I´m testing WIN10 silent enrollment using different parameter combinations as described here :
I have tested some combinations that work as aspected to enroll my Win10 devices but there is one that I can´t get to work. Maybe I’m doing wrong or I’m not understanding it correctly.
The description of the parameter SECURITYTYPE=<B(asic)/D(Directory)> says :
“EOBO Workflow Only: Needed if user account is added to Workspace ONE UEM console during enrollment process”.
So I’m assuming that I can stage the device with a proper staging user I’ve created in WS1 UEM for that purpose and after that create a new WS1 UEM user providing the credentials in the script and enroll the device with this user . Somethig like this
msiexec /i c:TempAirwatchAgent.msi /q ENROLL=Y SERVER=xxxxx.awmdm.com LGName=OU-LAB USERNAME=Stageuser PASSWORD=******* STAGEUSERNAME=NewUser SECURITYTYPE=B STAGEPASSWORD=*******
This is only one of the combinations I’ve tested for this workflow and seems to make sense. but is not working. When I have a look at the logs I can see that the OU and staging user are validated correctly but the NewUser is not created in WS1. Instead of this I’m asked to provide an existing user
ValidateGroupIdentifier: STARTED Executing
ValidateGroupIdentifier: ENDED Executing
ValidateLoginCredentials: STARTED Executing
ValidateLoginCredentials: ENDED Executing
ValidateOnBehalfOfUsername: STARTED Executing
ERROR_CODE: , ERROR_MESSAGE: Server returned enrollment failed with Status Fail , Message Enrollment user is not found. Please provide an existing user., ValidateOnBehalfOfUsername: ENDED Executing
So, this parameter is not for creating the final user as explained in the parameter description?, Is my script wrong? Am I misunderstanding the purpose of this parameter?
Every comment will be welcomed and if someone can show me an example of how to do this I would be thankful