Microsoft Technical Takeoff: Windows and Microsoft Intune
Oct 24 2022 07:00 AM - Oct 27 2022 12:00 PM (PDT)

Windows AutoPilot - Failed to Install last app (alt+tab shows Login window that shouldn't be there)

Occasional Contributor

Windows 10 1909 with AutoPilot


I have seen a similar issue posted in these threads, however mine is not related to Visual C++ or another app. It appears to be related to the Intune Management Extension. I am able to get 14/15 applications to install correctly, however the final application (which I presume to be the Intune Management Extension) hangs. When I alt+tab, it shows a Microsoft Login screen (see uploaded picture) but I cannot switch to it. When I look in the logs, I find errors with the system getting an AAD Token, here is an excerpt from the "_IntuneManagementExtension.txt" output file:

 

<![LOG[AAD User check using device check in app is failed, now fallback to the Graph audience. ex = Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.
   at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.DiscoveryService.<IsAADUserInternal>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.DiscoveryService.<IsAADUser>d__15.MoveNext()]LOG]!><time="12:36:22.4219239" date="11-9-2020" component="IntuneManagementExtension" context="" type="3" thread="9" file="">

I disabled the ESP to see if I can pinpoint the issue, but that did not help - and removed my completely automatic deployment. I will turn it back on, but I need the Intune Management Extension Error resolved so I can continue testing, before I deploy 2,000+ devices and keep them updated.

 

Happy to provide more details if needed.

 

I have an AAD P2 membership, and plenty of Intune Device licenses. Anyone?

 

Anyone have any idea how to get past this?

3 Replies

@Geekmaster614 

 

Don't happen to have some microsoft store apps required in the esp? I have seen this some time when all cloud apps is targeted in some conditional access policies

We do have a couple conditional access policies targeting All Cloud Apps. I just added an exclusion for my AutoPilot group. Giving it some time to sync up and will try deployment again. Thanks for the tip!

@Rudy_Ooms_MVP adding the exception did not seem to make a difference, still sticks and fails on the final app. Do you, or anyone else reading this, know which log to look at to see the Application installation sequence? I only have 13 configured apps for this profile, but it installs 15. I'd like to see which applications it's installing in the 14th & 15th positions.