Tech Community Live: Microsoft Intune
Mar 20 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Autopilot issue on device set up "Identifying"

Steel Contributor

Hello everyone, I'm currently using autopilot to enroll devices into Intune. Up until now, everything has been going smoothly without any changes. However, the last three devices, which are the same models as the ones that previously worked, are encountering an issue during the device setup stage. Specifically, they are getting stuck during the identification process when applying the security policy. 

 

IMG_4538.jpg

 

Current set up is: 

 

Screenshot 2024-02-05 at 15.23.41.pngScreenshot 2024-02-05 at 15.23.21.png

 

 

 

Any ideas where I am going wrong

17 Replies
Looks like you are using self deploying method. Can you confirm if the pre-reqs like TPM 2.0 and other network requirements are being met on the 3 devices in question? https://learn.microsoft.com/en-us/autopilot/networking-requirements#tpm
Yes they are, I have used same autopilot config on several devices (same model) and no issues. These devices were all brought in batch (286 of them) I don’t understand why the several have worked but these aren’t.
Have you tried switching to another network switch, port, access point? If you have already tried this then I will suggest to collect the diagnostic logs for troubleshooting. In my experience it is usually hardware, networking rules the usual suspects during these kind of issues.

@rahuljindal-MVP ok thanks i will try a different switch. I did get diagnostic up which flagged this but what does this mean ? 

 

IMG_4542.jpeg

TPM attestation is a must for self deploying. If the hardware supports it then most likely the vendor urls are not reachable over network for attestation.

Hi @rahuljindal-MVP 

 

What do you mean by Vendor URLS? 

 

Here is an example of a device which enrolled using Autopilot Self deploying which is the exact batch of devices and model of the ones now failing: 

 

Screenshot 2024-02-07 at 09.17.40.pngScreenshot 2024-02-07 at 09.17.18.png

 

Have a look at the event logs to verify if the issue is indeed related to TPM attestation. Since it is affecting and working the same model type, the issue could also be related to time being out of sync in bios. Read this - https://oofhours.com/2019/07/09/tpm-attestation-what-can-possibly-go-wrong/
they have started working again today.
Even when it seems that is fixed (I also noticed the same behavior... )...i felt I still needed to post my feedback :)

Kinda weird that everyone mentions the prereqs like tpm... :) ... As when looking at the screenshot of the esp... its becomes clear that device already passed that first step... "securing hardware" ... At that point in time, it is trying to execute powershell scripts and the office csp
(noticed that you converted it to win32.. so no issue here)
https://call4cloud.nl/2022/09/autopilot-pre-provisionings-infinite-play-uh-waiting-list/

... the google chrome one...was that a lob app?

Look at diagnostics. There is a warning against tpm attestation. By the way, what’s with the snarky comments?

Hi Rudy,

I have managed to get passed the Identifying on more this time however the apps are now taking so much longer and thats if they pass it.

Regardless of wifi use, ethernet etc these devices are still struggling to be consistent with autopilot. Other devices have no issues

Office I converted into win32 which works fine and we use this for all 2000 devices we have, but seems to get stuck only on these particular batch of devices / models on most occasions id get 3 that work perfectly all stages finished in 45 minutes then all others error out on the apps part or some dont pass the Identifying stage on device set up.

Google chrome is win32 too I read somewhere (probs on your blogs!) not to mix win32, lob etc.

Also @Rudy_Ooms_MVP Its never just identifying on just apps its all the stages within Device Set up if it gets stuck at the "identifying" stage for me

If you try to enroll such a problem device with a regular autopilot enrollment, do you experience the same behavior?
So use a autopilot entrolment without apps etc ie the default one?
I will give it a go.

Currently as I plan to enrol 285 devices next week I think I might need to use Provisioning packages one last time! Is it possible to get Office to install first this way?
In the screenshot you were showing self-deploying, right? that what i meant with creating a different autopilot profile and assigning it the device but this time NOT with self deploying but user-driven
I would need to use Allow pre-provisioned deployment for this set up is that ok for the test?
try it first with out prepro... (self deploying and prepro use the tpm) to rule out issue with that one... try a regular autopilot enrollment first with the same device... if that's working you can move on.. :)