Win10 Hybrid AD Joined Computers Unable to install apps from Company Portal

Copper Contributor

All of our Windows 10 machines are unable to install any application from the Intune Company Portal. When trying to install an application from Company Portal, it almost immediately says "it's taking a little longer than usual to install this app. Try to install it again" and then presents a Retry button. .MSI, Windows Store for Business, and even the Microsoft-created Office and new Edge packages all do the same thing. Also doesn't matter if application is set as required install or just made available in Intune Portal.

 

All our Windows machines are Hybrid AD joined to Azure AD and enrolled in Intune via GPO. They show up as "compliant" in the device management portal and do get updated config/compliance policies. The devices don't show as requesting the application for install when you look at the Intune portal either.

 

Event Viewer logs in Applications > Windows > DeviceManagement-Enterprise-Diagnostics-Provider show several error entries like the below:

"MDM ConfigurationManager: Command failure status. Configuration Source ID: (CCADB38D-B155-4CAA-820F-52B368E2EEE4), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.)."

 

and:

"MDM PolicyManager: Set policy int, Policy: (RequireRetrieveHealthCertificateOnBoot), Area: (Security), EnrollmentID requesting set: (CCADB38D-B155-4CAA-820F-52B368E2EEE4), Current User: (Device), Int: (0x1), Enrollment Type: (0x6), Scope: (0x0), Result:(0x80004005) Unspecified error."

 

Any thoughts on how to resolve and get our applications back to installing? Even setting up blank, new machines and enrolling yields the same errors.

10 Replies
What version of Windows are you using?

Moe
Do you have SCCM configured in your environment?

@Thijs Lecomte no SCCM. PCs are auto joined to Azure AD and enrolled in Intune via GPO.

@Seth Tate The Fakepolicy event can be ignored. Don`t know exactly why the event is logged, but MS support confirmed there is no issue when you see the event.

When deploying win32 apps have a look at this log file C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log

It logs everything related to the app deployments when using win32 app deployment, but also Edge should be logged in this file.

@Peter KlapwijkI don’t have any Win32 apps that I packaged myself. We are only trying to push/make available MSI installers and Windows Store for Business apps in addition to the Microsoft-provided Office and Edge bundles. None of them install on any Windows 10 machine - leaving manual install the only option for us to get by. When we were troubleshooting, the management extension didn’t even create any logs until a couple of days ago and this has been going on for almost 2 months. All seems related to to the Company Portal.

@Seth Tate The recommended way to go for installing LOB apps is win32, even if these are MSI files.
Win32 provides more control and better logging. I recommend to at least wrap one MSI into win32 package to test. As far as I know MSI isn`t tracked (anymore) during ESP.

The Intune management extension only handles win32 apps and PowerShell scripts, that is probably the reason you don`t see logging.

@Peter Klapwijk  I agree the logging is better with win32 apps. However, none of our apps are setup that way, nor is that an option. Some apps are Windows Store for Business apps that sync with Intune. I think our problem has something to do with our tenant because it immediately fails when you try to install an application. It doesn't even download the install files. Intune device management portal shows no status that a device has requested install either. While I don't have a win32 app already setup in Intune to test, I have a strong feeling they would have the same behavior as Windows Store and MSI apps. Have you ever run into the Company Portal saying "it's taking longer than usual to install this app" immediately after clicking the install button?

Hello, do you still have this issue? This could be related to conditional access policy and MFA.

//Nicklas
Hi, Not experiencing this issue anymore. Microsoft fixed/addressed something on their end and we were able to deploy apps again. No changes to MFA or conditional access required on my side. Thanks.