Share via

Enrollment Status Page on single device after Config Mgr OS Deployment

PrimeFX 1 Reputation point
2022-03-22T09:35:41.58+00:00

Hi,

We install our devices via SCCM Task Sequence, this works fine and usually after the last step / reboot the windows login screen is displayed and we can log in to the domain.

We now have a single device (previously used by another employee) that has been reinstalled, but after the task sequence, the "Setting up your device for work" screen appears each time.
This actually looks like online registration, as if the device was registered as an autopilot.
However, we do not have Intune / Autopilot in use! There is no autopilot profile - It also only happens with this device.

Here, at the step "Preparing your device for mobile management" always comes an error -> 0x80180018
After reinstalling the Task Sequence nothing changes, same screen after last reboot and after a while this error appears.

What else could be the reason why online registration happens only on this device?
We checked in Intune, no Windows 10 Devices are shown under "Windows / All Devices".
We would have to install the device so that a new employee can work with it - at the same time on 3 other devices everything works and after reinstallation using Config Mgr we can log into Windows normally. No online registration on these devices.

In Azure AD / On-Prem AD there is one computer object each, this was also deleted on-prem for testing (also no longer present in Azure due to sync), but we still get to the Device / Account Setup screen.

Thanks!

Windows Autopilot
Windows Autopilot
A collection of Microsoft technologies used to set up and pre-configure new devices and to reset, repurpose, and recover devices.
441 questions
Windows 10 Setup
Windows 10 Setup
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Setup: The procedures involved in preparing a software program or application to operate within a computer or mobile device.
1,922 questions
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
942 questions
Microsoft Intune Enrollment
Microsoft Intune Enrollment
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Enrollment: The process of requesting, receiving, and installing a certificate.
1,320 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,511 Reputation points
    2022-03-29T10:38:16.537+00:00

    Hi @PrimeFX

    Do you have a deployment profile assigned to the device/user you are using the enroll the device with?
    Also within Intune, there is an option to select which devices will use the "Automatic enrollment" feature. Is the device/user member of the selected group?

    As you are sure that you have not used the autopilot profile and also as it hangs at the specific stage you must analyze the complete timeline of what the device is doing at what stage.

    Here is a thread as well that discusses the same issue and you can try out some troubleshooting steps from this and see if that helps you to sort the Issue.

    Preparing your device for mobile management fails
    https://learn.microsoft.com/en-us/answers/questions/487711/preparing-your-device-for-mobile-management-fails.html

    Hope this resolves your Query!!

    --
    --If the reply is helpful, please Upvote and Accept it as an answer–

    2 people found this answer helpful.
    0 comments
  2. PrimeFX 1 Reputation point
    2022-03-22T14:58:49.81+00:00

    After deleting the AD Object and reinstalling with task sequence still the same screen appears after last reboot, here is a screenshot:

    185704-esp.png

    Error at "Preparing device for mobile management" -> error code 0x80180018

    The message below means "the specified time limit has been exceeded. Try again or ask your IT support representative for help."

    What could be the reason that this screen /Enrollment Status Page appears only on this device, even though Intune is not in use?

    0 comments
  3. Simon Ren-MSFT 32,221 Reputation points Microsoft Vendor
    2022-03-23T07:36:34.42+00:00

    Hi,

    Thanks for posting in Microsoft MECM Q&A forum.

    The error 0x80180018 means "The license of the user is in bad state blocking enrollment". Are you using an AAD account that lack of a mobility license to login or enabling co-management?

    1,On your SCCM site server, please open the Configuration Manager console > Administration > Overview > Client Settings > Default Client Settings > Cloud Services:
    on the Default Settings page, check if the option "Automatically register new Windows 10 domain joined devices with Azure Active Directory" option is set to Yes.

    2,Please help check if there is any Group Policy set to "Enable automatic MDM enrollment using default Azure AD credentials"

    3,On your Intune/AAD portal, open Devices > Enroll devices > Windows enrollment > Windows Autopilot Deployment Program > Devices, check if the problematic device exists here.

    4,If possible, please try the workaroud: manually install the operating system with USB/DVD media on the single problematic device.

    Hope it helps. Thanks for your time.

    Best regards,
    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments
  4. PrimeFX 1 Reputation point
    2022-03-23T09:41:42.477+00:00

    Hi Simon,

    We do not specify an Azure AD Account in task sequence, its really not more than PXE Boot, starting the task sequence (image installation, domain join, applications, customization.. no steps related to cloud), entering hostname (TS deployment to unknown computers) and after last step / reboot the Enrollment status page appears automatically, without entering a user.
    Strangely it only happens on this device, same procedure on other devices, but here after last step in TS we get to windows login screen.

    1.) the setting "automatically register new Windows 10 or later domain joined devices with Azure AD" is set to YES in client settings.
    Generally this is applied to all devices and all devices are also registered in Azure AD, but the ESP only appears on this device - the Azure AD Object of the device has been removed, but is it possible that this still exists somewhere or is linked to an Azure activated user?

    2.) I checked via gpresult wizard on affected client, the only user available here is "defaultuser0" - in group policies assigned to the client i can not find a setting like "Enable automatic MDM enrollment using default Azure AD credentials", and there is no enabled setting under "Administrative Templates > Windows Components > MDM"

    3.) In intune there are no results in "Devices - Enroll devices -> Windows enrolment -> Windows Autopilot Deployment Program -> Devices"

    4.) The client must be installed with Task Sequence to be corporate compliant. The same image is installed as on other devices, but only on this device the ESP appears.

    Thanks for your help!

    0 comments
  5. Simon Ren-MSFT 32,221 Reputation points Microsoft Vendor
    2022-03-25T07:58:44.293+00:00

    Hi,

    Thanks for your reply and information.

    Does the employee's user account in AAD is also removed? I'm afraid there are some residues in AAD that cause this issue.

    It's recommended that you post a new thread in AAD Forum to get better support:
    https://learn.microsoft.com/en-us/answers/topics/azure-active-directory.html

    Best regards,
    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments