Forum Discussion
Intune synchronization stopped on all devices
Hi Surya,
Thanks again for your previous guidance. I’ve opened a Microsoft support ticket as suggested, but unfortunately, the support team wasn’t able to pinpoint the root cause of the issue.
I double-checked the Service Health dashboard, Task Scheduler, and the IntuneManagementExtension.log. Everything appears normal on the surface, but the following errors keep recurring:
Main errors found in the IntuneManagementExtension.log:
- [Location Service] Service URL is not available or expired
→ The client cannot obtain or use the Intune service endpoint (HTTPS session failure, routing, or timeout).
- System.UriFormatException: Invalid URI: The format of the URI could not be determined
→ The agent received a malformed or corrupted response when trying to build the service URL (possibly due to interrupted HTTPS sessions).
- (datasensor)(EventManager) Create Event Manager without a Proxy.
→ The agent attempts to send telemetry without a proxy or valid route, causing a continuous loop.
- [Win32AppAsync] Starting app check in / End app check in (repeated)
→ Continuous check-in attempts with high CPU/I/O usage when communication fails.
- [GenericWorkload] Initiating GenericWorkload Checkin (repeated)
→ Similar looping pattern, indicating persistent communication failure.
- [TelemetryJob.Execute] Processing telemetry events (repeated)
→ Telemetry retries due to failed or unconfirmed transmissions.
- [UnlockWin: GetAllBaseAndSupplementalPolicyInfos] ... isEffective: False, isDeployed: True, IsAuthorized: False
→ WDAC policies are deployed but not applied — communication or state inconsistency suspected.
- Missing or invalid management certificate (entries related to “MDM” or “certificate”)
→ The device may have lost or invalidated the MS-Organization-Access certificate, breaking Intune communication.
Given that Microsoft couldn’t find the source of the problem, do you have any additional recommendations or escalation paths I could explore?
Best regards,
Paulo
hi paulohsimas Thanks for sharing such a detailed breakdown — it’s clear you’ve already done some deep investigation.
Since you’ve ruled out the obvious areas (Service Health, Task Scheduler, and IntuneManagementExtension.log patterns), a few advanced areas might still be worth exploring:
Re-enrollment Integrity Check
Verify the MS-Organization-Access certificate in Certificates → Local Computer → Personal → Certificates.
If missing or expired, try running:
dsregcmd /leave followed by a re-enrollment to Azure AD/Intune.
Network and Proxy Behavior
Some environments cache or filter HTTPS sessions, which can lead to malformed URIs.
Temporarily bypass any SSL inspection or outbound filtering for *.manage.microsoft.com and *.azure.com to test connectivity.
Device Management Channel Reset
Consider running an MDM Diagnostic Report (Settings → Accounts → Access work or school → Info → Create report).
Compare timestamps in the report with your log entries — if the sync requests stop appearing there, the management channel may need to be re-provisioned.
Escalation Path
If your Microsoft support case has stalled, request an Intune Product Group escalation or an MDM communication trace.
You can also collect Network traces (Fiddler/Netmon) to capture endpoint failures for escalation.
This kind of wide-spread sync stall often points to a broken trust chain (management certificate, policy conflict, or proxy caching), so any hint from the MDM report or certificate store will be key.
Would love to hear if anyone else in the community has encountered this pattern recently — particularly after recent Intune or Windows updates.