Reseal screen missing when doing autopilot hybrid join with pre-provisioning

Copper Contributor

hi,

We have configured autopilot with hybrid join and white glove. Everything seems to be working except that we never get to the reseal screen. 
After the last reboot we are getting a sign-in page to log on to Azure AD. I never get to the reseal page which I was expecting.

If I continue to log on, the process continues and after another reboot I am asked to log on to the internal domain.

Pre-provisioning has successfully created an Azure account, an AD account and an Intune account for the PC. All configuration profiles and Apps that are in the pre-provisioning scope are successfully applied.

So where did the reseal screen go and why are we not getting there? Any suggestions?

14 Replies
Hi, just to be sure before we dig in.. is this the first time it is giving you issues? because today there were /are a lot of issues with intune/autopilot etc
well, I have been "playing with this" now for a week and finally gave up and posted here. So today I have not been working with this at all. Plan to continue tomorrow or the day after.
Hi,

Can you explain how you start white glove? Did you press 5 time the start button in the oobe phase?

How are your profiles assigned? User or device group?

What type of profiles have you assigned? Device restriction, update rings for windows etc

Kind regards,

René
Hi, And did something changed in the meantime?
Assuming you have started the preprovisioning just like mr_helaas told, (if not.... 🙂 that could be the issue 😛 ) could you share some logs with us?

https://call4cloud.nl/2021/10/willys-white-glove-wonderland/
@MR_Helass Yes, I did press the Windows key 5 times during OOBE, and I could see I got the correct configuration profile from our tenant. all configuration profiles during setup are device oriented, autopilot profile, domain join profile and a few mroe. they are all reported as successful in Intune. I even see I get app:s installed as expected.
Everything in autopilot seems to be working, if I enter a username and password the process continues successfully. I just never get to the part where I am supposed to do a reseal. this screen is somehow skipped.
Sorry to say I do not have any logs and I needed to leave my PC yesterday to the user.
Did you ever manage to resolve this? It has started happening to devices I am rolling out. I occasionally get the reseal option but most of the time just get a login prompt
no, we did not. from what I have learned from Delll (this was thier machines we where using) this is a Microsoft issue in regards to Windows 11 and autopilot/hybrid join which basically does not work. it was supposed to be fixed in the May patch, but from what I know it is not.
Still waiting to get this confirmed.
(this autopilot "feature" is known by Microsoft since november of last year)
Its very hit and miss. I just did Windows updates while in OOBE by using Shift + F10 and running 'start ms-settings:' then running updates as normal. Once finished, I rebooted and run through Autopilot again and got the reseal option! I tried it on another machine and didn't get the option so back to square one! I assume it has pretty much finished what it needs to do so shouldn't cause any issues, its just frustrating that it works sometimes and not others

Did anyone get any clarity on this? It keeps on happening in our organization too but it's very intermittent.

@matgus it's not just Dell or Win 11, we have a mix of Dells and Lenovos, Win 10 and Win 11 and it happens to all.

 

@Rudy_Ooms_MVP did you ever dig into this issue? This the type of problem that I would think you would love to figure out (just saying :facepalm:)

If i could reproduce the error i would have solve it 🙂
Wow that was quick!
If I give you the logs of a PC that skipped the reseal would that be of any help?
could help... but sometimes getting to the bottom of it would takes some time... as most of the time its a combination of traces/logs etc to determine what is breaking 🙂

Hi,

thanks for your interest in this topic. it was now almost two years ago we had this issues and we have found what caused this, at least in our case. The problem we had was due to a combination of TPM-chipset and processor version. This was documented by both Dell and Microsoft at the time. Since then this combination is no longer sold and Microsoft have issued an update to Windows which ideally shoud not introduce this problem again. The combo we had was Intel gen11 processor "tiger lake" and TPM, mentioned here: TPM Attestation flow Explained | Intel 11th Gen Tiger Lake (call4cloud.nl) and Fix TPM Intel Tiger Lake TPM attestation Issues KB5007253 (call4cloud.nl)
but this should now have been fixed.

@Rudy_Ooms_MVP I'm willing to put in the time and effort as it's driving my imaging department crazy if you're up to it (I understand if you're not interested).

Which logs would you like and where can I upload them too?

 

@matgus Thanks for responding. How did you figure out what was causing it for you? The article that you linked seems to indicate Autopilot failure (the dreaded red screen) not our issue of the Reseal part missing?

Also, we're experiencing it on the latest Intel 13th gen processor in Dell PCs with the latest Windows Updates as well as in old 7th and 8th gen processors in Lenovo PCs.