Forum Discussion
Enroll Existing Azure AD Joined Machines to Intune
MDM ConfigurationManager: Command failure status. Configuration Source ID: (1DE7985E-ABE6-4B09-B008-E050367E5D**), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).
Log Name: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
Source: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider
Date: 8/25/2022 1:38:31 PM
Event ID: 404
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: *********
Description:
MDM ConfigurationManager: Command failure status. Configuration Source ID: (1DE7985E-ABE6-4B09-B008-E050367E5D**), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider" Guid="{3da494e4-0fe2-415c-b895-fb5265c5c8**}" />
<EventID>404</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-25T20:38:31.6613939Z" />
<EventRecordID>364</EventRecordID>
<Correlation />
<Execution ProcessID="2644" ThreadID="12188" />
<Channel>Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin</Channel>
<Computer>*********</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Message1">1DE7985E-ABE6-4B09-B008-E050367E5D**</Data>
<Data Name="Message2">MDMDeviceWithAAD</Data>
<Data Name="Message3">Policy</Data>
<Data Name="InternalCmdType">1</Data>
<Data Name="Message5">./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version</Data>
<Data Name="HexInt1">0x80070002</Data>
</EventData>
</Event>
https://call4cloud.nl/2021/07/65000-days-of-night/
The device should enroll..
-Does the device has that scheduled task?
-WHen trying to speed things up as mentioned in the blog.... do you receive any error?
-Are you noticing the other events I showed in the blog?
- Just tested it myself again... if you configure those registry keys and you use psexec to run that autoenrollmdm as system it will be enrolled into Intune within seconds!
- okay so i have noticed that the computer name is changed which is due to package we have installed so the package have pushed the changes! I think i need to test again on other machine where the package was not pushed to get clear idea of what fixed it.
- Yes it seems to be enrolled now as it was not showing earlier when i copied the warning. Boom. So what has fixed it? I am trying to see what changes could have triggered it. anything you can suggest?
- <Data Name="ErrorDescription">The device is already enrolled. </Data> ???
Hello Rudy,
The Machine we are testing is Windows 11 and it is updated to the Latest version:
Edition Windows 11 Enterprise
Version 21H2
Installed on 8/16/2022
OS build 22000.918
Serial number ****
Experience Windows Feature Experience Pack 1000.22000.918.0
--------------------
I looked into the c:\windows\policydefinitions folder and did not find the Feeds.admx file neither the FEEDS folder is showing under the Registry.
_--------------------
The errors i noticed yesterday generated in every few minutes of interval with 404 mostly & 76 eventid sometimes . i do not see a scheduled task category created in the scheduler but did ran the devicenroller.exe few times and received below errors and warnings:
Autopilot.dll WIL error was reported.
HRESULT: 0x80070491
File: onecoreuap\admin\moderndeployment\autopilot\dll\dllmain.cpp, line 138
Message: NULL
Log Name: Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService
Source: Microsoft-Windows-ModernDeployment-Diagnostics-Provider
Date: 8/26/2022 5:40:13 AM
Event ID: 1010
Task Category: None
Level: Error
Keywords:
User: AzureAD\******
Computer: ******
Description:
Autopilot.dll WIL error was reported.
HRESULT: 0x80070491
File: onecoreuap\admin\moderndeployment\autopilot\dll\dllmain.cpp, line 138
Message: NULL
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ModernDeployment-Diagnostics-Provider" Guid="{bab3ad92-fb96-5902-450b-b8421bdec7bd}" />
<EventID>1010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x1000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-26T12:40:13.5958417Z" />
<EventRecordID>150</EventRecordID>
<Correlation />
<Execution ProcessID="13060" ThreadID="1864" />
<Channel>Microsoft-Windows-ModernDeployment-Diagnostics-Provider/ManagementService</Channel>
<Computer>Blusky-PW02C9F3</Computer>
<Security UserID="S-1-12-1-489007883-1246781830-594163853-3518620488" />
</System>
<EventData>
<Data Name="HRESULT">0x80070491</Data>
<Data Name="File">onecoreuap\admin\moderndeployment\autopilot\dll\dllmain.cpp</Data>
<Data Name="Line">138</Data>
<Data Name="Message">NULL</Data>
</EventData>
</Event>
---------------------
MDM ConfigurationManager: Command failure status. Configuration Source ID: (1DE7985E-ABE6-4B09-B008-E050367E5DD2), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).
Log Name: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
Source: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider
Date: 8/26/2022 5:19:44 AM
Event ID: 404
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: **2C9F3
Description:
MDM ConfigurationManager: Command failure status. Configuration Source ID: (1DE7985E-ABE6-4B09-B008-E050367E5DD2), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider" Guid="{3da494e4-0fe2-415c-b895-fb5265c5c83b}" />
<EventID>404</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-26T12:19:44.7194027Z" />
<EventRecordID>851</EventRecordID>
<Correlation />
<Execution ProcessID="10824" ThreadID="12956" />
<Channel>Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin</Channel>
<Computer>*2C9F3</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Message1">1DE7985E-ABE6-4B09-B008-E050367E5DD2</Data>
<Data Name="Message2">MDMDeviceWithAAD</Data>
<Data Name="Message3">Policy</Data>
<Data Name="InternalCmdType">1</Data>
<Data Name="Message5">./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version</Data>
<Data Name="HexInt1">0x80070002</Data>
</EventData>
</Event>
------------------
WARNING
DeviceStatus CSP: WscGetSecurityProviderHealth(WSC_SECURITY_PROVIDER_FIREWALL) returned status 0x2 and HRESULT Incorrect function.
Log Name: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin
Source: Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider
Date: 8/26/2022 5:16:33 AM
Event ID: 2750
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: *2C9F3
Description:
DeviceStatus CSP: WscGetSecurityProviderHealth(WSC_SECURITY_PROVIDER_FIREWALL) returned status 0x2 and HRESULT Incorrect function.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider" Guid="{3da494e4-0fe2-415c-b895-fb5265c5c83b}" />
<EventID>2750</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-26T12:16:33.7809003Z" />
<EventRecordID>822</EventRecordID>
<Correlation />
<Execution ProcessID="11656" ThreadID="11660" />
<Channel>Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin</Channel>
<Computer>**F3</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Message1">WSC_SECURITY_PROVIDER_FIREWALL</Data>
<Data Name="HexInt1">0x2</Data>
<Data Name="HRESULT">0x1</Data>
</EventData>
</Event>
------------------------------------
I noticed because of the Group policy change "*Enable: “Automatic MDM enrollment using default Azure credentials“" i found below warning:
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 8/26/2022 6:20:56 AM
Event ID: 1085
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: **C9F3
Description:
Windows failed to apply the MDM Policy settings. MDM Policy settings might have its own log file. Please click on the "More information" link.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{aea1b4fa-97d1-45f2-a64c-4d69fffd92c9}" />
<EventID>1085</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2022-08-26T13:20:56.0572615Z" />
<EventRecordID>9062</EventRecordID>
<Correlation ActivityID="{c0ff9fc8-a78e-4a8e-910d-fa347050bbb9}" />
<Execution ProcessID="2800" ThreadID="18388" />
<Channel>System</Channel>
<Computer>**9F3</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">5056</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">94</Data>
<Data Name="ErrorCode">2149056522</Data>
<Data Name="ErrorDescription">The device is already enrolled. </Data>
<Data Name="DCName">
</Data>
<Data Name="ExtensionName">MDM Policy</Data>
<Data Name="ExtensionId">{7909AD9E-09EE-4247-BAB9-7029D5F0A278}</Data>
</EventData>
</Event>
--------------------------------------
As per speeding up section, i ran C:\Windows\system32\deviceenroller.exe /c /AutoEnrollMDM but did not received any error on commandshell however i checked the event logs and did not find any immediate error except mentioned above which are generated in some intervals since yesterday.
---------------------------------------
Yesterday only once have got 76 event error but post that it's only 404 and couple of times i noticed 454.
-----------------------------------------
I will be testing another Windows 10 today and follow your steps but wanted to inform you that we have tested couple of Windows 10 and 11 in the past and they all failed to auto enroll.
Our system is accepting new enrollments and adding new Windows 10 or 11 machines in endpoint manager through manual azure ad join method.