Thanks for the quick and detailed response. We're just starting trial use of Intune so I have close to zero troubleshooting experience with it.
> There is no ProgramData folder --> no programdata folder or no microsoft\intunemgt blabla folder in it? as programdata is just an hidden folder ...
D'oh, I never changed the view in the VM to show hidden folders. In the IME log I see this:
> checking the ime log
> checking the certificates
<![LOG[Find 0 MDM certificates.]LOG]!><time="10:13:44.2245158" date="8-10-2022" component="IntuneManagementExtension" context="" type="1" thread="5" file="">
<![LOG[Device join type = DSREG_DEVICE_JOIN]LOG]!><time="10:13:44.2245158" date="8-10-2022" component="IntuneManagementExtension" context="" type="1" thread="5" file="">
<![LOG[Didn't find cert in both store, retry 15]LOG]!><time="10:13:53.5210885" date="8-10-2022" component="IntuneManagementExtension" context="" type="2" thread="12" file="">
<![LOG[Find 0 MDM certificates.]LOG]!><time="10:13:53.5210885" date="8-10-2022" component="IntuneManagementExtension" context="" type="1" thread="12" file="">
<![LOG[Device join type = DSREG_DEVICE_JOIN]LOG]!><time="10:13:53.5210885" date="8-10-2022" component="IntuneManagementExtension" context="" type="1" thread="12" file="">
<![LOG[Didn't find cert in both store, retry 16]LOG]!><time="10:14:44.2362717" date="8-10-2022" component="IntuneManagementExtension" context="" type="2" thread="5" file="">
> dsregcmd /status
Ngc Prerequisite Check > CertEnrollment : none
> checking the devicemgt event logs
Errors
MDM PolicyManager: Set policy precheck precheck call. Policy: (Security), Area: (RequireRetrieveHealthCertificateOnBoot), int value: (0x1) Result:(0x80004005) Unspecified error.
MDM PolicyManager: Set policy int, Policy: (RequireRetrieveHealthCertificateOnBoot), Area: (Security), EnrollmentID requesting set: (AC24F1FD-A0A2-4DEC-86BE-0A5F8AC6A3DF), Current User: (Device), Int: (0x1), Enrollment Type: (0x0), Scope: (0x0), Result:(0x80004005) Unspecified error.
MDM ConfigurationManager: Command failure status. Configuration Source ID: ), Enrollment Name: (MDMFull), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).
Info
MDM Session: OMA-DM session ended with status: (The operation completed successfully.).
> What happens when performing a sync from the account settings instead of the company portal?
I had "sync your settings" turned off in account settings, but enabling it did not add a manual sync button to try.
If the problem is missing certificates, how do I add them? I thought installing the Company Portal would set things up, and its sync seems to work,
A search shows some older posts with scripts in them that are supposed to help, but I don't want to run something if it no longer applies to the current Intune version.