anyweb

and if you rdp to one of these machines and launch the console, does it work ?

what does the SMSAdminUI.log tell you (on their pc) ?

the ruleengine.log should give you some clues as to why it's taking time to do what you expect, take a look at this old blog post which will hopefully give you some ideas about going deeper with your troubleshooting

have you looked at your SQL firewall ports on the primary, there are several errors connecting to it in the start of the log *** [08001][2][Microsoft][SQL Server Native Client 11.0]A network-related or instance-specific error has occurred while establishing a connection to SQL Server. Server is not found or not accessible. Check if instance name is correct and if SQL Server is configured to allow remote connections. For more information see SQL Server Books Online. *** Failed to connect to the SQL Server, connection type: SCCM02-SHA.company.LOCAL MASTER. ERROR: Failed to connect to SQL Server 'master' db.

can you share the entire ConfigMgrPrereq.log, feel free to remove any private info first

on that server open a cmd prompt and do gpupdate /force if there's anything 'wrong' with the domain join, that'll tell you, particularly if it was a domain joined vm that was snapshotted back in time, that can drop the trust relationship

have you tried adding this to your unattend.xml ? <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"> <OOBE> <HideEULAPage>true</HideEULAPage> <ProtectYourPC>1</ProtectYourPC> <HideLocalAccountScreen>true</HideLocalAccountScreen> <HideOnlineAccountScreens>true</HideOnlineAccountScreens> <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> <SkipUserOOBE>true</SkipUserOOBE> <SkipMachineOOBE>true</SkipMachineOOBE> <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> </OOBE> <RegisteredOrganization></RegisteredOrganization> <RegisteredOwner></RegisteredOwner> <TimeZone></TimeZone> </component> </settings> <cpi:offlineImage cpi:source="wim://<server-name>/<share-name>/operating%20systems/windows%2010%20education%20x64%201703/sources/install.wim#Windows 10 Enterprise" xmlns:cpi="urn:schemas-microsoft-com:cpi" /> </unattend>

while you are at it check out https://techcommunity.microsoft.com/t5/windows-it-pro-blog/don-t-wait-for-june-15th-set-your-own-ie-retirement-date/ba-p/3298143

great that you got it working ! now regarding your UPN, you'll have to modify the script to work with your custom layout, and modify the $user and $upnsuffix variables to suit your environment, that's up to you to solve you might need to pull this info from Active Directory if it's available there

it must run under system context, so set it like i show in the picture below

hi @ryand274 did you modify the step to create the scheduled task in any way, it's very sensitive to any changes secondly, how are you testing this, i'd recommend you take a look at part 3 where I explain how to troubleshoot things

if you want the device bitlockered BEFORE a user logs on then do it via OSD as I explain here https://www.niallbrady.com/2022/03/06/new-video-escrow-bitlocker-recovery-password-to-the-site-during-a-task-sequence-in-configuration-manager-2203/

yes a user must be logged on, i've got my new lab at 2203 now in e-http mode, i haven't enabled Bitlocker Management yet for reports check my posts on that here

it takes time to get my lab up and running, and i have a day job, but i'm working on it... i'll let you know when i'm done

i'll get one of my labs up to 2203 without bitlocker management, and try testing this...