Maxim_Kazmin - Fotolia
Although Windows Autopilot deployments tend to be relatively straightforward, things can and sometimes do go wrong. When that happens, it is important to know how to troubleshoot the issue.
The first thing you as an IT admin should do for Windows Autopilot troubleshooting is confirm that the PCs you are configuring have internet access. Autopilot cannot work without internet connectivity.
Profile download failure
When a Windows Autopilot deployment fails, most IT pros find that the out-of-box experience does not behave as expected, because Windows failed to download an Autopilot profile.
Windows 10 builds 1703 and 1709 will attempt to download the profile just prior to displaying the End-User License Agreement screen, while Windows 10 builds 1803 and higher download the profile at the very beginning of the out-of--Box experience -- unless a wireless connection is being used, in which case Windows downloads a profile as soon as a connection to the wireless network has been established.
If Windows fails to download an Autopilot profile, then it will create a blank profile instead. This will result in a generic deployment, rather than a deployment that matches your profile settings. Once Windows creates a blank profile, there is no easy way to get rid of it. You will have to either use Sysprep to generalize the system, manually install Windows or reimage the desktop.
This raises the question of how you can tell whether or not the profile was downloaded successfully. Starting with Windows 10 build 1709, Microsoft started writing profile-related information to the registry. You can use this information to diagnose the problem. The registry settings of interest (Figure 1) are located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Provisioning\Diagnostics\AutoPilot.
The figure above shows two Autopilot-related registry keys: CloudAssignedOobeConfig and IsAutoPilotDisabled. The CloudAssignedOobeConfig key tells you which Autopilot settings were configured. Some of the values you might see include the following:
1 -- Skip Cortana
2 -- OOBE User Not Local Admin
4 -- Skip Express Settings
8 -- Skip OEM Registration
16 -- Skip EULA
The IsAutoPilotDisabled setting tells you whether or not the device is registered with Autopilot. Make sure this setting does not contain a value of 1, which generally indicates a profile was not downloaded.
You should also look for a setting named TenantMatched. If present, this setting should display a value of 1, indicating the user's tenant ID matches the tenant ID used to register the device.
Windows event logs
Registry entries are helpful for Windows Autopilot troubleshooting, but Windows 10 builds 1803 and above detail Autopilot activity in the Windows event logs. You can access these log entries by opening the Windows Event Viewer and going to Application and Service Logs | Microsoft | Windows | Provisioning-Diagnostics-Provider | Autopilot. Log entries, however, will only exist if Autopilot was used or attempted.
Most of the events that are typically displayed within this log are informational. These events might give you some insight into Autopilot's behavior, but you should primarily look out for error events. Specifically, you should watch for Event 171 and 172.
Event No. 171 is an error indicating that Autopilot Manager failed because of an error related to the Trusted Platform Module attestation process. If you receive this error, you will need to complete the self-deploying mode.
Event No. 172 reflects an error condition in which the Autopilot Manager was unable to set the profile as available. In many cases, event 172 occurs when event 171 already occurred.