diff --git a/windows/client-management/mdm/diagnose-provisioning-packages.md b/windows/client-management/mdm/diagnose-provisioning-packages.md deleted file mode 100644 index 185b890101..0000000000 --- a/windows/client-management/mdm/diagnose-provisioning-packages.md +++ /dev/null @@ -1,54 +0,0 @@ ---- -title: Diagnose Provisioning Packages -description: Diagnose general failures in provisioning. -ms.reviewer: -manager: aaroncz -ms.author: lizlong -ms.topic: article -ms.prod: windows-client -ms.technology: itpro-manage -author: lizgt2000 -ms.date: 01/18/2023 -ms.collection: highpri ---- - -# Diagnose Provisioning Packages - -## Unable to apply Power Settings -When applying certain provisioning packages containing [power settings](../windows-hardware/customize/power-settings/configure-power-settings?view=windows-11) they require elevated permissions which are not applied when applying PPKGs [after the initial setup](/windows/configuration/provisioning-packages/provisioning-apply-package#after-initial-setup). An error of STATUS_PRIVILEGE_NOT_HELD (HRESULT=0xc0000061) is given when applying these packages with the incorrect security context. - -Simply placing the PPKG into %WINDIR%/Provisioning/Packages and rebooting the machine will apply the packages with the [correct security context](../windows/win32/services/localsystem-account) as stated in [Configure power settings](../windows-hardware/customize/power-settings/configure-power-settings?view=windows-11) - -## Unable to perform Bulk Enrollment in Azure AD -See [allow enrollment into Azure AD for provisioning packages](https://techcommunity.microsoft.com/t5/intune-customer-success/bulk-join-a-windows-device-to-azure-ad-and-microsoft-endpoint/ba-p/2381400). - - -## Unable to apply a multivariant provisioning package -If creating a [multivariant package](../windows/configuration/provisioning-packages/provisioning-multivariant). It may be difficult to diagnose why a certain target did not get applied. There may be conditions improperly authored which when applied to the target device may not be evaluated as expected. - - -Tooling has been included to surface these conditions in the event a certain target did not get applied. - -## Diagnosing general failures in provisioning -To help diagnose common problems, you can run the [MdmDiagnosticsTool](../windows/client-management/diagnose-mdm-failures-in-windows-10) and capture multivariant condition values. - -## Diagnosing multivariant problems -When applying multivariant packages it may be difficult to see why a target was not applied. The [MdmDiagnosticsTool](../windows/client-management/diagnose-mdm-failures-in-windows-10) includes the multivariant condition values on the target system. - -(Zinc semester addition - Deliverable 41742231: [Hydra] [Tooling] Add MultiVariant handler values to MdmdiagnosticsTool diagnostics) which can be helpful when diagnosing why the PPKG was not applied in the target system. - -The MDMDiagReport.xml will contain the Multivariant Conditions in the report. Using powershell, we can get the values like so: -([XML](Get-Content MDMDiagReport.xml)).SelectNodes('//Multivariant') | Select -ExpandProperty Condition \ No newline at end of file diff --git a/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md new file mode 100644 index 0000000000..55773531a2 --- /dev/null +++ b/windows/configuration/provisioning-packages/diagnose-provisioning-packages.md @@ -0,0 +1,43 @@ +--- +title: Diagnose Provisioning Packages +description: Diagnose general failures in provisioning. +ms.reviewer: +manager: aaroncz +ms.author: lizlong +ms.topic: article +ms.prod: windows-client +ms.technology: itpro-manage +author: lizgt2000 +ms.date: 01/18/2023 +ms.collection: highpri +--- + +# Diagnose Provisioning Packages + +This article helps diagnose common issues with applying provisioning packages. You can use the [MdmDiagnosticsTool](/windows/client-management/diagnose-mdm-failures-in-windows-10) to diagnose general provisioning failures. + +## Unable to apply power settings + +When applying a provisioning package (PPKG) containing [power settings](/windows-hardware/customize/power-settings/update-power-settings), elevated permissions are required. Power settings applied using the user context after the [initial setup](/windows/configuration/provisioning-packages/provisioning-apply-package#after-initial-setup), results in the error `STATUS_PRIVILEGE_NOT_HELD (HRESULT=0xc0000061)` because an incorrect security context was used. + +To apply the power settings successfully with the [correct security context](/windows/win32/services/localsystem-account), place the PPKG in `%WINDIR%/Provisioning/Packages` directory, and reboot the device. For more information, see [Configure power settings](/windows-hardware/customize/power-settings/configure-power-settings). + +## Unable to perform bulk enrollment in Azure AD + +See [allow enrollment into Azure AD for provisioning packages](https://techcommunity.microsoft.com/t5/intune-customer-success/bulk-join-a-windows-device-to-azure-ad-and-microsoft-endpoint/ba-p/2381400). + + + +## Unable to apply a multivariant provisioning package + +When applying a [multivariant package](/windows/configuration/provisioning-packages/provisioning-multivariant), it may be difficult to diagnose why a certain target did not get applied. There may have been improperly authored conditions that did not evaluate as expected. + +To diagnose problems with multivariant packages, [MdmDiagnosticsTool](/windows/client-management/diagnose-mdm-failures-in-windows-10) (in Windows 11 version 22H2) includes multivariant condition values which can be helpful to determine why the PPKG was not applied. + +You can use the following PowerShell example to review the multivariant conditions in the `MDMDiagReport.xml` report: + +```powershell +([XML](Get-Content MDMDiagReport.xml)).SelectNodes('//Multivariant') | Select -ExpandProperty Condition +```