Forum Discussion

Julian12's avatar
Julian12
Brass Contributor
Apr 06, 2022

Intune management extension disappears from devices

Hey,

I encountered a very strange issue with the Intune management extension on my custoemrs hybrid joined devies.

Devices are hybrid joined successfully, synced to Azure AD, visible and compliant in Intune, software is installed from Intune and on-premise via gpo, policies are applied and then after some short time the Intune management extension is uninstalled automatically and no Azure AD joined status visible in settings. Via dsregcmd I can see that the device is still joined to both but even after manually isntalling the extension, it is uninstalled again and again.

Do you have any ideas regarding this issue?

Thanks and regards

    • Julian12's avatar
      Julian12
      Brass Contributor
      Hi Rudy,
      currently the customer has no sccm sp there is no client to remove.
      I will have a look at the event log tomorrow, will report back then.
      • Julian12's avatar
        Julian12
        Brass Contributor
        The problem still persists, the devices are getting Intune joined and domain joined and after short time the Intune Management Extension disappears and only the Domain join is visible under the Accounts menu.
        Eventlogs also not helpfull so far^^
        Anyone an idea the resolve this?
    • se8791's avatar
      se8791
      Brass Contributor

      Rudy_Ooms_MVP 

      @Julian12 

       

      Same here

      I see it installing the IME agent (when task gets kicked off to enroll device), then uninstalling 5 mins later - never shows in Intune as managed 

       

       

       

       

  • rant2dt's avatar
    rant2dt
    Copper Contributor
    I have a similar issue. I'm using an intune configuration profile to apply edge extensions and they won't stay. Has anyone had any issues like this one?
  • DarthVador's avatar
    DarthVador
    Copper Contributor
    Hi,
    Do we have a resolution for that? I'm experiencing the same issue.
    I did installed the agent manually, the service appears for 5 minutes and then got removed.
    I have several devices like that, but the strange things is that they appears in Intune and get receive configuration profiles, however the script to retrieve the Bitlocker recovery key are not running because of that.
    We don't have SCCM either here.
    Thank you.
    • Julian12's avatar
      Julian12
      Brass Contributor
      Hi, yes, the problem on our side was that we configured the false gpos for fresh devices.
      When you hybrid join new devices via the Autopilot process you mustn't configure a gpo for intune enrollment, otherwise this gpo removes the Intune service.
      For devices which are already running and which should be hybrid joined without a new installation you need to configure the gpo with the User credential option.
      Hope this helps.
      • DarthVador's avatar
        DarthVador
        Copper Contributor
        Thanks Julian.
        That's very odd, because this is exactly how it's configured on our end, using user's credential option and the few machines that have this problem haven't been enrolled during the Autopilot process.
        I'm going to dive deeper in the logs as so far, nothing was really helpful but I will share my findings on that post.
  • TonsilTim's avatar
    TonsilTim
    Copper Contributor
    Im am still facing an Issue here. In my situation the workstation is not hybrid joined. We have simply enrolled a workstation into Intune, We can see the contents of the C:\Program Files (x86)\Microsoft Intune Management Extension is fully populated with files and then 5 min later its empty again. Anti-virus has been completely removed.
    I have tried disconnecting from MDM enrolment and re-adding it. After re-adding the device the contents of C:\Program Files (x86)\Microsoft Intune Management Extension are populated again with files and then 5 min later they are all gone. This is driving me nuts. I dont want to just format and re-load. I want to get to the root of this issue.
    • DarthVador's avatar
      DarthVador
      Copper Contributor
      You can try this PS module, it saved me several time https://www.powershellgallery.com/packages/intunesyncdebugtool/1.0.0.19.
      If you are on the same network and enabled PS remoting on the targeted device, you can install that module and run it remotely using Enter-PSsession command.
      Install command : Install-Module -Name intunesyncdebugtool
      Once installed run : test-intunesyncerrors
      This should tell you where the problem is but will also try to re-enroll the device properly.
      Hope that helps.
      • replier's avatar
        replier
        Copper Contributor

        Weird, I tested it with my autopilot device and it said it's not enrolled.

        The intune management is installed.

        I'll try it with the bad actors tomorrow.

Resources