cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

MDM Session: OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x80072efe).

imyouradmin
Copper Contributor

‎May 16 2023 10:08 PM - edited ‎May 16 2023 10:56 PM

‎May 16 2023 10:08 PM - edited ‎May 16 2023 10:56 PM

MDM Session: OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x80072efe).

I'm having an issue with some devices in our environment enrolling successfully into Intune. 

 

Here is the lay of the land. 

 

1. Devices are hybrid joined.

2. Using GPO to enforce auto-enrollment. 

3. PCs that are not successful in joining to Intune are getting the following error: 

imyouradmin_0-1684299861592.png

4. Certificates are valid.

5. Scheduled tasks are present. 

6. Sync in accounts shows same error:

imyouradmin_0-1684302724065.png

7. In Azure devices the device shows up as enabled, with an owner, MDM as Microsoft Intune, and Compliance as No.

imyouradmin_0-1684303011746.png

 

I've searched all over for the exact same error of 0x80072efe and nothing that helps me.

 

There is no smoking gun that is similar among these PCs. No firewall issues. Some PCs on the same VLAN will register just fine while others continue to get this error. 

 

Total PC count: 1400

PCs having issue: 600

 

Any help is appreciated!

20.8K Views
0 Likes
7 Replies
Reply
7 Replies
Rudy_Ooms_MVP

‎May 19 2023 02:10 AM

‎May 19 2023 02:10 AM

Re: MDM Session: OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x80072efe).

Sounds like a fun issue! :) ... looking at the error it just tells you WININET_E_CONNECTION_ABORTED

If you could share logs, I could take a look at it...
0 Likes
Reply
imyouradmin

‎May 19 2023 03:11 AM

‎May 19 2023 03:11 AM

Re: MDM Session: OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x80072efe).

Thanks for the reply!

Any specific logs you are wanting?
0 Likes
Reply
Rudy_Ooms_MVP

‎May 19 2023 03:16 AM

‎May 19 2023 03:16 AM

Re: MDM Session: OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x80072efe).

depends.... :)
Try to sync the device and run this command (will fetch all logs... ms also uses it :) )

wget https://aka.ms/intuneps1 -outfile IntuneODCStandAlone.ps1
powerShell -ExecutionPolicy Bypass -File .\IntuneODCStandAlone.ps1
0 Likes
Reply
imyouradmin

‎May 19 2023 06:09 AM - edited ‎May 19 2023 06:11 AM

‎May 19 2023 06:09 AM - edited ‎May 19 2023 06:11 AM

Re: MDM Session: OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x80072efe).

@Rudy_Ooms_MVP I'm working on getting the logs unfortunately people are actively using the computers so I will get it asap. 

 

I do fine this interesting that they show up in Azure as a device with a MDM status:

imyouradmin_0-1684501859988.png

 

But in Intune it doesn't even show up as a device:

imyouradmin_1-1684501759536.png

You will have to trust me a little that the names are both correct. 

 

0 Likes
Reply
imyouradmin

‎May 22 2023 12:46 PM

‎May 22 2023 12:46 PM

Re: MDM Session: OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x80072efe).

I find this odd too. We get random usernames with Windows and the date show up in Intune but it doesn't seem to correct itself and associate with the windows device. 

 

imyouradmin_0-1684784767811.png

 

0 Likes
Reply
best response confirmed by imyouradmin (Copper Contributor)
imyouradmin

‎May 25 2023 09:34 AM - edited ‎May 25 2023 10:02 AM

‎May 25 2023 09:34 AM - edited ‎May 25 2023 10:02 AM

Solution

Re: MDM Session: OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x80072efe).

We believe we figured this out. We are still monitoring it but we believe that SSL decryption was the cause of this. Even though the Microsoft articles say to not do it to https://device.login.microsoftonline.com we tried that with no success we had to exclude all Microsoft traffic from being decrypted on our firewall via a Dynamic List. Hope this helps someone out!

Article in reference was https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join that mentioned just that one URL.

 

We also prevented our PCs from being Azure AD Registered as Hybrid was our preferred method and we set the following registry key.

 

HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin "BlockAADWorkplaceJoin"=dword:00000001

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by imyouradmin (Copper Contributor)
imyouradmin

‎May 25 2023 09:34 AM - edited ‎May 25 2023 10:02 AM

‎May 25 2023 09:34 AM - edited ‎May 25 2023 10:02 AM

Solution

Re: MDM Session: OMA-DM message failed to be sent. Result: (Unknown Win32 Error code: 0x80072efe).

We believe we figured this out. We are still monitoring it but we believe that SSL decryption was the cause of this. Even though the Microsoft articles say to not do it to https://device.login.microsoftonline.com we tried that with no success we had to exclude all Microsoft traffic from being decrypted on our firewall via a Dynamic List. Hope this helps someone out!

Article in reference was https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join that mentioned just that one URL.

 

We also prevented our PCs from being Azure AD Registered as Hybrid was our preferred method and we set the following registry key.

 

HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin "BlockAADWorkplaceJoin"=dword:00000001

View solution in original post

0 Likes
Reply