How to analyze Captured Auto Pilot cab file

Boopathi Subramaniam 3,196 Reputation points
2024-01-10T16:34:10.7833333+00:00

Hello,

I read the https://oofhours.com/2020/02/17/what-happened-during-windows-autopilot-esp-decode-it/

Install-Script Get-AutopilotESPStatus

Install-Script -Name Get-AutopilotDiagnostics

"Autopilot.cab" is captured using the command “MDMDiagnosticsTool.exe -area Autopilot -cab C:\Autopilot.cab”

How can I use the "Autopilot.cab" with below command to get the analysis.

Get-AutopilotESPStatus

Get-AutopilotDiagnostics

Please help

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
407 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,248 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,336 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Crystal-MSFT 42,961 Reputation points Microsoft Vendor
    2024-01-11T02:06:44.8+00:00

    @Boopathi Subramaniam, Thanks for posting in Q&A. Based as I know, there are many log files in Autopilot.cab. To analyze the log, we can firstly set "Show app and profile configuration progress" to yes in ESP to show the status during ESP.

    Then you can do Autopilot enrollment and find which phase the issue occurs. For example, if the issue occurs in "Register your device for mobile management" in Device preparation, then you can look into the "microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx" log.

    https://learn.microsoft.com/en-us/mem/intune/enrollment/windows-enrollment-status#esp-tracking

    Here are some logs we generally check for your reference:

    AutopilotDDSZTDFile.json: This file contains the Autopilot profile settings being used for the device.

    IntuneManagementExtension.log : This log will capture excruciating detail about the installation of Win32 apps being deployed via Intune. (Use one of the ConfigMgr log viewing tools, e.g. CMTrace.exe, to view this.)

    microsoft-windows-aad-operational.evtx : This event log shows Azure AD join and Hybrid Azure AD Join-related info.

    microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx : This event log covers MDM enrollment (including failure reasons) and other pertinent MDM activities.

    microsoft-windows-moderndeployment-diagnostics-provider-autopilot.evtx : This is the key event log used by Autopilot, and one that you’ll almost always want to look at.

    TpmHliInfo_Output.txt : This log (which is created even when not specifying the TPM area) contains basic details about the TPM in the device: the manufacturer, the firmware level of that TPM, whether it has a required EK cert, etc.

    Hope the above information can help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.