Forum Discussion
Pallav1011
Aug 19, 2022Copper Contributor
August Patch is breaking Intune Enrollment
We have received multiple Incidents where users reported that after the patch was installed they rebooted their Windows 11 Enterprise devices and presented with just LocalAdmin account. There was no option to choose Other User or any other account.
We then tried all our common passwords and 1 of the password worked on 1 laptop but on the other, it did not work. So once we have logged in, when we navigate to access wor kor school, there is no enrolment profile. If we click on connect, Joining this device to AAD is not available.
We then enabled the administrator account, deleted all the enrolments registry keys, rebooted and next time when well logged in with the Administrator account we got the option to re-enrol.
After re-enrollment, a new user profile was created under the Users folder and we had to manually copy and paste the data from the old profile to the new one.
I tried searching for any known issues of Aug patch but did not find any and I am unsure whats happening with the devices.
- Pallav1011Copper ContributorToday I got another device with the same issue, however today I have little more information.
When I opened CMD from the Advanced Recovery options, it was showing X:\Users\System32> It was not giving any result to any command I tried dsregcmd /status, dsregcmd.exe /status, winver.
I then changed the directory to C: and then rerun the commands, this time dsregcmd.exe gave me the output and AzureAD Joined, DomainJoined, EnterpriseJoined everything is NO, and hostname is "minint-qclkmek".
Winver is showing the version as "Version DEV".- wget https://aka.ms/intuneps1 -outfile IntuneODCStandAlone.ps1
powerShell -ExecutionPolicy Bypass -File .\IntuneODCStandAlone.ps1
would love to take a look at the logs 🙂- GarthlogicBrass ContributorGood morning. I would like to also add that as of the August update, 2 of my customers no longer could deploy the O365 apps. They timed out and caused ESP to fail. These have been working for over 6 months. I had to recreate the 0365 apps as Win32 so I got around it, but as I mentioned, there were NO changes for months, and then since this update they are failing. 2 other colleagues are reporting profile assignment issues as in they add the new device to the AP devices list, then the AAD dynamic group updates with the new device, however the deployment profile which is (already) assigned to the dynamic group never shows the new device (that's in the AAD group) as an assigned device.
- If you are experiencing this.... gather the logs send them to ms support ..................................................................................... or me 😛
run the wpr -start (before enrollment) which I am explaining here
https://call4cloud.nl/2021/11/theres-someone-inside-your-etl/
and
wget https://aka.ms/intuneps1 -outfile IntuneODCStandAlone.ps1
powerShell -ExecutionPolicy Bypass -File .\IntuneODCStandAlone.ps1 - Hi... 🙂 .. always nice to hear such things.... but care to explain yourself a little bit more... as Intune Enrollment... aka autopilot or aka autopilot pre provisioning or just having a aadj device and enrolling it into intune 🙂
I am interested... that's for sure.. feel free to reach out on my twitter... (as being logged in on al these forums 😛 )- ChristineStackSteel ContributorAs of a deployment of 5 surface pro 8s on Tuesday 8/16/2022 I am also having issues with Intune/autopilot enrollment. I keep looking at health to see if there is a known issue. New machines with Windows 11. Hashes were all uploaded and tags with profiles were assigned. 2 of 5 even got as far as renaming the device. NONE enrolled in intune but all are in AzureAD. I have been highly successful in the past with lots of deployments during covid where I never saw or touched the machine. I am not sure if Windows 11 or Surface Pro 8s are the issue or something else. The machines are in use but not being managed. I was able to ask one user to try enrolling using the company portal and he said no device was listed but when he tried to enroll it said his device was already enrolled. I have no screen shots...just an email from the user. Hopefully I can learn more next week. Are others having issues?
- Pallav1011Copper ContributorThe end users who are using those devices are they admin or standard users?
if they lock the laptop, are they getting Other user option on the lock screen?
If they navigate to HKLM-> Software-> Microsoft-> Enrollments. Are there Hexadecimal GUIDs available?
At last go to Settings->Accounts-> Access work or school-> Export your management logs file. In that log file check the Device management logs. if you find any thing there?
- Pallav1011Copper ContributorYes, they are Autopilot devices but AADJ only
- Okay so no autopilot pre provisioninng (windows key 5 times etc etc) ... happen to know to which part it succeeds?
If you could run the wpr -start which I am explaining here
https://call4cloud.nl/2021/11/theres-someone-inside-your-etl/
You could determine where it breaks.. or send it to me (email address removed for privacy reasons) but if you send it to me .. also attach this zip
wget https://aka.ms/intuneps1 -outfile IntuneODCStandAlone.ps1
powerShell -ExecutionPolicy Bypass -File .\IntuneODCStandAlone.ps1