Forum Discussion
Autopilot Pre-Provisioning Issue
We have an issue when attempting to pre-provision devices on our corporate network to ensure we aren't blocking any of the endpoints we have created a separate VLAN that is fully open on port 80 and 443 however provisioning still fails on the ESP.
We receive different error messages each time but the most common is:
Setup could not be completed (Installation Time Limit exceeded). Please try again or contact your support person for help.
We do not want to disable the ESP as this is ensuring we have our security required apps installed mainly Zscaler.
Has anyone else experienced this or managed to work around it.
- rahuljindal-MVPBronze ContributorWhich OS version and build are you working with?
- JordanNewtonCopper Contributor
rahuljindal-MVP We are using Windows 11 Enterprise 10.0.22631 build 22631 but the same issue is present on Windows 10 22h2
- rahuljindal-MVPBronze ContributorCan you share the patch level as well? In addition to what @rudy suggested, have you tried other provisioning methods like user provisioning on the corporate LAN? Pre-provisioning utilises various other checks and features that require traffic to be allowed through FW\Proxy.
- Maybe taking the laptop back home and try to enroll it from over there (or a different network ...) to find out if that works... if it works from there, you got some firewall /ssl inspection issues going on
Also is it an hybrid autopilot prepro or the regular autopilot aadj/entra enrollment?- JordanNewtonCopper ContributorThis is the issue, We are having to Pre-Provision the laptops outside of the network generally at home but when we have spoken to the network team they have confirmed that all traffic on port 80 and 443 is unrestricted and 123 udp for the time.windows.com endpoint is accessible. We are using Entra enrollment for the devices we have the same issue on all
The "network team" --> as in, Everything is fine! 🙂 but still it is getting blocked --> as in Not fine 🙂
The only difference when the prepro succeeds at home is the network /firewall/ routers. There are more endpoints then time.windows.com .. 🙂 ... a lot more...Network endpoints for Microsoft Intune | Microsoft Learn
and only allowing 80/443 is not enough... not put packet inspection in place...