question

ChristianSchmitt-7822 avatar image
0 Votes"
ChristianSchmitt-7822 asked Crystal-MSFT commented

intune enrollment failed - hardware will be secured

Hello,

I'm trying to enroll a device that was already used via intune and autopilot (self-deploying profile). we previously used the device with intune but never used autopilot for this device (but we used the same device with autopilot successfully with the same profile, but these were new ones)
we uploaded/imported the device via the partner portal functionality for our customer.

However the device will always fail "instantly" with error code 0x81039001 (first step, securing hardware)

is there anything we can do to enroll it now? or is this impossible?

mem-intune-enrollment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image
0 Votes"
Crystal-MSFT answered Crystal-MSFT edited

@ChristianSchmitt-7822, From your description, I know the device is already enrolled into Intune. Could you confirm if we delete the device from Intune portal and Azure AD portal before we enroll again? If not, please delete it and reset the device to try Autopilot enroll again to see if it works.

Meanwhile, if we deploy the Autopilot profile with self-deploying mode, the device must have TPM 2.0 and support TPM device attestation. Please check if we meet all the requirements according to the following link:
https://docs.microsoft.com/en-us/mem/autopilot/self-deploying#requirements

Please check the above information and if there's any update, feel free to let us know.


If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ChristianSchmitt-7822 avatar image
0 Votes"
ChristianSchmitt-7822 answered Crystal-MSFT commented

Actually the Device was already deleted. The Device has TPM 2.0 support and has TPM device attestation enabled (it's a Latitude 5411), we previously enrolled these same devices with the used profile already (flawlessly).
I've also seen issues with attestation and tpm 2.0 problems but it was never a 0x81039001 error somehow.

Actually after updating the Image via PSWindowsUpdate we are a step further, however now it looks like we run into: 0x800705b4 which might suggest that the tpm 2.0 should be factory resetted i guess.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@ChristianSchmitt-7822, Thanks for the reply.

After doing more research, I find some similar issue which are fixed by install the following KB in the image:
https://support.microsoft.com/en-us/topic/november-22-2021-kb5007253-os-builds-19041-1387-19042-1387-19043-1387-and-19044-1387-preview-d1847be9-46c1-49fc-bf56-1d469fc1b3af

From your description, I notice we update the image via PSWindowsUpdate. Could you confirm if the above KB is installed or the latest updates are all installed?

For the option to reset TPM, we can also try to see if it can make it works.


0 Votes 0 ·

@ChristianSchmitt-7822, Hope things are going well. If there's any update, feel free to let us know.

Thanks and have a nice day!

0 Votes 0 ·