Mar 04 2024 12:26 AM
Hi,
I have an odd issue where the Company Portal app installs fine from Intune to the customers Windows 10 devices, but then when the users launch the Company Portal, it reports an error installing itself.
The logs seem to show an unknown error with the detection method but that can't be right or everyone would have the same problem. The customer is not content to ignore the error for their production roll-out and wants it fixed despite it not being a show-stopper. The Intune Management Portal shows no errors on the App itself though - just successful installs. The App is targeted as a SYSTEM installation to devices so that it can be installed in future during Autopilot.
Has anyone any ideas or assistance to give on this one?
Relevant bits from the IntuneManagementExtension.log where the Company Portal AppID is ff4f4f74-e468-4078-958f-8610c1ca5afd:
[Win32App][ReportingManager] App with id: ff4f4f74-e468-4078-958f-8610c1ca5afd and prior AppAuthority: V3 has been loaded and reporting state initialized. ReportingState: {"ApplicationId":"ff4f4f74-e468-4078-958f-8610c1ca5afd","ResultantAppState":null,"ReportingImpact":null,"WriteableToStorage":true,"CanGenerateComplianceState":true,"CanGenerateEnforcementState":false,"IsAppReportable":true,"IsAppAggregatable":true,"AvailableAppEnforcementFlag":0,"DesiredState":0,"DetectionState":null,"DetectionErrorOccurred":true,"DetectionErrorCode":null,"ApplicabilityState":null,"ApplicabilityErrorOccurred":true,"ApplicabilityErrorCode":null,"EnforcementState":null,"EnforcementErrorCode":null,"TargetingMethod":0,"TargetingType":2,"InstallContext":2,"Intent":3,"InternalVersion":1,"DetectedIdentityVersion":"11.2.448.0","RemovalReason":null} IntuneManagementExtension 2024-03-01 13:49:48 61 (0x003D)
[Win32App][V3Processor] Processing subgraph with app ids: ff4f4f74-e468-4078-958f-8610c1ca5afd IntuneManagementExtension 2024-03-01 13:49:48 61 (0x003D)
[Win32App][GRSManager] Reading GRS values from storage path: 5a8f478b-517d-4a63-b97f-f33987b05153\GRS\twv3BIJb4WsoddzXod/pwqNlo19+s+LPLUdZhY6q4LA=\. IntuneManagementExtension 2024-03-01 13:49:48 61 (0x003D)
[Win32App][GRSManager] App with id: ff4f4f74-e468-4078-958f-8610c1ca5afd has no recorded GRS value which will be treated as expired.
Hash = twv3BIJb4WsoddzXod/pwqNlo19+s+LPLUdZhY6q4LA= IntuneManagementExtension 2024-03-01 13:49:48 61 (0x003D)
[Win32App][ReevaluationScheduleManager] Subgraph reevaluation interval is not expired.
Hash = twv3BIJb4WsoddzXod/pwqNlo19+s+LPLUdZhY6q4LA= IntuneManagementExtension 2024-03-01 13:49:48 61 (0x003D)
[Win32App][GRSManager] Found GRS value: 12/21/2023 06:21:19 at key 5a8f478b-517d-4a63-b97f-f33987b05153\GRS\PVGpxHzXpHKuoPdrvcewPLbyQfOF+gAOmQqXqXWH5sU=\ff4f4f74-e468-4078-958f-8610c1ca5afd.
[StatusService] Returning status to user with id: 5a8f478b-517d-4a63-b97f-f33987b05153 for V3-managed app with id: ff4f4f74-e468-4078-958f-8610c1ca5afd and install context: System. Applicability: Unknown, Status: Failed, ErrorCode: 0
Mar 04 2024 03:26 AM
Mar 04 2024 05:43 AM - edited Mar 04 2024 11:28 PM
Hi Rudy, That's just it - the assignment was only required (not available) and to devices as System. I had no idea or clue how it suddenly started showing up for the users in their Company Portal as failed.
The only thing different to my normal customer Intune / Hybrid implementations is this time a colleague has implemented SCCM co-management and we are setting all the sliders over to Intune to win out over SCCM for the pilot group until we have rolled out to all in prod.
What am I missing here - as far as I know what is happening should not be and I don't know how to proceed after diving into the IME logs 😄
The Intune Portal reporting shows no errors at all...
And Company Portal had never been installed on these devices before they were moved into SCCM co-management and then through that Intune Hybrid Joined...
I have moved from a device installation as SYSTEM to a user assigned installation in the USER context to see if that will solve matters for new installations.
Testing today. So strange.
One thought - we had to get them to open SSL inspection through firewalls for a bunch of MS sites so that Company Portal and other things would even install, and they have an Always on VPN running also... could there be some further FW routing that needs opening or excluding from SSL inspection that might cause a detection failure on a perfectly good and well installed app? Just spit balling here... better that than ******* into the wind. 😄
Mar 07 2024 11:29 PM - edited Mar 08 2024 02:42 AM
OK - So removing the assignment from the device assigned system installation for Company Portal stopped the error. I then created a user assigned installation for Company Portal using Install behavior = User, but this is failing to install on a newly enrolled device/user combination - it just says "Waiting for install status" on the machine managed apps, however Win32 apps, M365 apps, and Edge all installed successfully. The Intune Managed Portal just shows 3 users have got the company portal out of around 40 in the pilot group. Where do I begin hunting?
Edit < I just had a brainwave - the users have a very short SAM Account name and since the devices are Hybrid Joined, they are probably using that to sign into the devices instead of their much longer Synced UPN which is luckily the same as their email addresses (so we can tell them to use email address to sign in as they would not know what a UPN is). I am asking the new one to test by signing in with their UPN now.>
Also - the image of the company portal showing its own app in a failed to install state which I put into the first post above, comes by clicking on the error notification in the top corner of the company portal itself rather than having it assigned as available to the device or user.