From 7e1ea03f020387f0502a60c5e066098c15b88d65 Mon Sep 17 00:00:00 2001
From: cproudlock <cproudlock@localhost>
Date: Wed, 13 May 2026 18:15:04 -0400
Subject: [PATCH] Decouple wired-NIC re-enable from DeviceId capture

Previous logic bundled re-enable into the idx=7 DeviceId-push gate.
If DeviceId hadn't been captured yet (AAD join lag, dsregcmd parse
miss), re-enable never fired even though the Report IP log was
already sitting at C:\Logs\GE_Report_IP_Address*.txt and the NIC
state file was on disk.

Split into two independent checks per tick:
 1. Re-enable: triggered by (Report IP log) AND (NIC state file) only.
 2. idx=7 push: still gated on (DeviceId) AND (Report IP log).

Fixes case observed in field: file exists in C:\Logs but wired NICs
stayed off and the bay couldn't reach the PXE dashboard for idx=7.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .../Shopfloor/lib/Monitor-IntuneProgress.ps1  | 74 +++++++++----------
 1 file changed, 34 insertions(+), 40 deletions(-)

diff --git a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1 b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
index bf02278..727fde8 100644
--- a/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
+++ b/playbook/shopfloor-setup/Shopfloor/lib/Monitor-IntuneProgress.ps1
@@ -222,48 +222,42 @@ function Get-Phase1 {
         } catch {}
     }
 
-    # Push DeviceId to the PXE dashboard exactly once (the imaging.html card
-    # renders a QR of it). Gated on Report IP log existing: Run-ShopfloorSetup
-    # disabled wired NICs after stage 2 push so GE's Report IP webhook only
-    # sees the corp-WiFi IP. We wait for the log file to appear (proof Report
-    # IP fired clean), re-enable the NICs we recorded, sleep a tick so the
-    # interface comes back up, then push idx=7. Until the log exists, Phase 1
-    # stays "in progress" on the dashboard - which is correct, the bay is
-    # not actually "done with registration" until the Report IP step has
-    # cleared.
-    if ($script:cache.DeviceId -and -not $script:cache.DeviceIdReported) {
-        $reportIpLog = Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*.txt' -ErrorAction SilentlyContinue |
-                       Select-Object -First 1
-        if ($reportIpLog) {
-            # Re-enable any wired NICs Run-ShopfloorSetup disabled. Quick
-            # before the eventual Intune-driven reboot fires so the bay
-            # gets a clean wired path back to the PXE dashboard for idx=7
-            # + idx=8 pushes.
-            $nicListFile = 'C:\Enrollment\disabled-wired-nics.txt'
-            if (Test-Path $nicListFile) {
-                try {
-                    $nicNames = Get-Content $nicListFile -ErrorAction Stop
-                    foreach ($n in $nicNames) {
-                        if ([string]::IsNullOrWhiteSpace($n)) { continue }
-                        try { Enable-NetAdapter -Name $n -Confirm:$false -ErrorAction Stop }
-                        catch { Write-Warning "Enable-NetAdapter '$n' failed: $_" }
-                    }
-                    Start-Sleep -Seconds 1
-                    Remove-Item $nicListFile -Force -ErrorAction SilentlyContinue
-                } catch {
-                    Write-Warning "Re-enable wired NICs failed: $_"
-                }
+    # Report IP log presence drives two independent actions that USED to be
+    # bundled inside the DeviceId-push gate. Splitting them so re-enable
+    # fires even if DeviceId hasn't been captured yet (e.g. AAD join lag,
+    # dsregcmd parse miss):
+    #
+    # 1. Re-enable wired NICs as soon as the log lands + state file exists.
+    # 2. Push idx=7 once DeviceId is captured AND the log exists.
+    $reportIpLog = Get-ChildItem -Path 'C:\Logs\GE_Report_IP_Address*.txt' -ErrorAction SilentlyContinue |
+                   Select-Object -First 1
+    $nicListFile = 'C:\Enrollment\disabled-wired-nics.txt'
+    if ($reportIpLog -and (Test-Path $nicListFile)) {
+        try {
+            $nicNames = Get-Content $nicListFile -ErrorAction Stop
+            foreach ($n in $nicNames) {
+                if ([string]::IsNullOrWhiteSpace($n)) { continue }
+                try { Enable-NetAdapter -Name $n -Confirm:$false -ErrorAction Stop }
+                catch { Write-Warning "Enable-NetAdapter '$n' failed: $_" }
             }
+            Start-Sleep -Seconds 1
+            Remove-Item $nicListFile -Force -ErrorAction SilentlyContinue
+        } catch {
+            Write-Warning "Re-enable wired NICs failed: $_"
+        }
+    }
 
-            Ensure-SendPxeStatus
-            if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
-                try {
-                    Send-PxeStatus -Stage 'Monitor-IntuneProgress: Intune Device ID captured' `
-                                   -StageIndex 7 -StageTotal 8 `
-                                   -IntuneDeviceId $script:cache.DeviceId
-                    $script:cache.DeviceIdReported = $true
-                } catch { }
-            }
+    # Push DeviceId / idx=7 once, when both DeviceId is captured and the
+    # Report IP log has landed (dashboard QR renders from DeviceId).
+    if ($script:cache.DeviceId -and -not $script:cache.DeviceIdReported -and $reportIpLog) {
+        Ensure-SendPxeStatus
+        if (Get-Command Send-PxeStatus -ErrorAction SilentlyContinue) {
+            try {
+                Send-PxeStatus -Stage 'Monitor-IntuneProgress: Intune Device ID captured' `
+                               -StageIndex 7 -StageTotal 8 `
+                               -IntuneDeviceId $script:cache.DeviceId
+                $script:cache.DeviceIdReported = $true
+            } catch { }
         }
     }