Forum Discussion

martingroen's avatar
martingroen
Copper Contributor
Oct 25, 2020
Solved

MDM Session: OMA-DM session ended with status: (Unknown Win32 Error code: 0x80072f0c)

Hi,   An increasing number of devices are getting a non compatible status. Is active is non-compatible. When inspecting the event logs with event viewer I see the following error message.    MDM ...
Intune
mobile device management (mdm)
  • NFederico's avatar
    NFederico
    Nov 29, 2020

    martingroenHey, I worked on this today and was able to resolve it on several computers without resorting to reinstalling Windows, if you are interested. First, I removed the computers from the AAD Connect sync and GPO scope and completely purged them from Intune and AAD. I then ran dsregcmd /leave from an elevated command prompt on each workstation console. Next, navigate to the following registry hive on each impacted workstation: HKLM\SOFTWARE\Microsoft\Enrollments. Delete as many GUID-named keys as possible from this directory (example attached). Ignore any keys that cannot be deleted. Now restart the workstation and add it back to the AAD Connect sync and GPO containers/groups. Once I logged back in with a MEM-licensed AAD user (user auto enrollment), my devices were once again managed by Intune within the next ~15 minutes. Good luck and thanks for your collaboration on this! 

NFederico's avatar
NFederico
Copper Contributor
Nov 29, 2020

martingroenHey, I worked on this today and was able to resolve it on several computers without resorting to reinstalling Windows, if you are interested. First, I removed the computers from the AAD Connect sync and GPO scope and completely purged them from Intune and AAD. I then ran dsregcmd /leave from an elevated command prompt on each workstation console. Next, navigate to the following registry hive on each impacted workstation: HKLM\SOFTWARE\Microsoft\Enrollments. Delete as many GUID-named keys as possible from this directory (example attached). Ignore any keys that cannot be deleted. Now restart the workstation and add it back to the AAD Connect sync and GPO containers/groups. Once I logged back in with a MEM-licensed AAD user (user auto enrollment), my devices were once again managed by Intune within the next ~15 minutes. Good luck and thanks for your collaboration on this! 

Gaetan13's avatar
Gaetan13
Copper Contributor
Nov 18, 2021

We had the same problem and I tried just deleting the GUID in Enrollements et after un reboot, the device enroll by it self in InTune after roughly 15min. I even create a powershell script do to the cleanup of the registry using SCCM to target those with the problem and it work. Thank you NFederico for this.
This is the script I did. No guaranty it doesn't cause any other problems, but so far so good for us.

$Rpath = "HKLM:\SOFTWARE\Microsoft\Enrollments"
Set-Location $Rpath
$subRKey = Get-ChildItem $Rpath | select Name | Where-Object Name -Like '*-*'
foreach($RKEY in $subRKey)
{
try
{
$ToDel = $RKEY.Name.split('\')[4]
Remove-Item $ToDel -Recurse
}catch
{
'Error'
}
}

Resources