ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

run-enrollment.ps1: invoke provtool.exe directly, skip PowerShell cmdlet timeout

Browse Source 
Observed today on E8FHGDB4: Install-ProvisioningPackage timed out after
the PowerShell cmdlet's hardcoded 180s limit on a 7.6 GB GCCH v4.10
PPKG. The catch-block fell through to Add-ProvisioningPackage, which
returned "success" but the PPKG diagnostic bundle showed the child
provtool.exe was called with empty packagePathsToAdd (session created,
State=Not started, RebootCount=0). The PC was named, OOBE-completed,
and BPRT apps ran, but the bulk enrollment never applied - PC was not
Entra-joined.

Microsoft Docs GitHub issue 502 confirms the 180s cmdlet timeout is
hardcoded with no configuration option. Quest KB 4376269 suggests
rebuilding the PPKG with the latest Windows Configuration Designer,
but that is upstream and not under our control per PPKG.

Switch to Start-Process -FilePath provtool.exe -Wait. The wait is on
the actual child process, no caller-side timeout. provtool.exe is
what the cmdlet was invoking anyway; we just bypass the wrapper that
imposes the limit.

Sources:
  https://support.quest.com/on-demand-migration/kb/4376269
  https://github.com/MicrosoftDocs/windows-powershell-docs/issues/502
  https://learn.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package
This commit is contained in:
cproudlock
2026-04-15 08:35:35 -04:00
parent adef507084
commit 5a9c3db7af
1 changed files with 24 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
playbook/shopfloor-setup/run-enrollment.ps1
View File

@@ -38,27 +38,35 @@ Rename-Computer -NewName $newName -Force -ErrorAction SilentlyContinue
# enrollment PPKGs are designed to run during OOBE; on Windows 11 22H2+ they # enrollment PPKGs are designed to run during OOBE; on Windows 11 22H2+ they
# can hang indefinitely if OOBE is already marked complete. # can hang indefinitely if OOBE is already marked complete.
# #
# Install-ProvisioningPackage triggers an IMMEDIATE reboot. Nothing below # We invoke provtool.exe directly instead of Install-ProvisioningPackage.
# this line executes. BPRT app installs (Chrome, Office, Tanium, etc.) happen # The PowerShell cmdlet enforces a hardcoded 180-second timeout on the
# on the next boot. The sync_intune scheduled task (registered by # underlying provtool call, which a 7-8 GB GCCH PPKG often exceeds on
# Run-ShopfloorSetup.ps1 before calling us) fires at the next logon to # slower disks. When the cmdlet times out it throws, and the Add-
# monitor Intune enrollment. # ProvisioningPackage fallback has been observed to invoke provtool with
# an empty packagePathsToAdd (session registered but never started),
# leaving the PC un-enrolled. provtool.exe directly has no caller-side
# timeout; Start-Process -Wait waits on the actual child process.
#
# The PPKG triggers an IMMEDIATE reboot once fully applied. Nothing below
# that point executes on the current boot. BPRT app installs (Chrome,
# Office, Tanium, etc.) happen on the next boot. The sync_intune
# scheduled task (registered by Run-ShopfloorSetup.ps1 before calling us)
# fires at the next logon to monitor Intune enrollment.
$ppkgLogDir = "C:\Logs\PPKG" $ppkgLogDir = "C:\Logs\PPKG"
New-Item -ItemType Directory -Path $ppkgLogDir -Force -ErrorAction SilentlyContinue | Out-Null New-Item -ItemType Directory -Path $ppkgLogDir -Force -ErrorAction SilentlyContinue | Out-Null
Log "Installing provisioning package (PPKG will reboot immediately)..." $provtool = Join-Path $env:SystemRoot 'System32\provtool.exe'
$provArgs = "/ppkg:`"$($ppkgFile.FullName)`" /quiet /log:`"$ppkgLogDir\provtool.log`""
Log "Installing provisioning package via provtool.exe (no PowerShell timeout)..."
Log "Command: $provtool $provArgs"
Log "PPKG diagnostic logs -> $ppkgLogDir" Log "PPKG diagnostic logs -> $ppkgLogDir"
try { try {
Install-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall -LogsDirectoryPath $ppkgLogDir $p = Start-Process -FilePath $provtool -ArgumentList $provArgs -Wait -PassThru -NoNewWindow -ErrorAction Stop
Log "Install-ProvisioningPackage returned (reboot may be imminent)." Log "provtool.exe exit code: $($p.ExitCode)"
} catch { if ($p.ExitCode -ne 0) {
Log "ERROR: Install-ProvisioningPackage failed: $_" Log "WARNING: provtool.exe returned non-zero exit code. Check $ppkgLogDir\provtool.log for details."
Log "Attempting fallback with Add-ProvisioningPackage..."
try {
Add-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall -LogsDirectoryPath $ppkgLogDir
Log "Add-ProvisioningPackage returned."
} catch {
Log "ERROR: Fallback also failed: $_"
} }
} catch {
Log "ERROR: Failed to launch provtool.exe: $_"
} }
# --- Set OOBE complete (only reached if PPKG didn't trigger immediate reboot) --- # --- Set OOBE complete (only reached if PPKG didn't trigger immediate reboot) ---