Autopilot: Across the TimeOut-Verse

Patch My Pc | install & update thousands of apps

This blog will discuss the 0x800705b4 error that “could” occur during the “Preparing your device for mobile management” ESP Autopilot phase. I decided to write this blog because, in the last couple of days, I have heard some people complaining about it.

1. Introduction

Before I show you the issue we encountered during the Autopilot Preparation phase, I need to explain this phase a bit.

Some time ago I already created a blog with a nice big title to describe each ESP phase.

https://call4cloud.nl/2021/06/those-magnificent-drivers-in-their-flying-microsoft-store-or-how-i-flew-from-the-enrolment-status-page-to-paris-in-25-hours-11-minutes

Looking back at that blog, I did describe “Preparing your device for mobile management” but not that well. So let me try again!

During the “Preparing” ESP phase the “Policy Providers” need to be installed. Those Policy Providers are required for the ESP to know which policies and Win32 Apps it needs to track.

To ensure that those Win32 Apps can be tracked, another policy provider, the Intune Management Extension (MSI), needs to be installed. Of course, the Intune Management Extension is also responsible for installing those nice Win32 Apps, MSI apps, and PowerShell scripts.

After the Intune Management Extension is installed, it will communicate with Intune which apps need to be installed. When IME receives the list of apps that need to be installed, it will tell the ESP it’s ready! Now that it’s ready, the ESP can proceed to the “Device Setup” phase.

Please Note: Even before the ESP proceeds to the Device Setup, the IME is already installing some of your MSI apps, like the Office 365 Apps, while it’s still in the “Preparing” phase. When the IME is installed, it will just start performing its job!

To give a small summary in chronicle order

  1. After a successful MDM enrollment, the Preparing your device for mobile management will start
  2. The ESP will wait for all the policy providers to be installed
  3. The Device will communicate with Intune to receive a list of policies to process and what it needs to track
  4. The DM Client will begin applying the Device based configuration Policies
  5. The DM Client will also start downloading and installing the MSI apps like the Intune Management Extension and the Office 365 Apps (if configured with the CSP option)
  6. After the IME is installed it will receive a list of Win32apps that needs to be installed and will tell the ESP it’s ready to proceed!
  7. The ESP will proceed to the “Device Setup” phase

After reading the summary you could say there is much to be done during the “Preparing Phase”

2. The Issue

Now we know what’s happening during the “Preparing” phase. Let’s take a look at the error we got while enrolling a new Virtual Machine (VM) with Autopilot

As shown below, it gives us the famous 0x800705b4 Time-Out error and the setup could not be completed.

Normally, this 0x800705b4 error could be due to a TPM attestation TIME-OUT. In the past, I have written a lot about TPM provisioning errors and their time-outs

https://call4cloud.nl/2021/11/the-pursuit-of-happy-uhh-tpm-provisioning

After reading this blog, I guess we could pretty much say the 0x800705b4 just means a Time-Out occurred and we don’t know what to say else…. But why the Time Out?

3. The Simple Fix

Let’s look at what’s happening inside your VM at that exact same point when we received that error. When opening the Task Manager, you will immediately notice the device could be pretty busy

Afbeelding met tafel  Automatisch gegenereerde beschrijving

As shown above, 100% CPU time… isn’t good! Let me show the real issue.

Afbeelding met tekst  Automatisch gegenereerde beschrijving

When people are testing stuff, mostly they will test it inside a VM (or maybe a nice sandbox)

Windows Sandbox | Container Manager Service | VMWP | (call4cloud.nl)

But please, pretty please don’t assign that VM only 1 VPU! It’s even in the MS Docs!

Windows Autopilot device guidelines | Microsoft Docs

It is telling us to assign at least 2 (and not 1!!!) Processors and 4 GB when using a VM for Autopilot testing. The best practice is to just assign it 4 VPU’s!

After changing the amount of VPU’s you will notice this error is gone!

Conclusion

Of course, the error I showed you could also be due to TPM attestation timeout, but when using a VM with only 1 VPU, it could pretty much be due to the number of VPUs you have assigned to it. So speed it up otherwise it’s not going to be fast

Baymax Not Fast GIF - Baymax Not Fast Big Hero6 - Discover & Share GIFs

14 thoughts on “Autopilot: Across the TimeOut-Verse

  1. Thanks for this! It used to work perfectly fine with 1 VPU, so I didn’t think of increasing the VPUs. You saved me a lot of time and frustration.

  2. I could confirm this also! I forgot to increase the numbers of vCPUs before and I saw also the 100% CPU load at the “Microsoft Account”. Now the time-out issue is solved for me. Thanks a lot!

  3. Rudy,

    I follow your blog posts and announcements on LinkedIn, fantastic work man! and this article saved me from keeping banging my head against the wall, sometime we do not read the obvious things we should!

  4. We are running user driven Hybrid AD scenario and we are facing this issue on physical device having TPM 2.0. Could you please guide us on this issue?

  5. Rudy, Thanks for this blog.

    Here’s my issue. The IME is no longer getting installed automatically during this phase. It errors out that it can’t be installed. The work around is to install it manually, but what exactly is causing this? It should be “automatic” but that’s no longer the case.

    If I install it manually, then it completes and moves on to the next time. Not sure what would cause this?

Leave a Reply

Your email address will not be published. Required fields are marked *

13  −  11  =  

Proudly powered by WordPress | Theme: Wanderz Blog by Crimson Themes.