Troubleshoot Autopilot device import and enrollment Troubleshoot issues that can occur during Autopilot device import and enrollment mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune windows w10 deploy medium library deploy itpro aczechowski aaroncz jubaptis dougeby 10/19/2021 M365-modern-desktop troubleshooting Applies to
See the following sections for information about issues that can occur when importing and enrolling devices into Intune. Error code 0x80180014 when re-enrolling using self-deployment or pre-provisioning modeAfter the first Autopilot deployment, devices with a targeted Autopilot self-deployment mode or pre-provisioning mode profile can't automatically re-enroll using Autopilot. If you try to redeploy the device, then the 0x80180014 error code is returned: :::image type="content" source="./images/troubleshoot-device-enrollment/0x80180014-error-code-enrollment-status-page.png" alt-text="Enrollment status page shows 0x80180014 error code on devices using self-deployment mode or pre-provisioning mode."::: :::image type="content" source="./images/troubleshoot-device-enrollment/0x80180014-error-code-pre-provisioning-page.png" alt-text="Pre-provisioning page shows 0x80180014 error code on devices using self-deployment mode or pre-provisioning mode."::: The ETW logs may show the following error: MDM Enroll: Server Returned Fault/Code/Subcode/Value=(DeviceNotSupported) Fault/Reason/Text=(Enrollment blocked for AP device by SDM One Time Limit Check) Cause AMicrosoft Endpoint Manager changed the Windows Autopilot self-deployment mode (Public Preview) and Pre-Provisioning mode (formerly known as white glove, in Public Preview) experience. To reuse a device, you must delete the device record created by Intune. This change impacts all Autopilot deployments that use the self-deployment or pre-provisioning mode. This change impacts devices when they're reused, reset, or when redeploying a profile. Resolution ATo redeploy the device through Autopilot:
Cause BWindows MDM enrollment is disabled in your Intune tenant. Resolution BTo fix this issue in a stand-alone Intune environment, follow these steps:
Device import issuesCannot convert device hash errorDescription
CauseThis error points to the device hash being incorrectly formatted. Anything that corrupts the collected hash can cause this error. One possibility is that the hash itself (even if it's valid) fails to be decoded. ExplanationThe device hash is Base64. At the device level, it's encoded as unpadded Base64, but Autopilot expects padded Base64. Usually, the payload doesn't require padding and the process works. Sometimes, however, the payload doesn't line up cleanly and padding is necessary. In this case, you get the error displayed above. PowerShell's Base64 decoder also expects padded Base64, so we can use this decoder to validate that the hash is properly padded. The "A" characters at the end of the hash are effectively empty data. Each character in Base64 is 6 bits, A in Base64 is 6 bits equal to 0. Deleting or adding As at the end doesn't change the actual payload data. ResolutionTo fix this issue, we'll need to modify the hash, then test the new value, until PowerShell succeeds in decoding the hash. The result is mostly illegible, which is fine. We're just looking for it to not throw the error "Invalid length for a Base-64 char array or string". To test the base64, you can use the following PowerShell: [System.Text.Encoding]::ascii.getstring( [System.Convert]::FromBase64String("DEVICE HASH")) So, as an example (this isn't a device hash, but it's misaligned unpadded Base64 so it's good for testing): [System.Text.Encoding]::ascii.getstring( [System.Convert]::FromBase64String("Q29udG9zbwAAA")) Now for the padding rules. The padding character is "=". The padding character can only be at the end of the hash, and there can only be a maximum of two padding characters. Here's the basic logic.
Looping the logic above on the previous example hash, we get the following permutations:
Replace the collected hash with this new padded hash then try to import again. Intune enrollment issuesSee this knowledge base article for assistance with Intune enrollment issues. Common issues can include"
Error code 80180018 will typically be reported on an error page titled "Something went wrong". This error means that the MDM enrollment failed. If Autopilot Reset fails immediately with the error Ran into trouble. Please sign in with an administrator account to see why and reset manually, see Troubleshoot Autopilot Reset for more help. Related articlesWindows Autopilot - known issues What happens to a device when IT goes through pre provisioned deployment using Windows Autopilot?From the end user's perspective, the Windows Autopilot user-driven experience is unchanged, but getting their device to a fully provisioned state is faster. With Windows Autopilot for pre-provisioned deployment, the provisioning process is split. The time-consuming portions are done by IT, partners, or OEMs.
How do you trigger a white glove?To enable White Glove in your Windows AutoPilot profile, navigate within the Azure Portal to; Intune > Device Enrollment > Windows Enrollment > Deployment Profiles and open your AutoPilot profile. That's all you have to do on the backend.
How do you troubleshoot Intune enrollment?Solution:. Sign out of Windows, then sign in by using the other account that has enrolled or joined the device.. Go to Settings > Accounts > Work Access, then remove the work or school account.. Sign out of Windows, then sign in by using your account.. Enroll the device in Intune or join the device to Azure AD.. What is Windows Whiteglove?Whiteglove is an effort from Microsoft to aid the above. The advantage of this is: Having the majority of your applications and policies targeted to the Device context, the local IT can be used to pre-provision the devices before handing them over to the end-users.
|