Autopilot hardware hash is a mystery for many IT admins – I often get a question on what data the hardware hash contains. In my work with Windows Autopilot over the last year, I also found some different diagnostic tools that I have tried to get into this blog post. I hoping to help others that are having to answer questions to people on how Autopilot is working, there is a lot of great answers in the diagnostic tools that are build onto Windows 10.

When we look at what information there is in the Autopilot hardware hash – then we also get the idea why we need a new hardware hash after e motherboard replacement.
The minimum requirement for unique values in the SMBIOS:

  • ProductKeyID
  • SmbiosSystemManufacturer
  • SmbiosSystemProductName
  • SmbiosSystemSerialNumber
  • SmbiosSkuNumber
  • SmbiosSystemFamily
  • MacAddress
    SmbiosUuid
  • DiskSerialNumber
  • TPM EkPub

Where is Windows autopilot device information stored??

Windows Autopilot data is stored in the United States (US), and not in the region where your AAD tenant is places. It is not customer data that are stored, but business data which enables Microsoft to provide a service

 

First you need to download the Windows ADK from https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install – Note you need to use at least ADK version 1703 or above.


After installation of Microsoft ADK you can find the tool you need here:

C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\Licensing\OA30\oa3tool.exe

 

Autopilot Hardware hash - 01

If you run the command : oa3tool.exe /DecodeHwHash=

Then you are getting the result of what is stored in the hardware hash

Autopilot Hardware hash - 02

 


If you are troubleshooting Windows Autopilot after RS5 then you can use MdmDiagnosticsTool.exe – with the parameter -area and -cab (At this moment when I point to a location for my export files need to be places they all end up in %Temp%)

Autopilot Hardware hash - 20

It creates a lot of useful logfiles – On Windows 10 RS6 insider build it is including the Windows Autopilot .csv export to import directly into the Autopilot service (Tested on build 18298)

Autopilot Hardware hash - 21a.png

An example is the MDMDiagReport.xml

Autopilot Hardware hash - 22.png

 


Before Windows 10 RS5 (It also works on RS5)  Licensingdiag.exe is the tool to get diagnostic data from your device

Autopilot Hardware hash - 30

Then you get a log of usefull logfiles

Autopilot Hardware hash - 31

An example is the AutoPilotDiagEvent.evtx

Autopilot Hardware hash - 32.png


More info on the MdmDiagnosticsTool.exe:

Usage1: C:\WINDOWS\system32\MdmDiagnosticsTool.exe -out <output folder path>
* Output MDM diagnostics info only to given folder path specified in -out parameter.
eg: C:\WINDOWS\system32\MdmDiagnosticsTool.exe -out c:\temp\outputfolder
Usage2: C:\WINDOWS\system32\MdmDiagnosticsTool.exe -area <area name(s)> -cab <output cab file path>
* Collect predefined area logs and create a log cab to given cab file.
* Supported area name example:
Autopilot
DeviceProvisioning
Tpm
* It also supports multiple areas, separated by ‘;’, example:
Autopilot;DeviceEnrollment;Tpm
* Please find all possible areas in registry under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MdmDiagnostics\Area
eg: C:\WINDOWS\system32\MdmDiagnosticsTool.exe -area Autopilot;Tpm -cab c:\temp\AutopilotDiag.cab
Usage3: C:\WINDOWS\system32\MdmDiagnosticsTool.exe -area <area name(s)> -zip <output zip file path>
* Collect predefined area logs and create a log zip to given zip file. Areas supported are the same as Usage2 for creating cab
Usage4: C:\WINDOWS\system32\MdmDiagnosticsTool.exe -xml <xml file of information to gather> -zip <output zip file path> -server <MDM Server to alert>
* Collect information specified in the xml and create a log zip to given zip file.


 

More info on the Oa3tool.exe

When you are running oa3tool.exe with /? then you get the information

OEM Activation Tool 3.0
(c) Copyright 2018 Microsoft Corp.

64-bit Version: 10.0.17763.1

OA3Tool.exe { /Assemble | /Report | /Return }
/ConfigFile=<configfile_name_and_path>

OA3Tool.exe /Report
/ConfigFile=<configfile_name_and_path>
/LogTrace=<log_report_file>

OA3Tool.exe /CheckHwHash=<log_report_file> /LogTrace=<new_report_file>

OA3Tool.exe /DecodeHwHash=<report_file> [/LogTrace=<report_file>]
OA3Tool.exe /DecodeHwHash=<base64_string> [/LogTrace=<report_file>]

OA3Tool.exe /CheckEdition { /Online | /ImageDrive=<image_drive> }

OA3Tool.exe /validate
OA3Tool.exe /ValidateSMBIOS{=<SMBIOSRawData value>}

OA3Tool.exe /VerifyHwSpec=<spec_file> [/ReportFile=<report_file>]
/LogTrace=<result_file>

DESCRIPTION:
The OEM Activation Tool 3.0 assembles, reports, and returns a unique
identifier used for the activation of OEM computers, while on the factory
floor. The identifier is based on several things, including the product
key, the hardware hash, the OEM ID, and any additional OEM and Microsoft
information, including language, programs, and so on.

OEM Activation Tool 3.0 OPTIONS:
/Assemble – Retrieves the product key value from the Key Provider,
and then assembles the MSDM binary file (OA3.bin) and
the XML (OA3.xml) file.
/Report – Creates the OA3.xml and generates the hardware hash, and
reports the OEM Activation Tool 3.0 information back to
the Key Provider.
/Return – Returns the OEM Activation Tool 3.0 information to the Key
Provider.

Diagnostic Specific:
/CheckHwHash – Compares and validates the reported hardware hash.
/DecodeHwHash – Decodes base64-encoded <HardwareHash> element from a report
file to XML.
/CheckEdition – Compares and validates the edition of the injected key
against the edition of the shipping Windows.
/Validate – Performs a validation pass to ensure that the MSDM table
exists, that the MSDM table header includes all of the
required fields, and that the MSDM table entries exist and
conform to the correct formats.
/ValidateSMBIOS – The TotalPhysicalRAM and PrimaryDiskTypeCapacity values
are obtained from the SMBIOS structures of the device. It
is the responsibility of the OEMs to properly initialize
these structures. To validate that these structures are
properly initialized.
/VerifyHwSpec – Verifies that the device hardware configuration meets the
specification requirements.

Configuration File Information:
/ConfigFile – Specifies the name and location of the OEM Activation 3.0
Tool configuration file. This file includes the Key Provider
information and the destination location for the OA3.bin and
OA3.xml files.


Read more:

Windows Autopilot FAQ
Windows Autopilot support information