run-enrollment.ps1: invoke provtool.exe directly, skip PowerShell cmdlet timeout
Observed today on E8FHGDB4: Install-ProvisioningPackage timed out after the PowerShell cmdlet's hardcoded 180s limit on a 7.6 GB GCCH v4.10 PPKG. The catch-block fell through to Add-ProvisioningPackage, which returned "success" but the PPKG diagnostic bundle showed the child provtool.exe was called with empty packagePathsToAdd (session created, State=Not started, RebootCount=0). The PC was named, OOBE-completed, and BPRT apps ran, but the bulk enrollment never applied - PC was not Entra-joined. Microsoft Docs GitHub issue 502 confirms the 180s cmdlet timeout is hardcoded with no configuration option. Quest KB 4376269 suggests rebuilding the PPKG with the latest Windows Configuration Designer, but that is upstream and not under our control per PPKG. Switch to Start-Process -FilePath provtool.exe -Wait. The wait is on the actual child process, no caller-side timeout. provtool.exe is what the cmdlet was invoking anyway; we just bypass the wrapper that imposes the limit. Sources: https://support.quest.com/on-demand-migration/kb/4376269 https://github.com/MicrosoftDocs/windows-powershell-docs/issues/502 https://learn.microsoft.com/en-us/windows/configuration/provisioning-packages/provisioning-apply-package
This commit is contained in:
cproudlock
@@ -38,27 +38,35 @@ Rename-Computer -NewName $newName -Force -ErrorAction SilentlyContinue
|
||||
# enrollment PPKGs are designed to run during OOBE; on Windows 11 22H2+ they
|
||||
# can hang indefinitely if OOBE is already marked complete.
|
||||
#
|
||||
# Install-ProvisioningPackage triggers an IMMEDIATE reboot. Nothing below
|
||||
# this line executes. BPRT app installs (Chrome, Office, Tanium, etc.) happen
|
||||
# on the next boot. The sync_intune scheduled task (registered by
|
||||
# Run-ShopfloorSetup.ps1 before calling us) fires at the next logon to
|
||||
# monitor Intune enrollment.
|
||||
# We invoke provtool.exe directly instead of Install-ProvisioningPackage.
|
||||
# The PowerShell cmdlet enforces a hardcoded 180-second timeout on the
|
||||
# underlying provtool call, which a 7-8 GB GCCH PPKG often exceeds on
|
||||
# slower disks. When the cmdlet times out it throws, and the Add-
|
||||
# ProvisioningPackage fallback has been observed to invoke provtool with
|
||||
# an empty packagePathsToAdd (session registered but never started),
|
||||
# leaving the PC un-enrolled. provtool.exe directly has no caller-side
|
||||
# timeout; Start-Process -Wait waits on the actual child process.
|
||||
#
|
||||
# The PPKG triggers an IMMEDIATE reboot once fully applied. Nothing below
|
||||
# that point executes on the current boot. BPRT app installs (Chrome,
|
||||
# Office, Tanium, etc.) happen on the next boot. The sync_intune
|
||||
# scheduled task (registered by Run-ShopfloorSetup.ps1 before calling us)
|
||||
# fires at the next logon to monitor Intune enrollment.
|
||||
$ppkgLogDir = "C:\Logs\PPKG"
|
||||
New-Item -ItemType Directory -Path $ppkgLogDir -Force -ErrorAction SilentlyContinue | Out-Null
|
||||
Log "Installing provisioning package (PPKG will reboot immediately)..."
|
||||
$provtool = Join-Path $env:SystemRoot 'System32\provtool.exe'
|
||||
$provArgs = "/ppkg:`"$($ppkgFile.FullName)`" /quiet /log:`"$ppkgLogDir\provtool.log`""
|
||||
Log "Installing provisioning package via provtool.exe (no PowerShell timeout)..."
|
||||
Log "Command: $provtool $provArgs"
|
||||
Log "PPKG diagnostic logs -> $ppkgLogDir"
|
||||
try {
|
||||
Install-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall -LogsDirectoryPath $ppkgLogDir
|
||||
Log "Install-ProvisioningPackage returned (reboot may be imminent)."
|
||||
} catch {
|
||||
Log "ERROR: Install-ProvisioningPackage failed: $_"
|
||||
Log "Attempting fallback with Add-ProvisioningPackage..."
|
||||
try {
|
||||
Add-ProvisioningPackage -PackagePath $ppkgFile.FullName -ForceInstall -QuietInstall -LogsDirectoryPath $ppkgLogDir
|
||||
Log "Add-ProvisioningPackage returned."
|
||||
} catch {
|
||||
Log "ERROR: Fallback also failed: $_"
|
||||
$p = Start-Process -FilePath $provtool -ArgumentList $provArgs -Wait -PassThru -NoNewWindow -ErrorAction Stop
|
||||
Log "provtool.exe exit code: $($p.ExitCode)"
|
||||
if ($p.ExitCode -ne 0) {
|
||||
Log "WARNING: provtool.exe returned non-zero exit code. Check $ppkgLogDir\provtool.log for details."
|
||||
}
|
||||
} catch {
|
||||
Log "ERROR: Failed to launch provtool.exe: $_"
|
||||
}
|
||||
|
||||
# --- Set OOBE complete (only reached if PPKG didn't trigger immediate reboot) ---
|
||||
|
||||
Reference in New Issue
Block a user