Troubleshooting unexpected reboots when using Windows Autopilot can be challenging for sure. This post is a quick tip around how the Event ID 2800 in the DeviceManagement-Enterprise-Diagnostics-Provider should be used. During our session on troubleshooting the modern managed device at MMS in Minneapolis we got this question a couple of times, this post will explain how to interpret the event ID 2800.
We also get a lot in forums and discussions that “this is how Autopilot works” and that unexpected reboots are by design. That is totally wrong and must be solved both for a great end user experience but also it will be a huge blocker for any password less implementation.
Scenario: We have targeted all the policies to user targeting instead of device targeting for all the policies that we know causes and extra reboot during Autopilot.
We are using the User ESP part as well (we have not disabled it)
We still get and extra reboot during Autopilot and when looking in the event log we see that we have.
When we look in the event log, we have 6x 2800 entries with URI that have caused an extra reboot. But that is not correct, if we look at the timestamp, we can see that one entry is 43 minutes before the others.
That is the policy causing the extra reboot as the others are applied much later during the User part of ESP.
Hope this will save time when troubleshooting unexpected reboots