Forum Discussion

sjgibb99's avatar
sjgibb99
Copper Contributor
Aug 08, 2024

Intune Management Extension msi not installing

Hi,

 

We're a newly setup intune hybrid join environment. All our computers are showing in Intune and compliant, however a large chunk are not actually properly setup. They do not roll out apps nor do they run scripts.

 

On a test machine with the problem I've determined that Intune Management Extension isn't actually installed. I've followed various online blogs to track down logs, etc.

 

There appears to be something missing or not running on these computers that means IME can't install. If I manually run the MSI in the "C:\Windows\System32\config\systemprofile\AppData\Local\mdm" directory with no quiet install I can see it eventually fails with the message "There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor".

 

I ran with command line and got a verbose log file generated which states at the end "Installation success or error status: 1603."

 

I can't find any useful help online. Does anyone have suggestions as to what might be blocking the install?

 

Thanks!

  • rahuljindal-MVP's avatar
    rahuljindal-MVP
    Bronze Contributor
    1603 is a fatal error. Try enabling verbose logging and by using /l*v c:\<pathtothe.logfile> and capture the installation log. Search for ‘value 3’ which should give some details related to the error.
    • sjgibb99's avatar
      sjgibb99
      Copper Contributor

      rahuljindal-MVP 

      Thanks! I'm just finishing up for a long weekend, so I'll check for that when I return next week.

    • sjgibb99's avatar
      sjgibb99
      Copper Contributor
      I've searched through the file and there are 2 instances of "value 3", both of which say:

      Action ended 15:04:19: InstallFinalize. Return value 3.

      I'm not sure that's very helpful?
    • sjgibb99's avatar
      sjgibb99
      Copper Contributor
      I've double checked and the GPO rule for auto-enrollment is true. All devices should have been treated the same, we have devices both locally to the DC and access through VPN. I'd say probably a third of devices look like they are setup correctly.

      This particular test machine I can see on Entra Admin Centre is showing as MDM = Microsoft Intune, Security Settings Management = Microsoft Intune and Compliant = Yes

      Thanks for the link to the blog. It has a lot in there, referencing values in the registry but not necessarily where they are located. I do note there are links to other blog pages which maybe have the answer.
      • In the software\microsoft\enrollments. There should be a guid that corrosponds with the intune enrollment. I am wondering what enrollment type it mentions

Resources