Windows Autopilot is Azure service to provision windows 10 build. Autopilot service is to simplify Windows OOBE and it happens primarily at Windows 10 OOBE stage. You will learn about basics of Windows Autopilot Troubleshooting from this post.
TL;DR
The Basics
In the OOBE stage of autopilot deployment, there can be many issues which result in failure. Below are some of the common issues.
- Machine not getting IP address
- Firewall issue
- Network proxy, etc.
Michael has written excellent post on Auto pilot troubleshooting. And for more details on autopilot implementation refer step by step guides.
In Traditional SCCM/MDT deployments, you need to press “F8” key in WinPE stage to get command prompt support. In this post, we will see similar troubleshooting feature in Windows 10 during Autopilot deployment.
How to Get Command Prompt for Windows Autopilot Deployment Troubleshooting
During Autopilot OOBE screen, press Shift + F10. This key combination will launch command prompt. This command prompt helps troubleshoot network activity, event viewer and registry. I also think this feature might be a concern for security team 🙂
This step is the first step towards Windows Autopilot troubleshooting.
Command prompt will be launched in “default user” profile.
In this post we will focus on 3 key areas to Windows Autopilot Troubleshooting:
- Network Activity
- Registry
- Event viewer
Windows Autopilot Network Activity
For sucessfull autopilot deployment , we need to ensure internet connectivity is working fine. Refer this link for complete Autopilot network requirements.
I would like to share some of my observations while Windows Autopilot troubleshooting network issues.
Basic Network Analysis
- Check whether device received IP address and you can ping any Internet URL (Ex: google.com).
- If you suspect any issue with your default network adapter configuration then execute command “ncpa.cpl”
Advanced Network Analysis Using Fiddler
I use fiddler to troubleshoot autopilot network activity at each OOBE stage. You can download fiddler from here and save to USB.
Next install Fiddler app in Autopilot system
After installation you can launch Fiddler GUI from below location
Let the fiddler app run in back ground to capture network communication.Use task manager to bring fiddler to front when required ( just double click )
In fiddler, we need to ensure below process required during autopilot OOBE is excempted.This will unblock windows apps from sending network traffic to local computer.
After installation, let’s trace network activity in each stage of autopilot.
Autopilot client-side events can be divided into 6 stages.
Establish internet connection
In this stage 1,device will try to establish internet connection (wired or wireless).
Note : As per Microsoft documentation “Windows 10 device will contact the Windows Autopilot Deployment Service using the same services used for Windows Activation.”
You can see device start reaching out to below Microsoft URLS.
| Result | Protocol | Host | URL | Body | Caching | Content-Type |
| 200 | HTTP | Tunnel | to | fe2.update.microsoft.com:443 | 0 | svchost:436 |
| 200 | HTTP | Tunnel | to | fe3.delivery.mp.microsoft.com:443 | 0 | svchost:436 |
| 200 | HTTP | Tunnel | to | fe3.delivery.mp.microsoft.com:443 | 0 | svchost:436 |
After some time you can see application “CloudExperienceHost” communicating with below MS URL’s…
200 HTTP Tunnel to account.live.com:443 0 wahost!Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App:3108
200 HTTP Tunnel to accountalt.azureedge.net:443 789 wwahost!Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App:3108
200 HTTP Tunnel to accountalt.azureedge.net:443 789 wwahost!Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App:3108
CloudExperienceHost is a system apps which is located within c:\windows\systemapps.
Windows Autopilot profile download Stage
After establishing internet connectivity, device will download Windows Autopilot profile from the Azure Autopilot deployment service. After autopilot profile download , you will be prompted to enter your corporate email ID.
you can see the below URL’s accessed by the device.
HTTP Tunnel to login.microsoftonline.com:443 0 wwahost!Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App:3108
HTTP Tunnel to secure.aadcdn.microsoftonline-p.com:443 725 wwahost!Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App:3108
Azure User Authentication
In the user-driven autopilot deployment, device will prompt to enter user’s Azure Active Directory credentials. In fiddler you can see device is connecting to below URL for authentication
200 HTTP Tunnel to login.microsoftonline.com:443 0 wwahost!Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App:3108
AAD join and Intune enrollment
In this stage, device will join to Azure Active Directory and auto-enroll to Intune MDM.
You can see device connecting to Azure and Intune MDM URL: “Portal.manage.microsft.com”
200 HTTP Tunnel to portal.manage.microsoft.com:443 0 wwahost!Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App:3108
Device Setup
In stage 5, Intune client play major role. Certificates,Intune applications and profiles will be configured. You can see OMADMclient.exe communicate with cloud services for policies,apps, etc.
Note: OMA-DM is a device management protocol used by Intune client agent.
You can see intune client process connecting to below URL’s
200 HTTP Tunnel to r.manage.microsoft.com:443 0 omadmclient:2212
200 HTTP Tunnel to r.manage.microsoft.com:443 0 omadmclient:3288
Note : During the OOBE process, the Windows Update service will try download and install needed updates.However, AutoPilot process will still continue even if Windows Update is inaccessible.
Account Setup
In this stage , observed below listed URL’s also accessed by the device.
200 HTTP Tunnel to geo-prod.do.dsp.mp.microsoft.com:443 0 svchost:96
200 HTTP Tunnel to kv601-prod.do.dsp.mp.microsoft.com:443 0 svchost:96
200 HTTP Tunnel to cp601-prod.do.dsp.mp.microsoft.com:443 0 svchost:96
200 HTTP Tunnel to swdc01.manage.microsoft.com:443 0 svchost:96
Windows Autopilot Registry –
Diagnostics
Registry is another area to focus while performing Windows autopilot
troubleshooting. You can see autopilot configurations recorded in below registry.
HKLM\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot
| Value | Description |
| AadTenantId | The GUID of the Azure AD tenant the user signed into. |
| CloudAssignedTenantDomain | The Azure AD tenant the device has been registered with, e.g. “contosomn.onmicrosoft.com.” If the device is not registered with Autopilot, this value will be blank. you can use this value while troubleshooting |
| CloudAssignedTenantId | The GUID of the Azure AD tenant. If the device isn’t registered with Autopilot, this value will be blank. |
| IsAutoPilotDisabled | The GUID of the Azure AD tenant. If the device isn’t registered with Autopilot, this value will be blank. |
| TenantMatched | Indicate whether tenant ID of the user matches the tenant ID that the device was registered with. |
| CloudAssignedOobeConfig | This is a bitmap that shows which Autopilot settings were configured. Values include: SkipCortanaOptIn = 1, OobeUserNotLocalAdmin = 2, SkipExpressSettings = 4, SkipOemRegistration = 8, SkipEula = 16 |
For more details on autopilot registry, refer this link
Autopilot Event Viewer – Windows Autopilot Troubleshooting
Event viewer is something we admins always use for troubleshooting. But currently I think event viewer is still not getting in to detailed events. This logs will help in your Windows Autopilot Troubleshooting.
Navigate to “Application and Services Logs –> Microsoft –> Windows –> Provisioning-Diagnostics-Provider –> AutoPilot
For more details on autopilot eventviewer events refer this link
Conclusion – Windows Autopilot Troubleshooting
Command prompt support is very helpful to troubleshoot autopilot deployments .You can also use this command prompt to launch other tools like task manager,process monitor,Windows Performance Recorder (WPR),etc for troubleshooting.
Thanks for this post
Hello Vimal,
Are there any more URL that needed to be whitelisted on client proxy for HAAD join to work. we have whitelisted the listed URL’s mentioned in this page and also from the below link but still there is traffic block from some MS public IP’s and the process fails with the error code 80070774 everytime. Any guidance on this would be helpful
https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints
Thank you