Forum Discussion
Intune Management Extension msi not installing
Hi,
We're a newly setup intune hybrid join environment. All our computers are showing in Intune and compliant, however a large chunk are not actually properly setup. They do not roll out apps nor do they run scripts.
On a test machine with the problem I've determined that Intune Management Extension isn't actually installed. I've followed various online blogs to track down logs, etc.
There appears to be something missing or not running on these computers that means IME can't install. If I manually run the MSI in the "C:\Windows\System32\config\systemprofile\AppData\Local\mdm" directory with no quiet install I can see it eventually fails with the message "There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor".
I ran with command line and got a verbose log file generated which states at the end "Installation success or error status: 1603."
I can't find any useful help online. Does anyone have suggestions as to what might be blocking the install?
Thanks!
- rahuljindal-MVPBronze Contributor1603 is a fatal error. Try enabling verbose logging and by using /l*v c:\<pathtothe.logfile> and capture the installation log. Search for ‘value 3’ which should give some details related to the error.
- sjgibb99Copper Contributor
Thanks! I'm just finishing up for a long weekend, so I'll check for that when I return next week.
- sjgibb99Copper ContributorI've searched through the file and there are 2 instances of "value 3", both of which say:
Action ended 15:04:19: InstallFinalize. Return value 3.
I'm not sure that's very helpful?
sjgibb99 how were those devices enrolled into Intune in the first place? as i have seen this happening when they did used the auto enroll functionality but juse manually enrolling with mdm only option
as descrbined here
MDM Only Enrollment | Breaks EPM deployment | DEM (call4cloud.nl)
Maybe checking what kind of enrollment there is on such a problem device?
- sjgibb99Copper ContributorI've double checked and the GPO rule for auto-enrollment is true. All devices should have been treated the same, we have devices both locally to the DC and access through VPN. I'd say probably a third of devices look like they are setup correctly.
This particular test machine I can see on Entra Admin Centre is showing as MDM = Microsoft Intune, Security Settings Management = Microsoft Intune and Compliant = Yes
Thanks for the link to the blog. It has a lot in there, referencing values in the registry but not necessarily where they are located. I do note there are links to other blog pages which maybe have the answer.- In the software\microsoft\enrollments. There should be a guid that corrosponds with the intune enrollment. I am wondering what enrollment type it mentions