: No - - - - - 0 - - - - -
    Skip EULA: Yes - - - - - - 1 - - - -
    Skip OEM registration: Yes - - - - - - - 1 - - -
    Skip express settings: Yes - - - - - - - - 1 - -
    Disallow admin: No - - - - - - - - - 0 -
    Scenario: Azure AD Join
    Enrollment status page:
    Device ESP enabled: True
    User ESP enabled: True
    ESP timeout: 60
    ESP blocking: No
    Delivery Optimization statistics:
    Total bytes downloaded: 0
    From peers: 0% (0)
    From Connected Cache: 0% (0)

    DEVICE ESP:

    2020-10-29 09:26:12Z
    Policy ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/EntDMID : 1 (Processed)
    2020-10-29 09:26:17Z
    MSI Intune Management Extensions ({xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}) : 70 (Success / Enforcement Completed)

    USER ESP for S-1-12-1-xxxxxxx-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:

    2020-10-29 09:30:22Z
    Policy ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/EntDMID : 1 (Processed)
    2020-10-29 09:30:22Z
    Cert ModelName_AC_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_LogicalName_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_Hash_-0000000 : 1 (Processed)

    OBSERVED TIMELINE:

    Date Status Detail

    2020-10-29 01:21:51Z Profile downloaded Autopilot profile
    2020-10-29 09:23:46Z SCP discovery successful. Device Registration
    2020-10-29 09:24:09Z MDM Enroll: Succeeded MDM Enrollment
    2020-10-29 09:24:27Z Download started Sidecar
    2020-10-29 09:24:35Z Download finished Sidecar
    2020-10-29 09:24:36Z Installation started Sidecar
    2020-10-29 09:24:41Z Installation finished Sidecar
    2020-10-29 09:26:12Z Processed Policy ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/EntDMID
    2020-10-29 09:26:17Z Success / Enforcement Completed MSI Intune Management Extensions (xxxxxxxx-xxxx-xxxx-xxxx-xxxxx...
    2020-10-29 09:30:22Z Processed Cert ModelName_AC_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_LogicalN...