Network connectivity test for Autopilot Hybrid deployment

 There’s 3 method to check network connectivity by using:

•  Test-DeviceRegConnectivity.ps1
• Test-MicrosoftEndpointNetworks
• Run port checking via ns authority/system - PsExec

After a network connection is in place, each Windows device will contact the Windows Autopilot Deployment Service. With Windows 10 version 1903 and above, the following URLs are used:

•  https://ztd.dds.microsoft.com
•  https://cs.dds.microsoft.com 
• https://login.live.com

Copy 3 files in USB

• PsExec.exe
• Test-DeviceRegConnectivity.ps1
• Test-MicrosoftEndpointNetworks.ps1

Test-DeviceRegConnectivity.ps1

Test-DeviceRegConnectivity PowerShell script helps to test the Internet connectivity to the following Microsoft resources under the system context to validate the connection status between the device that needs to be connected to Azure AD as hybrid Azure AD joined device and Microsoft resources that are used during device registration process. It also, checks for SSL/TLS handshake and report as failure if any.

• https://login.microsoftonline.com
• https://device.login.microsoftonline.com
•  https://enterpriseregistration.windows.net

The steps are:

1. Get the script from this link - TestDeviceRegConnectivity/Test-DeviceRegConnectivity.ps1 at main · Azure-Samples/TestDeviceRegConnectivity · GitHub
2. Press Shift + F10 to launch command prompt.
3. Type powershell to switch to PowerShell.
4. Run c:\Test-DeviceRegConnectivity.ps1 and monitor the result.

The result should succeeded to connect 3 URL required.

Success result as per below:

*If failed, please check and verify with your network team.

Test-MicrosoftEndpointNetworks.ps1

This script to test connectivity of port required.

•  Port 443
•  Port 80

The steps are:

1.       Run c:\Test-MicrosoftEndpointNetworks

2.       Get the result.

*If failed, please check and verify with your network team.

PsExec.exe from Sysinternalsuite

Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following conditions:

         i.            Ensure Domain Name Services (DNS) name resolution for internet DNS names.

       ii.            Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP).

Check and test connection via nt authority/system by follow below steps:

1.       Launch powershell with PsExec by run command c:\PsExec -s -I powershell

Verify that the command is run as nt authority\system

2.       Run test-networkconnection for 80, 443 and 123.

a.       Tnc -Port 443 -ComputerName login.microsoftonline.com

b.       Tnc -Port 443 -ComputerName device.login.microsoftonline.com

c.       Tnc -Port 443 -ComputerName enterpriseregistration.windows.net

https://login.microsoftonline.com - This is the main endpoint for Azure AD authentication and authorization.

https://device.login.microsoftonline.com - This endpoint is used for device registration and management.

https://enterpriseregistration.windows.net - This endpoint is used for registering and enrolling devices in an enterprise environment.

*If failed, please check and verify with your network team.

 

Uninstall Office365 Apps exclude Visio, Project and install Office 2021 Apps in with xml file

 

Copy this and save in xml

<Configuration>

    <Add SourcePath="\\sccmatk\SCCMSource\Office2021" OfficeClientEdition="64"

        Channel="PerpetualVL2021">

        <Product ID="ProPlus2021Volume" PIDKEY="enter your key here">

            <Language ID="en-us" />

        </Product>

    </Add>

    <Remove OfficeClientEdition="64">

        <Product ID="O365ProPlusRetail">

            <Language ID="en-us" />

        </Product>

        <IgnoreProduct ID="PrjStd" />

        <IgnoreProduct ID="PrjPro" />

        <IgnoreProduct ID="VisStd" />

        <IgnoreProduct ID="VisPro" />

        <IgnoreProduct ID="PrjStdR" />

        <IgnoreProduct ID="PrjProR" />

        <IgnoreProduct ID="VisStdR" />

        <IgnoreProduct ID="VisProR" />

        <IgnoreProduct ID="VisioProRetail" />

        <IgnoreProduct ID="ProjectProRetail" />

        <IgnoreProduct ID="VisioProXVolume" />

        <IgnoreProduct ID="VisioPro2019Retail" />

        <IgnoreProduct ID="VisioPro2021Retail" />

        <IgnoreProduct ID="VisioPro2019Volume" />

        <IgnoreProduct ID="VisioPro2021Volume" />

        <IgnoreProduct ID="VisioStdRetail" />

        <IgnoreProduct ID="VisioStdXVolume" />

        <IgnoreProduct ID="VisioStd2019Retail" />

        <IgnoreProduct ID="VisioStd2021Retail" />

        <IgnoreProduct ID="VisioStd2019Volume" />

        <IgnoreProduct ID="VisioStd2021Volume" />

        <IgnoreProduct ID="ProjectProXVolume" />

        <IgnoreProduct ID="ProjectPro2019Retail" />

        <IgnoreProduct ID="ProjectPro2021Retail" />

        <IgnoreProduct ID="ProjectPro2019Volume" />

        <IgnoreProduct ID="ProjectPro2021Volume" />

        <IgnoreProduct ID="ProjectStdRetail" />

        <IgnoreProduct ID="ProjectStdXVolume" />

        <IgnoreProduct ID="ProjectStd2019Retail" />

        <IgnoreProduct ID="ProjectStd2021Retail" />

        <IgnoreProduct ID="ProjectStd2019Volume" />

        <IgnoreProduct ID="ProjectStd2021Volume" />

    </Remove>

    <Display Level="None" AcceptEULA="TRUE" />

</Configuration>

Registry result

App result