Category: Intune

Troubleshooting Autopilot Application Deployments

Troubleshooting Intune Autopilot deployments can be a pain, however there are some tools that are useful, and registry locations that can help.

Start an Elevated Command Prompt

To start an elevated command prompt during the Autopilot Out Of Box Experience (Oobe) simply press Shift F10. This command prompt will allow you to check things like Regedit and can be used to run diagnostics.

Run diagnostics

Michael Niehous has kindly written a script that checks the Autopilot logs. To run this, start an elevated command prompt, start Powershell and then type the following.

Set-ExecutionPolicy Bypass
Install-script Get-AutopilotDiagnostics
Get-AutopilotDiagnostics.ps1 -online

This script can be run during Oobe (particularly if there is a failure), or once the device has completed the build and has rebooted. It analyses the Autopilot logs to determineoutcomes.

One additional benefit of this script is that it automatically translates the application names, rather than using the application GUIDs, which is very helpful.

From the output of this script you can check how the Domain join, Policies or Application installs are progressing.

Autopilot Logs

If you are unable to run the script above, for some reason, you can look at the Autopilot logs, located in HKLM\Software\Microsoft\Windows\Autopilot.

If you look in this location.

HKLM\Software\Microsoft\Windows\Autopilot\EnrollmentStatusTracking\Device\Status\Apps\Tracking\Sidecar

You will see a list of applications, starting with Win32App. These are the Win32 apps that have been installed or attempted to install as part of the Autopilot process. If you go into each one, the possible InstallationState options are shown below.

1 (NotInstalled)
2 (InProgress)
3 (Completed)
4 (Error)

To translate which app is being referred to you need to go to https://endpoint.microsoft.com and navigate to a Windows application. you will see the App ID in the URL in the browser. e.g.

https://endpoint.microsoft.com/#blade/Microsoft_Intune_Apps/SettingsMenu/0/appId/5f6dfa59-5b8f-4dd5-839f-c2cb1e21b3dc

The AppId is the section at the end. As you can see, this is not user friendly at all. Hence why Michael Niehous’s script, above, is so useful.

General Intune logs on the Windows 10 device can be found here.

C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

Useful URLs for troubleshooting Autopilot and Intune

Troubleshoot the Enrollment Status Page (ESP) – Intune | Microsoft Docs

Windows Autopilot diagnostics: Digging deeper – Out of Office Hours (oofhours.com)

Troubleshoot Azure AD device registration and Windows Autopilot – Intune | Microsoft Docs

Powershell GUI utility to create Intunewin files for Win32 Intune applications

Although Intune is often used to manage mobile devices and applications, it can also manage and deploy Windows 10 applications. It can easily deploy AppX and MSIX applications, but Win32 applications need to be wrapped into an Intunewin package before they can be deployed. This makes them look more like the AppX/MSIX style applications that Intune was originally designed to deploy.

There is a command line tool called the Microsoft Win32 Content Prep Tool that can be used to wrap a Win32 application into an Intunewin format. This work is often be done by application packagers, or by the Intune deployment team.

To make use of this tool more convenient to use, and also more suitable for less technical personnel, I have created a GUI application, written in Powershell. The utility comes as an MSI installer, that includes the Powershell script, the content prep tool executable and a shortcut.

The utility can be downloaded below.

https://github.com/HigginsonConsultancy/Media/blob/master/IntuneWinUtility.msi

Once installed, the utility can be started by running the following shortcut.

and when opened, the utility looks like this.

From this window the source folder, output folder and setup file name can be selected, using the browse buttons. Input is validated to ensure that it exists.

The Microsoft Win32 Content Prep Tool has a known bug that causes the tool to fail if output is redirected, therefore I have allowed the CMD window output to be displayed so that it is possible to check that the conversion is working correctly, rather than giving no output at all. The CMD windows closes automatically once the content prep tool has finished, and the Intunewin package will be found in the Output Folder path.

Adding existing devices to Autopilot using Powershell

Adding devices to Autopilot requires gathering the hardware ID hash of the device. If you are buying new devices from a supplier they can usually provide the details in a file that can be imported into Autopilot.

If you have existing machines that you want to enable for Autopilot deployment, Microsoft have provided a script that will gather the correct information and create a CSV file that can be imported into Autopilot.

md c:\\HWID
Set-Location c:\\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv

The above script will need to be run on each device that needs to be added to Autopilot.