Cannot Reseal Windows 11 device while pre-provisioning

Another Update. Microsoft got back to me and are achiving my support ticket. This issue is under "High Level" investigation by MS Engineers and as soon as a solution is available, I will be notified. In the meanwhile there are no further troubleshooting options available and either I autopilot enroll windows 11 devices without pre-provisioning or go back to Windows 10. My query as to why this is not noted as an "outage" on the admin portal, was not answered.

Update on this saga. I successfully resealed a couple of Windows 11 devices, but now the issue has returned - same thing -  device reboots and does not return to reseal screen, Very weird.

Microsoft have notified me that they are still reviewing the diag logs I sent them.

What I dont understand is how come Microsoft have not announced a "Health notification - under investigation" on this issue as they usually do in ther service alerts. Are we in this forum the only few actually pre-provisioning Windows 11?

BH

Hi,

We are facing same problems.

How can you remove that regkey from the client machine?

When I'm opening regedit in client machine (before going to pre-provisioning) i cannot remove or edit anything under HKLM\Software\Microsoft\Provisioning\SyncML\RebootRequiredURIs 

Rudy_Ooms_MVP I tested by removing the regkey ./Device/Vendor/MSFT/Policy/Config/DmaGuard/DeviceEnumerationPolicy and have succesfully arrived at reseal screen. Obviously this is not a full time solution, but an easy workaround. I have updated my Microsoft Case # with this information. Thank you for your blog on that. 

The cause of this issue is not very clear te me. At one customer I had this issue and changed all the assignments (including security baselines and update ring policy) from "all devices" to a device group instead. But this didn't work when I tested at another customer. 

One test I did there is to remove all the configuration profiles en security baselines, including the update ring policy. So nothing was applied to the device but still I did not get the reseal button. 

On other forums I also see that people are having different results. Maybe this could be when testing with different update levels of Windows, I am not sure.

So the only thing I can be sure of is that Microsoft told me it is a know bug and they are working on it. I can not get with 100% certainty a configuration which will always work. Microsoft also told me that they cannot provide me with a workarround, because they just don't have one. 

They also told me that removing the mentioned register key(s) also do not work (always) as expected so that is also not a good workarround.

I guess we can only wait to make sure that the issue is resolved by Microsoft. I will not advice to use Pre-Provisioning with Windows 11 for now, because I cannot find a working (workarround) solution which I am sure it will keep working and not have to worry that it stops working with different conditions.

I also tested with a colleague and we did have just good results with the latest insider build of Windows 11. Not something to use in a production environment for our customers, but at least we have good fate that Microsoft will be able to help us soon.

As mentioned before, as soon as I get a confirmed ETA for the fix from Microsoft, I will let you all know.