none
Computer stuck at "Please wait while we set up your device", when Autopilot profile is applied to it RRS feed

  • Question

  • Hello

    I am looking for help to find out why our testing computer stuck at  "Please wait while we set up your device...", when Hybrid Azure AD join Autopilot profile is applying to my testing computer, there are my screenshots:

    1.jpg2.jpg3.jpg

    Just a update on the process I did for setup Hybrid Azure AD join window 10 deployment :

    1: Configured the Intune connector for AD, installed the Intune Connector for Ad to one of our on prime server "A" which been delegated permission t created computer accounts in AD.

    2: Created a new OU in AD and configured the delegate permission to "A".

    3: Created group "C" with the testing computer "B" in it.

    4: Created Hybrid Azure AD joined Autopilot profile and assigned it to group "C" in Intune.

    5: Created Domain Join profile in Intune point it to right AD OU, and Assigned it to group “C” in Intune.

    6: Created few app and assigned to group "C".

    After all the setup, I turned on my testing computer "B", it gets the Autopilot profile, then I signed in with my user name and password, and went through my credential no problem, but after that it just stuck at "Please wait while we set up your device..." for hours, it does not go anywhere or crash. I also turned of ESP  Enrolment status page, that did not help.

    does anyone have some ideas to help

    thanks verymuch


    yan

    Thursday, February 7, 2019 5:35 PM

Answers

  • Hi Nai20024,

     

    We can try to open the Event Viewer or Registry Editor via Command Prompt. Open Command Prompt, type eventvwr/regedit and press Enter. To open Command Prompt at Boot in Windows 10, we can try press Shift + F10 keys together on the keyboard.

     

    I also noticed that in above snapshot, the Enrollment state is showing as "Not enrolled". If the issue is relating to Windows device enrollment problems in Microsoft Intune, you can also check following link for more target details: https://support.microsoft.com/en-us/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune.

     

    If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.

     

    Best regards,

    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Nai20024 Friday, February 22, 2019 10:27 PM
    Wednesday, February 13, 2019 10:02 AM

All replies

  • Hi Nai20024,

     

    We found another post that someone had similar stuck issue and fixed with below suggestion:

    After you import the Autopilot devices, please don't assign user to the device. If you use the "Assign user" feature with Hybrid Azure AD join AutoPilot, you may experience this problem.

    If the problem occurs, you must delete the AutoPilot device, and re-upload the device into AutoPilot.

    You can check following link for more details: https://social.technet.microsoft.com/Forums/sharepoint/en-US/33430c1d-4f41-4e8f-8ace-3125dda40115/intune-hybrid-domain-join-error?forum=microsoftintuneprod

     

    If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.

     

    Best regards,

    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, February 8, 2019 9:42 AM
  • Hi Zoe:

    Thanks for your advice, but I don't have user assigned with my test computer "B", there is the screenshot:


    yan

    Friday, February 8, 2019 7:15 PM
  • Hi Nai20024,

     

    Can’t find the new snapshot you mentioned in the last post, could you please attach again?

     

    I noticed that you mentioned “I also turned of ESP  Enrolment status page”, this page seems should appear after the successful domain join and device be restarted. Have you got this page after the reboot? If not, or even not rebooted, guess maybe the domain join was failed.

     

    We can take diagnostics to the next level with event log entries. To find the events, open Event Viewer and navigate to “Application and Services Logs –> Microsoft –> Windows –> Provisioning-Diagnostics-Provider –> AutoPilot”. If the device isn’t registered, you will only see two events (basically indicating that the device is not registered). If the device is registered and deployed with Autopilot, you’ll see a lot more. So definitely check those out, they are very useful to follow the process, to see any errors that might have occurred (e.g. timeouts), and to confirm that the device is configured the way you expect it to be.

     

    You can check following link for more details: https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/troubleshooting#troubleshooting-autopilot-oobe-issues

     

    By the way, while create and assign a Domain Join profile, what’s the Computer name prefix you provided? I found some guys saying that with complex prefix, the computer name may exceed the 15 char NetBIOS name limit, try a shorter name to see if it changes.

     

    If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.

     

    Best regards,

    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 11, 2019 9:40 AM
  • Hi Zoe:

    First, there is the screen shot of my Device status page which showing no user assigned:

    The second, I find a post from Michael Niehaus in https://blogs.technet.microsoft.com/mniehaus/2018/11/22/trying-out-windows-autopilot-user-driven-hybrid-azure-ad-join/ , it is on the similar case, Michael says turning off use ESP Enrolment status page in Intune will help, but that did not help my case here.

    The third, to take diagnostics to the next level with event log entries, my computer "B" is stuck at "Please wait while we set up your device", not even get in to desktop, so I don't know how to get to the event viewer from Computer "B", but if you are talking about my server which had Intune connector installed at, I am not able to find "Provisioning-Diagnostics-Provider" –> AutoPilot under "“Application and Services Logs  –> Microsoft –> Windows ". Please advice where to find Autopilot event log。

    Thanks very much Zoe.


    yan

    Tuesday, February 12, 2019 7:45 PM
  • Hi Nai20024,

     

    We can try to open the Event Viewer or Registry Editor via Command Prompt. Open Command Prompt, type eventvwr/regedit and press Enter. To open Command Prompt at Boot in Windows 10, we can try press Shift + F10 keys together on the keyboard.

     

    I also noticed that in above snapshot, the Enrollment state is showing as "Not enrolled". If the issue is relating to Windows device enrollment problems in Microsoft Intune, you can also check following link for more target details: https://support.microsoft.com/en-us/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune.

     

    If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.

     

    Best regards,

    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Nai20024 Friday, February 22, 2019 10:27 PM
    Wednesday, February 13, 2019 10:02 AM
  • Hi Zoe:

    First, about "not enrolled", would that be after Autopilot profile load in to my computer "B", then it will be "Enrolled"? but any way, this is what I did to get my computer "B" registered in Intune. After unbox the computer "B", I boot to desktop and run PowerShell to got the CSV file, then I import the CSV file in Intune under \device enrollment - Windows enrollment\windows autopilot devices\ , then once the computer "B" showed up, I add "B" to my "HAAD-Windows 10 autopilot" group which my Autopilot Profile assigned to. Then I check few the enrollment requirement, they all seems right, my user has right to join device to AAD :

      My testing computer "B" is Windows 10 1809:

    And the user I use to test Autopilot is Device enrollment manager which means there is no limited devices enrollment problem.

    After I pull up event viewer as your instruction, thanks for that, I am able to find “Application and Services Logs  –> Microsoft –> Windows –> Provisioning-Diagnostics-Provider –> AutoPilot”.  there are the logs:

    "AutoPilotManager reported the state changed from ProfileState_Unknown to ProfileState_Available.
    AutoPilotGetPolicyStringByName succeeded:  policy name = AutopilotServiceCorrelationId; policy value = 401f68b6-126f-44c7-8fe5-96ab90f69656.
    AutoPilotManager set AutoPilot profile as available.
    AutoPilotManager reported the state changed from ProfileState_Unknown to ProfileState_Available.
    AutoPilotGetPolicyStringByName succeeded:  policy name = AutopilotServiceCorrelationId; policy value = 401f68b6-126f-44c7-8fe5-96ab90f69656.
    AutoPilotManager set AutoPilot profile as available.
    AutoPilotManager reported the state changed from ProfileState_Unknown to ProfileState_Available.
    AutoPilotGetPolicyStringByName succeeded:  policy name = AutopilotServiceCorrelationId; policy value = 401f68b6-126f-44c7-8fe5-96ab90f69656.
    AutoPilotManager set AutoPilot profile as available.
    AutoPilotManager determined download is not required and the device is already provisioned.  Clean or reset the device to change this.
    AutoPilot configuration file path: %windir%\Provisioning\AutoPilot\AutoPilotConfigurationFile.json
    Expanded path:C:\WINDOWS\Provisioning\AutoPilot\AutoPilotConfigurationFile.json
    File path source:Default
    AutoPilot policy [AUTOPILOT_OOBE_SETTINGS_AAD_AUTH_USING_DEVICE_TICKET] not found. "--------------Warning"
    AutoPilot policy [AUTOPILOT_OOBE_SETTINGS_AAD_AUTH_USING_DEVICE_TICKET] not found. "--------------Warning"
    AutoPilot configuration file path: %windir%\Provisioning\AutoPilot\AutoPilotConfigurationFile.json
    Expanded path:C:\WINDOWS\Provisioning\AutoPilot\AutoPilotConfigurationFile.json
    File path source:Default
    AutoPilotManager determined Internet is available to attempt policy download.
    AutoPilotManager retrieve settings succeeded.
    AutoPilotManager reported the state changed from ProfileState_Unknown to ProfileState_Available.
    AutoPilotGetPolicyStringByName succeeded:  policy name = AutopilotServiceCorrelationId; policy value = c1f0b3cb-87ab-40f4-8cd6-79b91c3b4c0d.
    AutoPilotManager set AutoPilot profile as available.
    AutoPilotManager determined download is not required and the device is already provisioned.  Clean or reset the device to change this.
    AutoPilotManager reported the state changed from ProfileState_Unknown to ProfileState_Available.
    AutoPilotGetPolicyStringByName succeeded:  policy name = AutopilotServiceCorrelationId; policy value = c1f0b3cb-87ab-40f4-8cd6-79b91c3b4c0d.
    AutoPilotManager set AutoPilot profile as available.
    AutoPilotGetOobeSettingsOverride succeeded:  OOBE setting = AUTOPILOT_OOBE_SETTINGS_AAD_AUTH_USING_DEVICE_TICKET; state = disabled.
    AutoPilotGetOobeSettingsOverride succeeded:  OOBE setting = AUTOPILOT_OOBE_SETTINGS_AAD_AUTH_USING_DEVICE_TICKET; state = disabled.
    AutoPilotGetOobeSettingsOverride succeeded:  OOBE setting = AUTOPILOT_OOBE_SETTINGS_AAD_AUTH_USING_DEVICE_TICKET; state = disabled.
    AutoPilotManager reported the state changed from ProfileState_Unknown to ProfileState_Available.
    AutoPilotGetPolicyStringByName succeeded:  policy name = AutopilotServiceCorrelationId; policy value = c1f0b3cb-87ab-40f4-8cd6-79b91c3b4c0d.
    AutoPilotManager set AutoPilot profile as available.
    AutoPilotManager determined download is not required and the device is already provisioned.  Clean or reset the device to change this.
    AutoPilotManager reported the state changed from ProfileState_Unknown to ProfileState_Available.
    AutoPilotGetPolicyStringByName succeeded:  policy name = AutopilotServiceCorrelationId; policy value = c1f0b3cb-87ab-40f4-8cd6-79b91c3b4c0d.
    AutoPilotManager set AutoPilot profile as available.
    AutoPilotGetOobeSettingsOverride succeeded:  OOBE setting = AUTOPILOT_OOBE_SETTINGS_AAD_AUTH_USING_DEVICE_TICKET; state = disabled.
    AutoPilotGetOobeSettingsOverride succeeded:  OOBE setting = AUTOPILOT_OOBE_SETTINGS_AAD_AUTH_USING_DEVICE_TICKET; state = disabled.
    AutoPilotGetOobeSettingsOverride succeeded:  OOBE setting = AUTOPILOT_OOBE_SETTINGS_AAD_AUTH_USING_DEVICE_TICKET; state = disabled.
    AutoPilotManager reported the state changed from ProfileState_Unknown to ProfileState_Available.
    AutoPilotGetPolicyStringByName succeeded:  policy name = AutopilotServiceCorrelationId; policy value = c1f0b3cb-87ab-40f4-8cd6-79b91c3b4c0d.
    AutoPilotManager set AutoPilot profile as available.
    AutoPilotManager determined download is not required and the device is already provisioned.  Clean or reset the device to change this.

    AutoPilot policy [CloudAssignedDeviceName] not found.""--------------Warning"

    thanks


    yan

    Wednesday, February 13, 2019 8:39 PM
  • Hi Nai20024,

     

    Haven’t found relating error in the logs you shared, are you posting the integrated logs? If not, please post all of them for reference.

     

    There’s a blog mentioned steps we will see that are supposed to happen:

    1. Manually choose language, region, keyboard

    2. Connect to a network (if not wired)

    3. Azure AD authentication using custom branding (org name, icons, etc.)

    4. The device is joined to Azure AD

    5. Automatic MDM enrollment (as configured in Azure AD)

    6. Automatic logon as the specified Azure AD user

    7. MDM configuration is applied (with progress display if configured)

     

    We have complete steps 1~3, and the device is not enrolled so step 5 is not completed, have I missed any info? If that’s the case, since the ESP page was turned off and haven’t got your confirmation if a reboot was prompted, I’m not sure if the stuck is pending at step 4 or step 5. The blog shared some troubleshooting suggestions for these different steps, you can check following link https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-100200/ for more details to analyze.

     

    Besides, have you tried another user account or device for testing? Sometimes this will help to narrow down the issue scope.

     

    By the way, the stuck page seems pending on “Network” tab? Would there may be facing any network connectivity issues, timeouts downloading the Autopilot profile settings, etc. We can check the registry value for key “IsAutoPilotDisabled” for reference.

     

    If there is anything else we can do for you, please feel free to post in the forum. Thank you for choosing Microsoft.

     

    Best regards,

    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 14, 2019 9:33 AM
  • Hi Zoe:

    After I read this blog:

    https://blogs.technet.microsoft.com/mniehaus/2017/12/13/troubleshooting-windows-autopilot-level-100200/

    I am not even sure we had 3 completed, there are my screen shot of stage 3 where ask my login:

    there is what it should looks like :

    this is what mine looks like(Had right Organization name but the pink area not looks right ) :

    there is different, and also the password page is different too:

    this what should looks like:

    this is what mine looks like(this seems like our MFA page):

    I am going to try different user, I will let you know how it goes.

    thanks again Zoe.


    yan

    Thursday, February 14, 2019 9:43 PM
  • Hi Zoe:

    After I switched user and tried again, there are some different happens:

    the asking password page changed (as the screenshot):

    then I compared the 2 users which I used for Autopilot computer "B" in Intune(as the Screenshot):

    And for your question, yes, stuck page at pending on "Network" tab even after I switched login as User "M". Also the "IsAutopilotDisabled" registry value is 0, so there is no network issue I guess. and I pulled all the reg Key from HKLM\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot. as the following txt:

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot]
    "IsAutoPilotDisabled"=dword:00000000
    "CloudAssignedOobeConfig"=dword:0000001e
    "AutopilotServiceCorrelationId"="c1f0b3cb-87ab-40f4-8cd6-XXXXXXXXXXXX""
    "CloudAssignedTenantDomain"="XXXXXX.onmicrosoft.com"
    "CloudAssignedTenantId"="34e00eac-5fcb-4b7a-babb-XXXXXXXXXXXX"
    "TenantId"="34e00eac-5fcb-4b7a-babb-XXXXXXXXXXXX"
    "CloudAssignedTenantUpn"=""
    "IsDevicePersonalized"=dword:00000000
    "CloudAssignedForcedEnrollment"=dword:00000001
    "isForcedEnrollmentEnabled"=dword:00000001
    "CloudAssignedDeviceName"=""
    "CloudAssignedAadServerData"="{\"ZeroTouchConfig\":{\"CloudAssignedTenantDomain\":\"xxxxxx.onmicrosoft.com\",\"CloudAssignedTenantUpn\":\"\",\"CloudAssignedResourceAccountName\":\"\",\"ForcedEnrollment\":1}}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot\0]
    "Enabled"=dword:00000001
    "ConfigName"="ZTP_CONFIG_AAD_JOIN_ONLY"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot\4]
    "Enabled"=dword:00000001
    "ConfigName"="ZTP_CONFIG_ACCEPT_EULA"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot\6]
    "Enabled"=dword:00000000
    "ConfigName"="ZTP_CONFIG_TPM_ATTESTATION_REQUIRED"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot\7]
    "Enabled"=dword:00000000
    "ConfigName"="ZTP_CONFIG_AAD_AUTH_USING_DEVICE_TICKET"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot\9]
    "Enabled"=dword:00000000
    "ConfigName"="ZTP_CONFIG_SKIP_WINDOWS_PATCH_UX"

    I understand few those keys mean, from https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/troubleshooting#windows-10-version-1709-and-above, I could not see any problem. could you help me check on those, see if you can find where the probolem is?

    Thanks Zoe.


    yan

    Friday, February 15, 2019 6:16 PM
  • Hi Nai20024,

     

    Sorry I haven’t found problem either. By the way, have you attached the full event logs? Above logs seem not integrated.

     

    Best regards,

    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 18, 2019 9:57 AM
  • from the screen shot looks like device is getting stuck while joining to Azure Active Directory and auto-enroll to Intune MDM.

    While you see the device getting stuck....Are you also seeing autopilot device showing as registered in Azure intune console ?

    Are you seeing this issue on corporate network only ?

    There are few troubleshooting steps you can try

    https://www.anoopcnair.com/windows-autopilot-troubleshooting-guide/

    Monday, February 18, 2019 6:18 PM
  • Hi Zoe:

    Thanks for your reply, I was sick almost a week, come back, looks like my testing Computer "B" was taken for retail user by my coworker. LOL. anyway I will pull a new computer test out again and see if I can get the integrated logs.

    and follow by @vimaldas changarath's post under.Vimaldas is right, I do not seeing my testing device "B" showing as registered in Azure intune "All device", it only shows in \Microsoft Intune\device enrollment-Windows enrollment\Windows autopilot devices\ .


    yan

    Thursday, February 21, 2019 7:31 PM
  • Hi Vimaldas:

    You are right I do not seeing my testing computer "B" showing as registered in Azure intune "All device", it only shows in \Microsoft Intune\device enrollment-Windows enrollment\Windows autopilot devices\ . and for your question "Are you seeing this issue on corporate network only ?",  the answer is yes, I only test on corporate network.

    I will take look at your link see if I can find anything.

    Thanks very much


    yan

    Thursday, February 21, 2019 7:33 PM
  • Hi Zoe:

    I pulled a new pc to test again, This Time I went back to check every steps of my set up. then I find where the problem is, and you were right about it in the beginning. the user I use to enroll the computer "B" does not have right to enroll device to MDM. all our user has right to enroll device to AD, but not able to enroll device to MDM. Once I add my testing user to able to be enroll device to MDM, my testing pc worked right way. Testing computer now is Ad and AAD joined, got all my GPO applied, and all our shared folder settings.

    Thanks very much Zoe, I appreciated all you time. 


    yan

    Friday, February 22, 2019 10:35 PM
  • Hi Vimaldas:

    Problem fixed, Zoe were right in the beginning and the problem were my user right, the user I used to login to the testing pc does not have right to enroll device to MDM. once change it, it worked right way.


    yan

    Friday, February 22, 2019 10:37 PM
  • Hi Nai20024,

     

    You are welcome! I am glad to hear that the issue has been resolved.

     

    As always, if there is any question in future, we warmly welcome you to post in this partner forum again. We are happy to assist you!

     

    Best regards,

    Zoe Mo


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, February 25, 2019 1:47 AM