Troubleshoot Autopilot device import and enrollment

  • Article
  • iii minutes to read

Applies to

  • Windows 11
  • Windows ten

See the following sections for information about issues that can occur when importing and enrolling devices into Intune.

Error code 0x80180014 when re-enrolling using self-deployment or pre-provisioning way

Subsequently the first Autopilot deployment, devices with a targeted Autopilot self-deployment manner or pre-provisioning mode profile can't automatically re-enroll using Autopilot. If you try to redeploy the device, then the 0x80180014 fault code is returned:

Enrollment status page shows 0x80180014 error code on devices using self-deployment mode or pre-provisioning mode.

Pre-provisioning page shows 0x80180014 error code on devices using self-deployment mode or pre-provisioning mode.

The ETW logs may evidence the post-obit error:

MDM Enroll: Server Returned Error/Lawmaking/Subcode/Value=(DeviceNotSupported) Mistake/Reason/Text=(Enrollment blocked for AP device by SDM Ane Fourth dimension Limit Check)

Crusade A

Microsoft Endpoint Manager changed the Windows Autopilot self-deployment way (Public Preview) and Pre-Provisioning mode (formerly known equally white glove, in Public Preview) experience. To reuse a device, you must delete the device record created past Intune.

This change impacts all Autopilot deployments that use the cocky-deployment or pre-provisioning manner. This modify impacts devices when they're reused, reset, or when redeploying a profile.

Resolution A

To redeploy the device through Autopilot:

  1. Delete the device tape in Intune. For the specific steps, meet Delete devices from the Endpoint Manager admin center.
  2. Redeploy the Autopilot deployment profile.

Crusade B

Windows MDM enrollment is disabled in your Intune tenant.

Resolution B

To fix this issue in a stand up-alone Intune environment, follow these steps:

  1. In the Microsoft Endpoint Manager admin center, chooses Devices > Enrollment restrictions, and then cull a device type restriction.
  2. Choose Properties > Edit adjacent to Platform settings. Then select Allow for Windows (MDM).
  3. Select Review then Relieve.

Device import issues

Cannot convert device hash fault

Clarification

  • Clicking Import after selecting CSV does aught
  • A 400 error appears in network trace with error body "Cannot catechumen the literal '[DEVICEHASH]' to the expected type 'Edm.Binary'

Cause

This error points to the device hash being incorrectly formatted. Annihilation that corrupts the collected hash can crusade this error. One possibility is that the hash itself (fifty-fifty if it's valid) fails to be decoded.

Explanation

The device hash is Base64. At the device level, it'due south encoded as unpadded Base64, simply Autopilot expects padded Base64. Usually, the payload doesn't require padding and the process works. Sometimes, however, the payload doesn't line upwardly cleanly and padding is necessary. In this case, y'all go the mistake displayed in a higher place. PowerShell's Base64 decoder also expects padded Base64, and so we can apply this decoder to validate that the hash is properly padded.

The "A" characters at the end of the hash are effectively empty information. Each graphic symbol in Base64 is 6 $.25, A in Base64 is 6 $.25 equal to 0. Deleting or adding As at the end doesn't change the actual payload data.

Resolution

To fix this event, nosotros'll need to change the hash, then exam the new value, until PowerShell succeeds in decoding the hash. The result is mostly illegible, which is fine. We're just looking for it to not throw the mistake "Invalid length for a Base-64 char array or string".

To examination the base64, you tin use the following PowerShell:

              [System.Text.Encoding]::ascii.getstring( [System.Catechumen]::FromBase64String("DEVICE HASH"))

And then, as an example (this isn't a device hash, but it's misaligned unpadded Base64 and so it'due south proficient for testing):

              [Arrangement.Text.Encoding]::ascii.getstring( [System.Catechumen]::FromBase64String("Q29udG9zbwAAA"))

Now for the padding rules. The padding character is "=". The padding graphic symbol tin just exist at the end of the hash, and there tin can only be a maximum of two padding characters. Here's the basic logic.

  • Does decoding the hash fail?
  • Yes: Are the last ii characters "="?
    • Yeah: Replace both "=" with a unmarried "A" character, and so try again
    • No: Add together another "=" character at the end, and then try again
  • No: That hash is valid

Looping the logic in a higher place on the previous example hash, nosotros become the following permutations:

  • Q29udG9zbwAAA
  • Q29udG9zbwAAA=
  • Q29udG9zbwAAA==
  • Q29udG9zbwAAAA
  • Q29udG9zbwAAAA=
  • Q29udG9zbwAAAA== (This one has valid padding)

Replace the collected hash with this new padded hash then endeavour to import once more.

Intune enrollment problems

Come across this cognition base article for assist with Intune enrollment bug. Mutual issues tin can include"

  • incorrect or missing licenses assigned to the user.
  • too many devices enrolled for the user.

Mistake code 80180018 will typically be reported on an mistake page titled "Something went wrong". This error means that the MDM enrollment failed.

If Autopilot Reset fails immediately with the mistake Ran into trouble. Please sign in with an administrator business relationship to see why and reset manually, see Troubleshoot Autopilot Reset for more help.

Windows Autopilot - known issues
Diagnose MDM failures in Windows 10