Intune Password Expiration -2016281112 (Remediation failed)

%3CLINGO-SUB%20id%3D%22lingo-sub-1437068%22%20slang%3D%22en-US%22%3EIntune%20Password%20Expiration%20-2016281112%20(Remediation%20failed)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1437068%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20Intune%20setup%20with%20an%20Hybrid%20AD%20(onpremise%20DC%20synced%20with%20Azure).%3C%2FP%3E%3CP%3EAbout%2050%25%20of%20our%20devices%20show%20as%20error%20for%20password%20expiration.%3C%2FP%3E%3CP%3EThey%20are%20all%20on%20the%20same%20domain%20with%20the%20same%20GPOS%20internally%20that%20expire%20passwords%20every%2090%20days.%3C%2FP%3E%3CP%3EIntune%20device%20configuration%20policy%20matches%20that%20with%2090%20days.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EPassword%20expiration%20(days)%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E-2016281112%20(Remediation%20failed)%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22msportalfx-text-header-regular%20ext-component-title%22%3EERROR%20CODE%3C%2FDIV%3E%3CDIV%3E0x87d1fde8%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3CDIV%3EOur%20CSP%20was%20stumped.%3C%2FDIV%3E%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1437068%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%20Sync%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eintune%20support%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor

We have Intune setup with an Hybrid AD (onpremise DC synced with Azure).

About 50% of our devices show as error for password expiration.

They are all on the same domain with the same GPOS internally that expire passwords every 90 days.

Intune device configuration policy matches that with 90 days.

 

Password expiration (days)

-2016281112 (Remediation failed)

ERROR CODE
0x87d1fde8
 
Our CSP was stumped.
 
4 Replies

@zcatton 

We're getting the same thing.  Any update on a solution for this?

@zcatton 

 

I have the same remediation error on compliancy with password 'complexity', 'expiration' and 'length'. This is across a number of hybrid joined desktops (without GPO), with exactly the same settings as different group of desktops configured by GPO. Sounds like I'm missing some understanding somewhere?

 

I am getting this in the device event viewer. What does 'One or more admins are not allowed to change their password..' mean?

MDM PolicyManager: Set policy int, Policy: (MinDevicePasswordLength), Area: (DeviceLock), EnrollmentID requesting set: (7935FD4C-1FE0-465B-9B04-1B492A8B0C40), Current User: (Device), Int: (0x9), Enrollment Type: (0x6), Scope: (0x0), Result:(0x80550008) One or more admins are not allowed to change their password..