Forum Discussion
Intune Management Extension not installing
This morning, everything went fine and thought I would pull all my hair off. It worked with any users (AD or AAD), scripts were installed sometimes after 7 to 10 min of uptime after OOBE, but there were installed at some point.
But while writing this post, I did a last test with the same user I used during all my tests, and I hit the issue again : even the start menu icons (like for for XBox, Alarms, Weather, Sway,...) were not populated after 10 minutes, and were left with these "down-arrows" signs (see attachment), even if the Intune Management Extension MSI could already be seen in Settings/Apps pane.
But at the exact moment, that "wsappx" process starts to re-eat your CPU (it did it first time shortly after landing on desktop to install my 7-Zip MSI, Arduino and Bitcoin Calculator apps from the Store... I flagged them in Intune as "Required"), my PS scripts were executed after exactly 20 min of uptime!, and 4 minutes later, the start menu icons for XBox&Co started to be all populated.
So one thing is sure : you really have to wait until "omadmclient.exe" and this "State Repository Service" are really idle for long time, and you have to wait even few minutes more to be on safe side.
It makes me believe there is now like an artificial throttling interval, that didn't existed before, and is why people believe "PS scripts do not always work", especially when your CPU/network/disk are fully idle for few min.
Hi Matthew,
as time goes by things change :-), support for Hybrid Domain Joined devices is now available.
see here: https://docs.microsoft.com/en-us/intune/intune-management-extension
Prerequisites
The Intune management extension has the following prerequisites:
- Devices must be joined to Azure AD and auto-enrolled. The Intune management extension supports Azure AD joined, hybrid domain joined, and comanaged enrolled Windows devices. GPO-enrolled devices aren't supported.
- Devices must run Windows 10 version 1607 or later.
- The Intune management extension agent is installed when a PowerShell script or a Win32 app is deployed to a user or device security group.
best,
OliverFor further investigations, which type of reset did you choose exactly?
With retaining userdata, Autopilot Reset, Factory Reset, ...
This might have additional impact on the situation.
Thanks for the info.
It would appear the issue has been resolved somehow by Microsoft.
I attempted to replicate the exact problem twice yesterday - In both trials, The intune agent properly deployed itself and ran powershell script after a system was wiped, while retaining AzureAD Enrollment.
I did not require the use of additional work-arounds like force-deploying the intune.msi as a Line-of-Business app
Thanks Oliver,
Yes, the confusion also comes from me thinking that "hybrid Azure AD domain joined" simply means being in a hybrid situation. Since, if you add a local-AD machine to Intune, it's also added to Azure AD and becomes Hybrid. We have AD connect set up (for password sync) and when people login to Outlook, the devices shows in Azure AD devices (even before add school/work account).
The other confusing part is that I would think MAM exists for BYOD scenarios (instead of WPJ), and I can use MDM if I decide to use all intune features on every devices I have (including local AD joined laptops). From my end, the devices don't look WPJ at all. They show as fully managed by intune MDM.I will go over the hybrid AD join methods you linked and see if this can fix our issues.
I still believe it would be beneficial for all if every MDM intune (not MAM) would support the IME.
Thanks for you time.Absolutely you have to be patient. Like ConfigMgr on-prem environment it takes time sometimes. A lot of background processes are running after OOBE and depending on various facts it may result in longer wait times. You observed it, OMA-DM client and so on... I have machine where I waited more than an hour. In the beginning of Intune (Silverlight portal and old backend) it was even worse, we waited for things sometime up to 4 hours and more. The new Azure based infrastructure is much better but it also takes some time infrequent.
So again I can confirm that it takes time sometimes. But my past is defined by ConfigMgr environments and there you learn to have patients :-).
I could handle hours, we are talking weeks, and still no Management Extension Service.
- Did you follow the troubleshooting advises from this thread?
App deployment via CSP, App install and so on... checked all log files registry entries... Hi Oliver,
I have been having similar issues, however I don't see any logs/folder you have in your troubleshooting steps.
I have noticed i have a quite a few entries under configuration source in a provision state and have been for a couple weeks now.
Any ideas for me?
Hi Matthew,
Can you check the status of the agent deployment via EnterpriseDesktopAppManagment CSP please?
best,
Oliver
Hi Oliver,
I went to check the registry but there is no folder for enterprisedesktopappmanagement, there is enterpriseappmanagement but the next level is database not and SID.
I have applied the intune script to a group that contains users. Is that a problem.
Matt
