**Important Note We have read every thread we could find related to this error on the forums and probably on the internet. I'm also fairly new to Autopilot in general, so I have a few thoughts with regards to next steps to see if we can Autopilot working more efficiently, so any advice would be greatly appreciated.
Until a short time ago our Autopilot process was working very smooth (new and re-provisioned devices). Recently we started to receive the infamous "Something went wrong...error code: 80070774" and we have not yet nailed down a fix. No changes to the environment have been identified, so the question becomes what triggered these errors and why would they have started. The error is completely random meaning we might be able to provision 3 new devices, but the next 8 fail. I've been reviewing article after article and have gotten what appears to be some good information albeit confusing in some parts. Need to get a little help if that is possible. The breakdown and my thoughts are below.
NOTE: All of the following details are performed on network (no VPN connectivity used)
Autopilot Profile Config
User-Driven
Hybrid Azure AD joined
Skip AD connectivity check (preview) No
Language (Region) English (United States)
Automatically configure keyboard Yes
Microsoft Software License Terms Hide
Privacy settings Hide
Hide change account options Hide
User account type Standard
Allow pre-provisioned deployment Yes
Apply device name template No
Assignments target computers (no users)
Configuration Profile
Profile type = Domain Joined
Computer Prefix = ABC-
OU=AzureHybridJoined,DC=domain,DC=com
Groups target computers (no users)
Next Steps
1. Boot error system (Shift F10) for cmd prompt
2. Test ping DNS to all domain controllers
3. Test ping DNS to all Intune Connectors
4. Verify Intune Connector are in healthy/active state
5. Review eventvwr on Intune Connectors (Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider). Look for Event IDs 30130 and 30140.
6. Verify whether or not the device shows up in the OU
7. Verify the SCP under Sites and Services
8. Verify delegation is set properly for Intune Connector servers
9. Verify if the device AD object receives the certificate attribute
10. Verify whether AD Connect ads the device to AAD as Hybrid AAD
Questions:
1. Do we have the correct eventvwr path and Event IDs from #5 to verify whether or not the device requests and downloaded the ODJ blob file (or however this is phrased)?
2. Where on the device eventvwr can we verify it received and executed it successfully?
3. Does the device need access to the internet specifically for these 3 sites? https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com, https://login.live.com
4. Read that the Intune Connectors need access to the internet. Seems odd if the role it plays is to join the device to the on-premise domain? Is this accurate
As I have read through a few good articles does the overarching issue revolve around a devices on-premises not yet synced with the AAD Connector (30 minute max) along with the computer certificate attribute being required so the device can properly register as a Hybrid AAD joined device thus receiving the token necessary to authenticate the provisioning user to Azure AD and thus working properly?
Thank you for any assistance or guidance you can provide.
Blind
