Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)

Intune MSI win32 apps stuck at Download Pending Your device is syncing for 1+ day

New Contributor

I have 3 different Win32 MSI apps, 1 set to required and 2 set to available.  All of them are stuck at the downloading step for over a day so far.

 

We have set up a test company as a separate tenant since our main tenant uses the Office365 MDM and Intune does not seem to support sharing MDM authority (it is all or nothing).  I selected the two apps in the Company Portal and they switched to downloading but are stuck at Download Pending.  The required install shows in the Intune console as waiting for install status.

 

I've set up Azure AD free, Exchange Online plan 1, Intune trial.  I created a test user account and assigned Intune licenses to that user and the admin.   I created a Windows 10 Pro Hyper-V VM and used the user account to do the initial login.

 

  • The VM shows in Devices as Corporate, Compliant, and tied to the user account.
  • Device user has an intune license installed
  • Windows 10 Pro is up to date
  • Microsoft Intune Management Engine process is running in Task Manager
  • Settings > Accounts > Access work or school shows connected to MDM and Azure AD as the licensed user
  • Company Portal > Sync succeeds

There is no ProgramData folder. The Program files > intune > Content sub folders exist but are empty.  There are no GUIDs for the 3 installs in HKLM\SOFTWARE\Microsoft\EnterpriseDesktopAPPManagement, just one GUID for something intune installed on its own that completed successfully.

 

Are there other things I can look at for being stuck at Pending?  One thing I wonder about:  this VM is a disposable test VM so I did not activate it with a Windows license key.  Is having an activated license an undocumented requirement for using Intune?

 

 

2 Replies
Hi... There is no ProgramData folder --> no programdata folder or no microsoft\intunemgt blabla folder in it? as programdata is just an hidden folder ...

I always use unlicensed vms for testing purposes... so its not a license issue..
Did you perform the default troubleshooting steps
dsregcmd /status
checking the certificates
checking the ime log
checking the devicemgt event logs

What happens when performing a sync from the account settings instead of the company portal?
Thanks for the quick and detailed response. We're just starting trial use of Intune so I have close to zero troubleshooting experience with it.

> There is no ProgramData folder --> no programdata folder or no microsoft\intunemgt blabla folder in it? as programdata is just an hidden folder ...

D'oh, I never changed the view in the VM to show hidden folders. In the IME log I see this:

> checking the ime log
> checking the certificates

<![LOG[Find 0 MDM certificates.]LOG]!><time="10:13:44.2245158" date="8-10-2022" component="IntuneManagementExtension" context="" type="1" thread="5" file="">
<![LOG[Device join type = DSREG_DEVICE_JOIN]LOG]!><time="10:13:44.2245158" date="8-10-2022" component="IntuneManagementExtension" context="" type="1" thread="5" file="">
<![LOG[Didn't find cert in both store, retry 15]LOG]!><time="10:13:53.5210885" date="8-10-2022" component="IntuneManagementExtension" context="" type="2" thread="12" file="">
<![LOG[Find 0 MDM certificates.]LOG]!><time="10:13:53.5210885" date="8-10-2022" component="IntuneManagementExtension" context="" type="1" thread="12" file="">
<![LOG[Device join type = DSREG_DEVICE_JOIN]LOG]!><time="10:13:53.5210885" date="8-10-2022" component="IntuneManagementExtension" context="" type="1" thread="12" file="">
<![LOG[Didn't find cert in both store, retry 16]LOG]!><time="10:14:44.2362717" date="8-10-2022" component="IntuneManagementExtension" context="" type="2" thread="5" file="">

> dsregcmd /status

Ngc Prerequisite Check > CertEnrollment : none

> checking the devicemgt event logs

Errors

MDM PolicyManager: Set policy precheck precheck call. Policy: (Security), Area: (RequireRetrieveHealthCertificateOnBoot), int value: (0x1) Result:(0x80004005) Unspecified error.

MDM PolicyManager: Set policy int, Policy: (RequireRetrieveHealthCertificateOnBoot), Area: (Security), EnrollmentID requesting set: (AC24F1FD-A0A2-4DEC-86BE-0A5F8AC6A3DF), Current User: (Device), Int: (0x1), Enrollment Type: (0x0), Scope: (0x0), Result:(0x80004005) Unspecified error.

MDM ConfigurationManager: Command failure status. Configuration Source ID: ), Enrollment Name: (MDMFull), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).

Info

MDM Session: OMA-DM session ended with status: (The operation completed successfully.).


> What happens when performing a sync from the account settings instead of the company portal?

I had "sync your settings" turned off in account settings, but enabling it did not add a manual sync button to try.

If the problem is missing certificates, how do I add them? I thought installing the Company Portal would set things up, and its sync seems to work,

A search shows some older posts with scripts in them that are supposed to help, but I don't want to run something if it no longer applies to the current Intune version.