Autopilot - troubleshooting reboots during device enrollments - Microsoft Q&A (2023)

2020-10-14T09:16:17.613+00:00

Hello, posting for the first time here, hoping it will reach the right audience.

When we enroll a (for example 1909) system, during the ‘Setting up your device for work’, when it moves from Device Setup to Account setup the system is rebooted.
It ends up at a login screen where the user has to fill in their username and password, and after that has to confirm identity with MFA.

Trying to figure out how to troubleshoot what is casing this reboot.

In the System log I can see.
The process C:\Windows\System32\CloudExperienceHostBroker.exe (DESKTOP-2AB16JF) has initiated the restart of computer DESKTOP-2AB16JF on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Reconfiguration (Unplanned)
Reason Code: 0x20004
Shutdown Type: restart
Comment:

Digging a bit further in the Shell-Core - Operational log at the same time
CloudExperienceHost Web App Activity started. CXID: 'Reboot'.

A second earlier in the Shell-Core - Operational log
CloudExperienceHost Web App Event 1. Name: 'Autopilot device rename completed'.

Checked all possible other event logs but nothing is jumping out.
Also nothing in the IntuneManagementExtension.log

These event details don't get me many results on the WWW, besides CloudExperienceHostBroker.exe reboots is causing the same for others, no resolution though.

Any help would be appriciated.
Bas Hoog

Sign in to comment

1. 

   Nick Hogarth 3,411Reputation points • Microsoft MVP

   2020-10-14T20:58:38.067+00:00

   A good post on troubleshooting Autopilot is here https://oofhours.com/2019/10/08/troubleshooting-windows-autopilot-a-reference/

   If you can't find what you are looking for, you may have to remove policies/apps and trial it out by adding them back slowly to find out what is causing the reboot.

   0No comments

   Sign in to comment

2. 

   Crystal-MSFT 19,811Reputation points • Microsoft Employee

   2020-10-15T01:38:14.74+00:00

   @Bas Hoog , Research and find a similar issue with you. The cause is the preview security baseline. Please check if we have the same setting and remove it to see if it is working:
   https://www.reddit.com/r/Intune/comments/cgvnlj/reboot_after_device_setup/
   Note: Non-Microsoft link, just for the reference.

   However, if the issue still persists, we can follow Nick's suggestion to find out what is the affected policy /app.

   Hope it can help.

   If the response is helpful, please click "Accept Answer" and upvote it.
   Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

   0No comments

   Sign in to comment

3. 

   Bas Hoog 1Reputation point

   2020-10-16T10:56:40.877+00:00

   See Also

   How To Reboot Computer Without Cd Rom – Android ConsejosHow to Fix Left Click Not Working in Windows 11 - GeekChampVirus & threat protection stuck on Getting protection infoChrome Download Stuck at 100? Here’s How to Fix It

   Searched a bit further for the word 'reboot' in all the Autopilot related event viewer logs

   The Shell-Core - Operational log is jumping out still

   No clue what might be causing the reboots still, if the user logs on and doesn't respond to the MFA prompt who knows what would happen in the background. There are many applications in line to be installed in 'User' mode after this step.

   ProviderName: Microsoft-Windows-Shell-Core
   TimeCreated Message

   13/10/2020 14:36:51 CloudExperienceHost Web App Activity started. CXID: 'RebootZtd'.
   13/10/2020 14:36:51 CloudExperienceHost Web App Event 1. Name: 'UnifiedEnrollment_ProvisioningProgressPage_CoalescedRebootRequired'.
   13/10/2020 14:30:25 CloudExperienceHost Web App Activity started. CXID: 'OobeWirelessAfterRebootZtd'.
   13/10/2020 14:30:25 CloudExperienceHost Web App Activity started. CXID: 'RebootZtd'.
   13/10/2020 14:29:32 CloudExperienceHost Web App Activity started. CXID: 'OobeProvisioningRebootAfterConnectivity'.
   13/10/2020 14:29:32 CloudExperienceHost Web App Activity started. CXID: 'OobeWirelessAfterZDPReboot'.
   13/10/2020 14:29:32 CloudExperienceHost Web App Activity stopped. Result: 'OobeWirelessAfterZDPReboot'.
   13/10/2020 14:29:32 CloudExperienceHost Web App Event 2. Name: 'Done', Value: 'OobeWirelessAfterZDPReboot'.
   13/10/2020 14:29:31 CloudExperienceHost App Event 2. Name: 'AppResuming', Value: 'OobeWirelessAfterZDPReboot'.
   13/10/2020 14:28:54 CloudExperienceHost Web App Activity started. CXID: 'Reboot'.
   13/10/2020 14:28:50 CloudExperienceHost Web App Event 2. Name: 'NavigationSucceed', Value: '{"webErrorStatus":18,"uri":"ms-appx-web://microsoft.windows.cloudexperiencehost/webapps/inclusiveOobe/view/Oobeautopilotreboot-main.html"}'.

   1. 

      Crystal-MSFT 19,811Reputation points • Microsoft Employee

      2020-10-19T06:22:04.427+00:00

      @Bas Hoog , After doing some more research, I find there's a normal reboot after the device recessive the ODJ blob. We can see more details in the following link:
      https://oofhours.com/2020/07/12/windows-autopilot-diagnostics-digging-deeper/
      Note: Non-Microsoft link, just for the reference.

      In addition, if the MFA is not finished, the authentication will be failed, Then the Autopilot will not complete.

      Hope it can help.

   Sign in to comment

4. 

   Bas Hoog 1Reputation point

   2020-10-22T13:08:17.513+00:00

   @Crystal-MSFT . Sorry I was offline for a few days. Thank you very for this article. I will try to digest it, looks very interesting.

   1. 

      Crystal-MSFT 19,811Reputation points • Microsoft Employee

      2020-10-23T05:49:08.623+00:00

      @Bas Hoog , Thanks for the reply. I notice you will take some time reading this article. We will wait here and if there's anything else we can help, feel free to let us know.

   Sign in to comment

5. 

   Bas Hoog 1Reputation point

   2020-10-29T09:32:03.613+00:00

   Thank you Chrystal-MSFT. What we did is create a group and excluded all Win32 Apps from that, same result.

   Ran this and nothing is jumping ot to me with these results. Thinking about opening a case with Microsoft for this now.

   PS C:\WINDOWS\system32> Get-AutopilotDiagnostics

   AUTOPILOT DIAGNOSTICS

   OS version: 10.0.19041
   Profile:
   TenantDomain: xxxxxxxxx.onmicrosoft.com
   TenantID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
   ZTDID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
   EntDMID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
   OobeConfig: 1308
   Skip keyboard: Yes 1 - - - - - - - - - -
   Enable patch download: No - 0 - - - - - - - - -
   Skip Windows upgrade UX: Yes - - 1 - - - - - - - -
   AAD TPM Required: No - - - 0 - - - - - - -
   AAD device auth: No - - - - 0 - - - - - -
   TPM attestation: No - - - - - 0 - - - - -
   Skip EULA: Yes - - - - - - 1 - - - -
   Skip OEM registration: Yes - - - - - - - 1 - - -
   Skip express settings: Yes - - - - - - - - 1 - -
   Disallow admin: No - - - - - - - - - 0 -
   Scenario: Azure AD Join
   Enrollment status page:
   Device ESP enabled: True
   User ESP enabled: True
   ESP timeout: 60
   ESP blocking: No
   Delivery Optimization statistics:
   Total bytes downloaded: 0
   From peers: 0% (0)
   From Connected Cache: 0% (0)

   DEVICE ESP:

   2020-10-29 09:26:12Z
   Policy ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/EntDMID : 1 (Processed)
   2020-10-29 09:26:17Z
   MSI Intune Management Extensions ({xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}) : 70 (Success / Enforcement Completed)

   USER ESP for S-1-12-1-xxxxxxx-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:

   2020-10-29 09:30:22Z
   Policy ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/EntDMID : 1 (Processed)
   2020-10-29 09:30:22Z
   Cert ModelName_AC_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_LogicalName_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_Hash_-0000000 : 1 (Processed)

   OBSERVED TIMELINE:

   Date Status Detail

   2020-10-29 01:21:51Z Profile downloaded Autopilot profile
   2020-10-29 09:23:46Z SCP discovery successful. Device Registration
   2020-10-29 09:24:09Z MDM Enroll: Succeeded MDM Enrollment
   2020-10-29 09:24:27Z Download started Sidecar
   2020-10-29 09:24:35Z Download finished Sidecar
   2020-10-29 09:24:36Z Installation started Sidecar
   2020-10-29 09:24:41Z Installation finished Sidecar
   2020-10-29 09:26:12Z Processed Policy ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/EntDMID
   2020-10-29 09:26:17Z Success / Enforcement Completed MSI Intune Management Extensions (xxxxxxxx-xxxx-xxxx-xxxx-xxxxx...
   2020-10-29 09:30:22Z Processed Cert ModelName_AC_xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx_LogicalN...

   1. 

      Crystal-MSFT 19,811Reputation points • Microsoft Employee

      2020-10-30T08:18:02.797+00:00

      @Bas Hoog , Thanks for the reply. From your description, I know the result is the same after excluding all Win32 Apps, If the unexpected reboot is still, I also suggested to open case.

   2. 

      Thomas Seynhaeve 6Reputation points

      2020-10-30T13:47:29.35+00:00

      Hi Bashoog,

      I've had exact the same problem this week.
      Yesterday I've opened a case with MS and today they told me there was "something wrong with the ESP". Now I've created a new ESP (as the support team told me to) with 120 minutes time-out and it works!

      Don't waste too much time on it, if it doesn't work today I'd advise you to start a case.

   Sign in to comment

   See Also

   How to Fix Photos App Not Working in Windows 11 - GeekChamp11 Fixes Resource Monitor App Not Working Windows 11/10

Sign in to answer