This blog will discuss the 0x800705b4 error that “could” occur during the “Preparing your device for mobile management” ESP Autopilot phase. I decided to write this blog because, in the last couple of days, I have heard some people complaining about it.
1. Introduction
Before I show you the issue we encountered during the Autopilot Preparation phase, I need to explain this phase a bit.
Some time ago I already created a blog with a nice big title to describe each ESP phase.
Looking back at that blog, I did describe “Preparing your device for mobile management” but not that well. So let me try again!
During the “Preparing” ESP phase the “Policy Providers” need to be installed. Those Policy Providers are required for the ESP to know which policies and Win32 Apps it needs to track.
To ensure that those Win32 Apps can be tracked, another policy provider, the Intune Management Extension (MSI), needs to be installed. Of course, the Intune Management Extension is also responsible for installing those nice Win32 Apps, MSI apps, and PowerShell scripts.
After the Intune Management Extension is installed, it will communicate with Intune which apps need to be installed. When IME receives the list of apps that need to be installed, it will tell the ESP it’s ready! Now that it’s ready, the ESP can proceed to the “Device Setup” phase.
Please Note: Even before the ESP proceeds to the Device Setup, the IME is already installing some of your MSI apps, like the Office 365 Apps, while it’s still in the “Preparing” phase. When the IME is installed, it will just start performing its job!
To give a small summary in chronicle order
- After a successful MDM enrollment, the Preparing your device for mobile management will start
- The ESP will wait for all the policy providers to be installed
- The Device will communicate with Intune to receive a list of policies to process and what it needs to track
- The DM Client will begin applying the Device based configuration Policies
- The DM Client will also start downloading and installing the MSI apps like the Intune Management Extension and the Office 365 Apps (if configured with the CSP option)
- After the IME is installed it will receive a list of Win32apps that needs to be installed and will tell the ESP it’s ready to proceed!
- The ESP will proceed to the “Device Setup” phase
After reading the summary you could say there is much to be done during the “Preparing Phase”
2. The Issue
Now we know what’s happening during the “Preparing” phase. Let’s take a look at the error we got while enrolling a new Virtual Machine (VM) with Autopilot
As shown below, it gives us the famous 0x800705b4 Time-Out error and the setup could not be completed.
Normally, this 0x800705b4 error could be due to a TPM attestation TIME-OUT. In the past, I have written a lot about TPM provisioning errors and their time-outs
https://call4cloud.nl/2021/11/the-pursuit-of-happy-uhh-tpm-provisioning
After reading this blog, I guess we could pretty much say the 0x800705b4 just means a Time-Out occurred and we don’t know what to say else…. But why the Time Out?
3. The Simple Fix
Let’s look at what’s happening inside your VM at that exact same point when we received that error. When opening the Task Manager, you will immediately notice the device could be pretty busy
As shown above, 100% CPU time… isn’t good! Let me show the real issue.
When people are testing stuff, mostly they will test it inside a VM (or maybe a nice sandbox)
Windows Sandbox | Container Manager Service | VMWP | (call4cloud.nl)
But please, pretty please don’t assign that VM only 1 VPU! It’s even in the MS Docs!
Windows Autopilot device guidelines | Microsoft Docs
It is telling us to assign at least 2 (and not 1!!!) Processors and 4 GB when using a VM for Autopilot testing. The best practice is to just assign it 4 VPU’s!
After changing the amount of VPU’s you will notice this error is gone!
Conclusion
Of course, the error I showed you could also be due to TPM attestation timeout, but when using a VM with only 1 VPU, it could pretty much be due to the number of VPUs you have assigned to it. So speed it up otherwise it’s not going to be fast
Thanks for this! It used to work perfectly fine with 1 VPU, so I didn’t think of increasing the VPUs. You saved me a lot of time and frustration.
Thanks a lot 🙂 saved me some troubleshooting!
I could confirm this also! I forgot to increase the numbers of vCPUs before and I saw also the 100% CPU load at the “Microsoft Account”. Now the time-out issue is solved for me. Thanks a lot!
Rudy,
I follow your blog posts and announcements on LinkedIn, fantastic work man! and this article saved me from keeping banging my head against the wall, sometime we do not read the obvious things we should!
Thanx for replying and your kind words!
Thanks a lot. This Fix solved my issue.
We are running user driven Hybrid AD scenario and we are facing this issue on physical device having TPM 2.0. Could you please guide us on this issue?
Hi… are those devices AMD or 🙂
Thanks Mate, Increasing Vcpu resolved my issue as well 🙂
It worked for me by changing it from 1 to 16. Thanks.
what tool did you use to lookup the error code?
Thanks
the wonderful cm trace tool as also mentioned here
https://call4cloud.nl/2021/05/imecache-attack-of-the-cleaner/
i increased the cpu from 1 to 4 and ram from 1 GB to 4GB. It resolved it.
Thanks heaps.
Rudy, Thanks for this blog.
Here’s my issue. The IME is no longer getting installed automatically during this phase. It errors out that it can’t be installed. The work around is to install it manually, but what exactly is causing this? It should be “automatic” but that’s no longer the case.
If I install it manually, then it completes and moves on to the next time. Not sure what would cause this?