ge-aerospace/pxe-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync_intune: gate reboot prompt on Phase 1+2+3 pre-reboot completion

Browse Source 
Don't prompt the user to reboot until the enrollment pipeline has
finished its pre-reboot work. Previously Test-RebootState fired as
soon as DSCDeployment.log showed "completed", even if Phase 1 (Identity)
or Phase 2 (SFLD config) checks were still in progress.

Now the reboot prompt requires ALL of these to be green in the snapshot:
  Phase 1: AzureAdJoined, IntuneEnrolled, EmTaskExists, PoliciesArriving
  Phase 2: SfldRoot, FunctionOk, SasTokenOk
  Phase 3: DeployLogExists, DeployComplete

This prevents the edge case where DSCDeployment.log completes but the
user reboots before Intune policies have fully landed, which could leave
the post-reboot DSC install phase without the SAS token or function
assignment it needs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
cproudlock
2026-04-10 09:31:11 -04:00
parent e17b3a521d
commit 7c26e10f7e
1 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
View File

@@ -615,11 +615,28 @@ try {
Invoke-SetupComplete Invoke-SetupComplete
} }
# Reboot check (boot-loop-safe) # Reboot check (boot-loop-safe). Only prompt once Phase 1 (Identity),
# Phase 2 (SFLD config), and Phase 3's first two items (deploy log
# present + pre-reboot deployment complete) are all green. Don't rush
# the user into rebooting before the enrollment pipeline has finished
# its pre-reboot work.
$rebootState = Test-RebootState $rebootState = Test-RebootState
if ($rebootState -eq 'needed') { if ($rebootState -eq 'needed') {
$preRebootReady = (
$snap.Phase1.AzureAdJoined -and
$snap.Phase1.IntuneEnrolled -and
$snap.Phase1.EmTaskExists -and
$snap.Phase1.PoliciesArriving -and
$snap.Phase2.SfldRoot -and
$snap.Phase2.FunctionOk -and
$snap.Phase2.SasTokenOk -and
$snap.Phase3.DeployLogExists -and
$snap.Phase3.DeployComplete
)
if ($preRebootReady) {
Invoke-RebootPrompt Invoke-RebootPrompt
} }
}
# Re-trigger sync periodically # Re-trigger sync periodically
if ((Get-Date) -ge $nextRetrigger) { if ((Get-Date) -ge $nextRetrigger) {