Autopilot Motherboard Replacement Procedure

Georg Brunner 5 Reputation points
2023-04-14T12:38:07.1366667+00:00

Hello, we have troubles with the Windows Autopilot motherboard replacement Procedure. We were not able to rejoin devices without an OS reimage/reset. Apps like Office and Company Portal displays the error Message: TPM (error code - C0090016) The affected devices don't get the state Fix pending. OS releases is higher than 19042.2075. Does Bitlocker have to be disabled before the motherboard replacement? Best Regards Georg

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
418 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,489 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Pavel yannara Mirochnitchenko 12,066 Reputation points MVP
    2023-04-15T08:47:41.53+00:00

    When motherboard is replaced, the Device Hash is not valid anymore, so you will need to re-create new device hash to Intune if OS re-install is required after mainboard replacement. You can create new hash in Windows OOBE phase.

    Bitlocker also reacts on mainboard change, so will get recovery at startup. It might pass through, if you would suspend Bitlocker protection before changing motherboard but I guess it is not impossible if you are replacing broken boards.

    1 person found this answer helpful.

  2. Simon Ren-MSFT 30,831 Reputation points Microsoft Vendor
    2023-04-17T07:55:04.9933333+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    Agree with @Pavel yannara Mirochnitchenko . To identify a device with Windows Autopilot, the device's unique hardware hash must be captured and uploaded to the service. The hardware hash contains details about the device.

    When large changes to the hardware, such as a motherboard replacement, the Windows Autopilot deployment service wouldn't match the device, so a new hash would need to be generated and uploaded.
    For more information, we could refer to the official article:

    https://learn.microsoft.com/en-us/mem/autopilot/registration-overview#device-identification

    Thanks for your time. Have a nice day!

    Best regards,
    Simon


    If the response is helpful, please click "Accept Answer" and upvote it. Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Simon Ren-MSFT 30,831 Reputation points Microsoft Vendor
    2023-04-19T09:08:33.0733333+00:00

    Hi,

    Hope everything goes well. Do you need any further assistance about this issue? If yes, please feel free to let us know, we will do our best to help you.

    If the response is helpful, it's appreciated that you could click "Accept Answer" and upvote it, this will help other users to search for useful information more quickly.

    Thanks for your time.

    Best regards,
    Simon

    0 comments No comments

  4. Shai Nobleman 0 Reputation points
    2023-05-16T08:41:20.5366667+00:00

    to upload a computer hash to Intune during OOBE(Win11) or to re-upload from a working profile.

    you can run this batch script, (it's run a few PowerShell commands (written by Microsoft)) and ask for an Intune administrator account credentials.

    then it uploaded your tenant.
    (replace the <YOUR_AUTOPILOT_SECURITY_GROUP> with the name of your autopilot security group.

    or remove the "-AddToGroup" switch to only upload without assigning to any group.

    Echo OFF

    @Echo Installing PS NuGet...

    @PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force

    @Echo Installing Get-WindowsAutopilotInfo PS Script...

    @PowerShell -NoProfile -ExecutionPolicy Unrestricted -Command Install-Script -name Get-WindowsAutopilotInfo -Force

    @Echo Uploading Machin Hardware Hash to Intune AutoPilot...

    PowerShell.exe -ExecutionPolicy Unrestricted "& 'C:\Program Files\WindowsPowerShell\Scripts\Get-WindowsAutoPilotInfo.ps1' -Online -AddToGroup "Autopilot_Computers_Assignments"

    @Echo

    @Echo Done!

    @Echo ==========================================================================================================================

    @Echo

    @Echo This device should be Added to Intune AutoPilot and Assigned to the "<YOUR_AUTOPILOT_SECURITY_GROUP>" Security Group,

    @Echo and assigned an Installation Policy associated with this Security Group

    @Echo

    @Echo Please Note the SERIAL NUMBER of this computer, You will need it to Assign the Computer to the Employee

    @Echo

    WMIC BIOS Get SerialNumber

    Timeout /T 4

    @Echo

    @Echo ==========================================================================================================================

    @Echo

    @Echo PRESS ANY KEY, OR THIS COMPUTER WILL RESTART IN 30 SECONDS.

    @Shutdown /R /T 30

    Pause >nul

    @Shutdown /A

    @Echo Restart Aborted.

    0 comments No comments