Troubleshooting implementation and managed devices
This article describes how to resolve several issues or answer questions regarding implementation and management of HoloLens 2.
Important
Before you start any troubleshooting procedure, make sure that your device is charged to 20 to 40 percent of battery capacity, if possible. The battery indicator lights located under the power button are a quick way to verify the battery capacity without logging into the device.
- EAP Troubleshooting
- Wi-Fi Troubleshooting
- Network Troubleshooting
- Can't sign in to a previously set up HoloLens device
- Can't sign in after updating to Windows Holographic 21H1
- Autopilot Troubleshooting
- Update troubleshooting
- Kiosk troubleshooting
- Managed HoloLens Devices FAQs
EAP Troubleshooting
- Verify that the Wi-Fi profile has right settings:
- Configure the EAP type correctly. Common EAP types are EAP-TLS (13), EAP-TTLS (21) and PEAP (25).
- Check the Wi-Fi SSID name, and see that it matches the HEX string.
- Make sure that for EAP-TLS, TrustedRootCA contains the SHA-1 hash of server's trusted root CA certificate. On Windows PC the "certutil.exe -dump cert_file_name" command shows a certificate's SHA-1 hash string.
- Collect network packet capture on the Access Point or Controller or AAA server logs to find out where the EAP session fails.
- If the EAP identity provided by HoloLens is unexpected, check whether the identity has been correctly provisioned through Wi-Fi profile or client certificate.
- If the server rejects the HoloLens client certificate, check whether the required client certificate has been provisioned on the device.
- If HoloLens rejects the server certificate, check if the server root CA certificate has been provisioned on HoloLens.
- If the enterprise profile is provisioned through Wi-Fi provisioning package, consider applying the provisioning package on a Windows 10 PC. If it also fails on Windows 10 PC, follow the Windows client 802.1X authentication troubleshooting guide.
- Send us feedback through Feedback Hub.
Wi-Fi Troubleshooting
Here are some things to try if you can't connect your HoloLens to a Wi-Fi network:
- Make sure Wi-Fi is turned on. Verify by using the Start gesture, then select Settings > Network & Internet > Wi-Fi. If Wi-Fi is on, try turning it off and on again.
- Move closer to the router or access point.
- Restart the Wi-Fi router, then restart HoloLens. Try connecting again.
- If none of these things work, verify that your router is using the latest firmware. You can find this information on the manufacturer's website.
When you sign into an enterprise or organizational account on the device, it might also apply Mobile Device Management (MDM) policy, if the policy is configured by your IT administrator.
Network Troubleshooting
If network issues are an obstacle to successfully deploying and using HoloLens 2 in your organization, configure Fiddler Everywhere and/or Wireshark to capture and analyze HTTP/HTTPS traffic.
Configure Fiddler Everywhere to capture HTTP traffic
Fiddler Everywhere is a web debugging proxy and is used to troubleshoot HTTP(S) issues. It captures every HTTP request the computer makes and records everything associated with it. Uncovering end-user authentication issues for your HTTPS apps drives better productivity and efficiency for your target HoloLens 2 use cases.
Prerequisites
- HoloLens 2 devices and your PC must be on the same network
- Note the IP address of your PC
Install and Configure Fiddler Everywhere
- On your PC - install and start Fiddler Everywhere.
- On your PC - configure Fiddler Everywhere to allow remote computers to connect.
- Go to Fiddler Everywhere Settings -> Connections.
- Note the listening port for Fiddler Everywhere (default is 8866).
- Check Allow remote computers to connect.
- Select Save.
- On your HoloLens 2 – configure Fiddler Everywhere as the proxy server 1:
- Open the Start menu and select Settings.
- Select Network & Internet and then Proxy on the left menu.
- Scroll down to Manual proxy setup and toggle Use a proxy server to On.
- Enter the IP address of the PC where Fiddler Everywhere is installed.
- Enter the port number noted above (default is 8866).
- Select Save.
1 For builds 20279.1006+ (Insiders and the upcoming release), use the following steps to configure proxy:
- Open the Start menu and go to your Wi-Fi Network’s Properties page.
- Scroll down to Proxy.
- Change to Manual Setup.
- Enter the IP address of the PC where Fiddler Everywhere is installed.
- Enter the port number noted above (default is 8866).
- Select Apply.
Decrypt HTTPS traffic from HoloLens 2
On your PC – export the Fiddler Everywhere certificate.
- Go to Fiddler Everywhere Settings -> HTTPS and expand Advanced Settings.
- Select Export Fiddler Everywhere certificate. It saves to your desktop.
- Move the certificate over to the Downloads folder on your HoloLens 2.
On your HoloLens 2 - import the Fiddler Everywhere certificate.
- Go to Settings -> Update and Security -> Certificates.
- Select Install Certificate, browse to the Downloads folder and select the Fiddler Everywhere certificate.
- Change Store Location to Local Machine.
- Change Certificate Store to root.
- Select Install.
- Confirm the certificate is showing in the list of certificates. If not, repeat these steps.
Inspect HTTP(S) sessions
On your PC, Fiddler Everywhere shows the HoloLens 2’s live HTTP(S) sessions. The Inspectors panel in Fiddler Everywhere can show HTTP(S) request/response in different views. For example, the “Raw” view shows the raw request or response in plain text.
Configure Wireshark to capture network traffic
Wireshark is a network protocol analyzer that is used to inspect TCP/UDP traffic to and from your HoloLens 2 devices. This makes it easy to identify the traffic that is crossing the network to your HoloLens 2 -- how much there is, its frequency, how much latency there is between certain hops, and so forth.
Prerequisites:
- PC must have internet access and support Internet sharing over Wi-Fi.
Install and Configure Wireshark
- On your PC - install Wireshark.
- On your PC - enable Mobile hotspot to share your Internet connection from Wi-Fi.
- On your PC - start Wireshark and capture traffic from the Mobile hotspot interface.
- On your HoloLens 2 – change its Wi-Fi network to the PC’s Mobile hotspot. HoloLens 2 IP traffic will show up in Wireshark.
Analyze Wireshark logs
Wireshark filters can help filtering out the packets of interests.
Check out the original blog.
Can't sign in to a previously set up HoloLens device
If your device was previously set up for someone else, either for a client or for a former employee, and you don't have their password to unlock the device, you can use Intune to remotely wipe the device. The device then re-flashes itself.
Important
When you wipe the device, make sure to leave Retain enrollment state and user account unchecked.
Can't sign in after updating to Windows Holographic 21H1
Symptoms
- Using PIN to sign in fails after entering the correct PIN.
- Using the web sign-in method will fail after successfully signing in on the web page.
- The device isn't listed as “Microsoft Entra joined” in Azure portal -> Microsoft Entra ID -> Devices.
Cause
The impacted device may have been deleted from the Microsoft Entra tenant. For example, this may happen because:
- An administrator or user deleted the device in the Azure portal or using PowerShell.
- The device was removed from the Microsoft Entra tenant due to inactivity. For an efficiently managed environment, we typically recommend IT admins to remove stale, inactive devices from their Microsoft Entra tenant.
When an impacted device attempts to contact the Microsoft Entra tenant again after it has been deleted, it will fail to authenticate with Microsoft Entra ID. This effect is often invisible to the user of the device, as cached sign in via PIN continues to allow the user to sign in.
Mitigation
There's currently no way to add a deleted HoloLens device back into Microsoft Entra ID. Affected devices need to be clean-reflashed by following the instructions on reflashing their device.
Autopilot Troubleshooting
The following articles may be a useful resource for you to learn more information and troubleshoot Autopilot Issues. However, the articles are based on Windows 10 Desktop, and not all information may apply to HoloLens:
- Windows Autopilot - known issues
- Troubleshoot Windows device enrollment problems in Microsoft Intune
- Windows Autopilot - Policy Conflicts
Update troubleshooting
If you're having issues updating your managed HoloLens devices, read this troubleshooting guidance.
Kiosk troubleshooting
If you're having issues either configuring, using, or applying kiosks refer to the kiosk troubleshooting guidance.
Managed HoloLens Devices FAQs
Can I use System Center Configuration Manager (SCCM) to manage HoloLens devices?
No. You have to use an MDM system to manage HoloLens devices.
Can I use Active Directory Domain Services (AD DS) to manage HoloLens user accounts?
No. You have to use Microsoft Entra ID to manage user accounts for HoloLens devices.
Is HoloLens capable of Automated Data Capture Systems (ADCS) auto-enrollment?
No.
Can HoloLens participate in Integrated Windows Authentication?
No.
Does HoloLens support branding?
No. But you can work around this issue by using one of the following approaches:
- Create a custom app, then enable Kiosk mode. The custom app can have branding, and can launch other apps (such as Remote Assist).
- Change all of the user profile pictures in Microsoft Entra ID to your company logo. However, this may not be desirable for all scenarios.
What logging capabilities does HoloLens 2 offer?
Logging is limited to traces that can be captured in development or troubleshooting scenarios, or telemetry that the devices send to Microsoft servers.
Questions about securing HoloLens devices
See our HoloLens 2 security information. For HoloLens 1st Gen devices, review this FAQ.