Whiteglove OOB - times out at step 2 "device setup" - "Identifying"

StephanG 811 Reputation points
2021-04-28T18:56:54.36+00:00

Hi everyone,

i am trying an Autopilot Whiteglove OOB PoC - Hybrid AD Join.
As step 1 completes and a computer object is created. It stops at step 2.

Checked
The "AP OU" is in scope of our Azure AD Sync
With continue anyway i can login with domain credentials (the PoC has connect to the corporate network)
There is no group policy applied - only the default domain policy
Couldn't find the device ID in any log - neither "interactive" or "non interactive" logs
No enforcement of second factor while joining - but some Conditional Access policies in place

Last entry in eventlog is:
AutopilotGetPolicyStringByName succeeded: policy name = ZtdRegistrationId; policy value = 5972d35e-5fa6-4ed4-a41a-12dafb4c2e96.

AutopilotDiag Powershell gets me this:
AUTOPILOT DIAGNOSTICS

OS version: 10.0.18363
Profile: PoC
TenantDomain:
TenantID: b8fcx17863136
ZTDID: 597xa6-4ed4-xdafb4c2e96
EntDMID: c1173x1-8d67-xbdee94
OobeConfig: 1306
Skip keyboard: Yes 1 - - - - - - - - - -
Enable patch download: No - 0 - - - - - - - - -
Skip Windows upgrade UX: Yes - - 1 - - - - - - - -
AAD TPM Required: No - - - 0 - - - - - - -
AAD device auth: No - - - - 0 - - - - - -
TPM attestation: No - - - - - 0 - - - - -
Skip EULA: Yes - - - - - - 1 - - - -
Skip OEM registration: Yes - - - - - - - 1 - - -
Skip express settings: No - - - - - - - - 0 - -
Disallow admin: Yes - - - - - - - - - 1 -
Scenario: Not available (JSON not found)
Enrollment status page:
Device ESP enabled: False
User ESP enabled: False
ESP timeout:
ESP blocking: Yes
Attempted to divide by zero.
At C:\temp\Get-AutopilotDiagnostics.ps1:793 char:13

  • $peerPct = [math]::Round( ($stats.DownloadLanBytes / $sta ...
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (:) [], RuntimeException
  • FullyQualifiedErrorId : RuntimeException

Attempted to divide by zero.
At C:\temp\Get-AutopilotDiagnostics.ps1:794 char:13

  • $ccPct = [math]::Round( ($stats.DownloadCacheHostBytes / ...
  • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (:) [], RuntimeException
  • FullyQualifiedErrorId : RuntimeException

Delivery Optimization statistics:
Total bytes downloaded:
From peers: % ()
From Connected Cache: % ()
ESP diagnostics info does not (yet) exist.

OBSERVED TIMELINE:

Date Status Detail

2021-04-28 03:14:02Z SCP discovery successful. Device Registration
2021-04-28 03:14:17Z MDM Enroll: Succeeded MDM Enrollment
2021-04-28 03:14:17Z Offline domain join not configured Offline Domain Join
2021-04-28 03:14:18Z Waiting for ODJ blob Offline Domain Join
2021-04-28 03:14:18Z Starting wait for ODJ blob Offline Domain Join
2021-04-28 03:18:10Z Successfully applied ODJ blob Offline Domain Join
2021-04-28 03:18:13Z Processed ODJ blob Offline Domain Join
2021-04-28 03:19:04Z Download started Sidecar
2021-04-28 03:19:12Z Download finished Sidecar
2021-04-28 03:19:13Z Installation started Sidecar
2021-04-28 03:19:18Z Installation finished Sidecar
2021-04-28 04:23:48Z Hybrid AADJ device registration succeeded. Device Registration

Thanks for any help :)

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
412 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,259 questions
0 comments

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Cici Wu-MSFT 1,176 Reputation points
    2021-04-29T02:53:42.24+00:00

    Can I know have the white glove fails with a red status screen? If so, it will appears with information about the device, including the same details presented previously. For example, Autopilot profile, organization name, assigned user, and QR code. The elapsed time for the pre-provisioning steps is also provided. Also, diagnostic logs can be gathered from the device, and then it can be reset to start the process over again.

    Tips: The Windows Autopilot white glove feature has been renamed to Windows Autopilot for pre-provisioned deployment. All references in this documentation to white glove have been replaced with: pre-provisioning.

    Reference: Windows Autopilot for pre-provisioned deployment

    0 comments
  2. StephanG 811 Reputation points
    2021-04-29T05:12:48.103+00:00

    Hi,

    yes we have a red screen afterwards. Duration is exactly 1h (so says the red screen) - thats why i think it is a timeout.
    We have no user assigned. The aim is that it is starting and stops at the normal windows logon screen. Where our current software distribution takes over. We have a plan by phases ;) and currently stucking in phase 1.

    The diagnostic logs cannot be saved - because it says "provisioning information not found"

  3. StephanG 811 Reputation points
    2021-05-01T14:06:09.847+00:00

    Well maybe some more input - i fiddlerd a lil bit - it seems to repeat the same request until the timeout.
    93038-image.png

    ---
    also this warning is showing up
    MDM Session: Failed to get AAD Token for sync session User Token: (Unknown Win32 Error code: 0xcaa10001) Device Token: (Incorrect function.).

    Why User token? In this part of the process there is no user available

    0 comments
  4. StephanG 811 Reputation points
    2021-05-04T16:14:19.39+00:00

    I have the "answer" in the background there is a windows call "Microsoft Account" as soon as i bring that "in front".
    The device setup completes and the device is rolled out.
    93643-2021-05-04-14h12-40.png

    But that means my PoC failed. With 20H1 it even got worse - the reset is not really as it takes place in 1909.
    So i have to wipe and reinstall Win10 from the beginning.

    0 comments