Something went wrong (Error 80070774) Version 2

Question

****Important Note** We have read every thread we could find related to this error on the forums and probably on the internet. I'm also fairly new to Autopilot in general, so I have a few thoughts with regards to next steps to see if we can Autopilot working more efficiently, so any advice would be greatly appreciated.

Until a short time ago our Autopilot process was working very smooth (new and re-provisioned devices). Recently we started to receive the infamous "Something went wrong...error code: 80070774" and we have not yet nailed down a fix. No changes to the environment have been identified, so the question becomes what triggered these errors and why would they have started. The error is completely random meaning we might be able to provision 3 new devices, but the next 8 fail. I've been reviewing article after article and have gotten what appears to be some good information albeit confusing in some parts. Need to get a little help if that is possible. The breakdown and my thoughts are below.

NOTE: All of the following details are performed on network (no VPN connectivity used)

Autopilot Profile Config
User-Driven
Hybrid Azure AD joined
Skip AD connectivity check (preview) No
Language (Region) English (United States)
Automatically configure keyboard Yes
Microsoft Software License Terms Hide
Privacy settings Hide
Hide change account options Hide
User account type Standard
Allow pre-provisioned deployment Yes
Apply device name template No
Assignments target computers (no users)

Configuration Profile
Profile type = Domain Joined
Computer Prefix = ABC-
OU=AzureHybridJoined,DC=domain,DC=com
Groups target computers (no users)

Next Steps

1. Boot error system (Shift F10) for cmd prompt
2. Test ping DNS to all domain controllers
3. Test ping DNS to all Intune Connectors
4. Verify Intune Connector are in healthy/active state
5. Review eventvwr on Intune Connectors (Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider). Look for Event IDs 30130 and 30140.
6. Verify whether or not the device shows up in the OU
7. Verify the SCP under Sites and Services
8. Verify delegation is set properly for Intune Connector servers
9. Verify if the device AD object receives the certificate attribute
10. Verify whether AD Connect ads the device to AAD as Hybrid AAD

Questions:

1. Do we have the correct eventvwr path and Event IDs from #5 to verify whether or not the device requests and downloaded the ODJ blob file (or however this is phrased)?
2. Where on the device eventvwr can we verify it received and executed it successfully?
3. Does the device need access to the internet specifically for these 3 sites? https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com, https://login.live.com
4. Read that the Intune Connectors need access to the internet. Seems odd if the role it plays is to join the device to the on-premise domain? Is this accurate

As I have read through a few good articles does the overarching issue revolve around a devices on-premises not yet synced with the AAD Connector (30 minute max) along with the computer certificate attribute being required so the device can properly register as a Hybrid AAD joined device thus receiving the token necessary to authenticate the provisioning user to Azure AD and thus working properly?

Thank you for any assistance or guidance you can provide.

Blind

Answer 1

If you select "show more" during ESP, do you recognize it fails during Apps phase? If so, you should first see event viewer application node and look for any msiinstaller events. Also, there is C:\programdata\microsoft\Intune bla bla.. logs\Intunextention.log which shows you a lot of data (too much). I don't have experience of HybridAD join, but in cloudonly scenario almost only root cause is Apps failing.

Answer 2

Morning yannara,

During the ESP portion of the provisioning the application installs seems to all be installing without issue/errors. Your definite right about the Intuneextension.log file also as I use that all the time with cmtrace to troubleshoot application installs. In our case the issue seems specific to connectivity.

Do you know where the ODJ blob file is downloaded on the client machine and which eventvwr log might be logging this activity?

Thanks for chiming in.

Blind

Answer 3

I am getting the same problem.

I see the machine in MEM \ Devices\Windows\Windows Enrollment

But, the machine is not showing up in Active Directory OU. The AD OU has been delegated the permissions of both the Intune Servers to create computer object and the Intune Connector server is running with a service account.

I am not sure why I cannot see the computer in AD OU where the machine is supposed to be joined. The Domain Join configuration profile has also been set properly with the Computer Prefix, OU and path etc... but I cannot see that it is getting the blob from the AD and joining it.

Any thoughts guys this is nerve wracking for me for one week.

Name
Hybrid AD Join AutoPilot Deployment Profile

Description
Autopilot Test Group for Remote devices Deployment Profile

Convert all targeted devices to Autopilot - No

Device type - Windows PC

Out-of-box experience (OOBE) Edit

Deployment mode - User-Driven
Join to Azure AD as - Hybrid Azure AD joined
Skip AD connectivity check (preview) - No
Language (Region)
Operating system default
Automatically configure keyboard - Yes
Microsoft Software License Terms - Hide
Privacy settings - Hide
Hide change account options - Hide
User account type - Standard
Allow pre-provisioned deployment - No
Apply device name template - No

Assignments Edit

Included groups - Intune Autopilot Poc Group (Consists of devices)
Excluded groups -
--