Thursday 11 July 2019

AutoPilot hybrid - issue resetting devices

Issue

I'm implementing an AutoPilot process for a customer at the moment involving hybrid AAD join of Windows 10 1809 devices (Lenovo T480 laptops). In general the AutoPilot process works. However we ran into trouble when we retired or reset a device that had been previously joined to Azure AD. The behaviour was consistent and the devices never joined AD or AAD.


After sign in the devices were stuck on "Please wait while we set up your device". (The screenshot above shows 1809 VM on the left and 1903 on the right).

After about 30 minutes they would fail with:

Something went wrong. Confirm that you are using the correct sign-in information and that your organization uses this feature. You can try to do this again or contact your system administrator with the error code 80070774”



This suggested that there was something preventing the Offline Domain Join from completing and the process timed out. I researched the problem and saw that I wasn't alone. Similar issues were reported in the TechNet forums.


  • I made sure that the devices did not still exist in AD or Azure AD but it did not make any difference.
  • Also I made sure that the ODJ profile was assigned to a dynamic group of my AutoPilot devices. Remember the solution worked perfectly first time around. It only gave trouble when the devices were reset.
  • The AutoPilot device group was based on the presence of the ZTDId attribute.
Workaround

I reached out to the product group and Michael Niehaus gave me some advice. He suggested that only way to get it to reliably work was to remove all the device objects (AAD, Intune, Autopilot) and then re-import the device to Autopilot to start over. He also suggested a possible workaround. Target the Domain Join device configuration policy to "All Devices" instead of AutoPilot devices only as that would help with the ODJ timeout problems. 

That's what I did. I changed the targeting and it worked. The devices joined both AD and Azure AD as normal. Thanks Michael.

I hope this helps you if you find yourself in the same situation. 

Until next time......


7 comments:

  1. The work around is not exactly a solution, as I need some devices to be hybrid and some to be aad joined. How can we do this if the dynamic device assignment causes timeout issues?

    ReplyDelete
    Replies
    1. agreed Im also in the same boat as you

      Delete
  2. we have issues with 1903.. its stuck at "Please wait while we set up your device..." stays there forever never throws any error. WhiteGlove works but normal way does not. No errors on the intune connector server.

    ReplyDelete
  3. Same here, 1903 stuck but same machine 1809 no issues

    ReplyDelete
    Replies
    1. Make sure you're installing at least 18362.175

      Delete
  4. Hi, nice post.
    But can you please clarify more in details and screenshot in terms of the following statement:
    Target the Domain Join device configuration policy to "All Devices" instead of AutoPilot devices only as that would help with the ODJ timeout problems.

    ReplyDelete
    Replies
    1. @Unknown - If you followed any guide, you should have created a Device Configuration Profile called Offline Domain Join. Many of the guides out there have it targeted to a group. I believe this is what you would want to change to "All Devices." My problem is that I don't know what effect this will have on machines already joined to the domain.
      Hope this helps.

      Delete