Autopilot – Why Did My PC Restart? In this article, we delve into the user-driven Entra hybrid scenario of Autopilot setup and address the issue of PC restarts during the process. Discover the underlying reasons behind this occurrence and gain insights on how to effectively troubleshoot and resolve the problem.
Table of Contents
The problem: Autopilot – Why did my PC restart?
While preforming Autopilot – User driven – Microsoft Entra hybrid Join Scenario
After getting the branding page, the user enters his credential, device restarted, then 2-3 mins the process interrupted and the device restarts again, following with this error “Why did my PC restart”
Troubleshooting: Autopilot – Why did my PC restart?
Before start to guess what could be the issue, we should collect logs, either from Intune portal if device complete enrollment step or from the device itself
refer to Microsoft document to collect logs from the portal
https://learn.microsoft.com/en-us/mem/intune/remote-actions/collect-diagnostics
If you want to collect logs from the device do the following
Shift + F10 and run the following command
MDMDiagnosticsTool.exe -area “Autopilot;DeviceProvisioning;DeviceEnrollment,TPM” -cab c:\temp\MDMDiagnostics.cab
When troubleshooting Autopilot issues, I prefer to back to the flow so I can confirm every step completed then go to the next step
Referring to the hybrid flow, after the user enters his credential what should happen?
Two things should happen:
- The device should complete enrollment to Intune.
- The device should get the Offline Domain Join “ODJ” blob to be able to complete joining to on-prem domain.
Hint, the device should then restart to complete joining the on-prem domain and get the new name.
Let’s confirm those two points
First point, confirm if device enrolled:
We can confirm this by checking the event viewer log “microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx” and confirm if event 72 exists
I will write a specific post to troubleshoot enrollment step during Autopilot scenario, once ready will add the link here
Second point, confirm if the device received the ODJ blob
We can confirm if the device got the ODJ blob by checking the same event viewer log “microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx”
Just after device enrollment is completed, we will find event 111, stating that device waiting for ODJ blob
Then within a max of 25 mins, the device should receive the ODJ blob, from the same log we should check for event 107
So, both steps completed successfully …. Ooh what is the issue then!! 
More Analysis: Autopilot – Why did my PC restart?
As there is an unexpected restart happened, let’s check the system event
1 min after the device received the ODJ blob, I can see the following unexpected restart coming from “CloudExperienceHostBroker.exe”
And after the restart the device reverts to the default name
Then the next question will be, what causes the device to do this unexpected restart
Let’s check the policies deployed to the device, back to “microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx” and make sure there is no any conflicting policy with Autopilot
Check this Microsoft document for the list of policies that can conflict with Autopilot
from the log I can find the following event “2800”, The following URI has triggered a reboot (./DEvice/Vendor/MSFT/Policy/COnfig/DeviceGuard/LsaCfgFlags)
Tried to exclude the device guard policy, but the same issue is still happening.
The Cause: Autopilot – Why did my PC restart?
Continuing checking the policies deployed from Intune, we can find the customer is pushing AppLocker policy, which is one of the conflicting policies with Autopilot
After excluding the policy, the Autopilot process case be completed successfully
The Solution: Autopilot – Why did my PC restart?
As per Microsoft doc, AppLocker policy is not supported
But the customer still wants to apply it on the devices for security concern, it couldn’t be just excluded
So the solution will be to apply the AppLocker policy after Autopilot completed
For more posts about Autopilot please check Autopilot category in IntuneBytes blog
Leave a Reply