Autopilot hardware hash is a mystery for many IT admins – I often get a question on what data the hardware hash contains. In my work with Windows Autopilot over the last year, I also found some different diagnostic tools that I have tried to get into this blog post. I hoping to help others that are having to answer questions to people on how Autopilot is working, there is a lot of great answers in the diagnostic tools that are build onto Windows 10.

When we look at what information there is in the Autopilot hardware hash – then we also get the idea why we need a new hardware hash after e motherboard replacement.
The minimum requirement for unique values in the SMBIOS:

• ProductKeyID
• SmbiosSystemManufacturer
• SmbiosSystemProductName
• SmbiosSystemSerialNumber
• SmbiosSkuNumber
• SmbiosSystemFamily
• MacAddress
  SmbiosUuid
• DiskSerialNumber
• TPM EkPub

Where is Windows autopilot device information stored??

Windows Autopilot data is stored in the United States (US), and not in the region where your AAD tenant is places. It is not customer data that are stored, but business data which enables Microsoft to provide a service

First you need to download the Windows ADK from https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install – Note you need to use at least ADK version 1703 or above.

After installation of Microsoft ADK you can find the tool you need here:

C:Program Files (x86)Windows Kits10Assessment and Deployment KitDeployment Toolsamd64LicensingOA30oa3tool.exe

If you run the command : oa3tool.exe /DecodeHwHash=

Then you are getting the result of what is stored in the hardware hash

If you are troubleshooting Windows Autopilot after RS5 then you can use MdmDiagnosticsTool.exe – with the parameter -area and -cab (At this moment when I point to a location for my export files need to be places they all end up in %Temp%)

It creates a lot of useful logfiles – On Windows 10 RS6 insider build it is including the Windows Autopilot .csv export to import directly into the Autopilot service (Tested on build 18298)

An example is the MDMDiagReport.xml

Before Windows 10 RS5 (It also works on RS5)  Licensingdiag.exe is the tool to get diagnostic data from your device

Then you get a log of usefull logfiles

An example is the AutoPilotDiagEvent.evtx

More info on the MdmDiagnosticsTool.exe:

Usage1: C:WINDOWSsystem32MdmDiagnosticsTool.exe -out * Output MDM diagnostics info only to given folder path specified in -out parameter. eg: C:WINDOWSsystem32MdmDiagnosticsTool.exe -out c:tempoutputfolder Usage2: C:WINDOWSsystem32MdmDiagnosticsTool.exe -area -cab * Collect predefined area logs and create a log cab to given cab file. * Supported area name example: Autopilot DeviceProvisioning Tpm * It also supports multiple areas, separated by ‘;’, example: Autopilot;DeviceEnrollment;Tpm * Please find all possible areas in registry under: HKEY_LOCAL_MACHINESOFTWAREMicrosoftMdmDiagnosticsArea eg: C:WINDOWSsystem32MdmDiagnosticsTool.exe -area Autopilot;Tpm -cab c:tempAutopilotDiag.cab Usage3: C:WINDOWSsystem32MdmDiagnosticsTool.exe -area -zip * Collect predefined area logs and create a log zip to given zip file. Areas supported are the same as Usage2 for creating cab Usage4: C:WINDOWSsystem32MdmDiagnosticsTool.exe -xml -zip -server

* Collect information specified in the xml and create a log zip to given zip file.

More info on the Oa3tool.exe

When you are running oa3tool.exe with /? then you get the information

OEM Activation Tool 3.0
(c) Copyright 2018 Microsoft Corp.

64-bit Version: 10.0.17763.1

OA3Tool.exe { /Assemble | /Report | /Return }
/ConfigFile=

OA3Tool.exe /Report /ConfigFile=

/LogTrace=

OA3Tool.exe /CheckHwHash= /LogTrace=

OA3Tool.exe /DecodeHwHash= [/LogTrace=]
OA3Tool.exe /DecodeHwHash= [/LogTrace=]

OA3Tool.exe /CheckEdition { /Online | /ImageDrive= }

OA3Tool.exe /validate
OA3Tool.exe /ValidateSMBIOS{=}

OA3Tool.exe /VerifyHwSpec= [/ReportFile=]
/LogTrace=

DESCRIPTION: The OEM Activation Tool 3.0 assembles, reports, and returns a unique identifier used for the activation of OEM computers, while on the factory floor. The identifier is based on several things, including the product key, the hardware hash, the OEM ID, and any additional OEM and Microsoft

information, including language, programs, and so on.

OEM Activation Tool 3.0 OPTIONS: /Assemble – Retrieves the product key value from the Key Provider, and then assembles the MSDM binary file (OA3.bin) and the XML (OA3.xml) file. /Report – Creates the OA3.xml and generates the hardware hash, and reports the OEM Activation Tool 3.0 information back to the Key Provider. /Return – Returns the OEM Activation Tool 3.0 information to the Key

Provider.

Diagnostic Specific: /CheckHwHash – Compares and validates the reported hardware hash. /DecodeHwHash – Decodes base64-encoded element from a report file to XML. /CheckEdition – Compares and validates the edition of the injected key against the edition of the shipping Windows. /Validate – Performs a validation pass to ensure that the MSDM table exists, that the MSDM table header includes all of the required fields, and that the MSDM table entries exist and conform to the correct formats. /ValidateSMBIOS – The TotalPhysicalRAM and PrimaryDiskTypeCapacity values are obtained from the SMBIOS structures of the device. It is the responsibility of the OEMs to properly initialize these structures. To validate that these structures are properly initialized. /VerifyHwSpec – Verifies that the device hardware configuration meets the

specification requirements.

Configuration File Information: /ConfigFile – Specifies the name and location of the OEM Activation 3.0 Tool configuration file. This file includes the Key Provider information and the destination location for the OA3.bin and

OA3.xml files.

Read more:

Windows Autopilot FAQ
Windows Autopilot support information