Hi MPU-9566,
it seems that I‘m seeing exactly the same problems as you.
Did you ever find a solution?
Thank you in advance! :-)
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have a devices enrolled in Intune through co-management in SCCM. For the first couple of days everything is fine, but at some point they just stop applying all configuration and compliance profiles. Sometimes it's a couple of days sometimes it's hours.
All profiles are applied to on-prem AD groups sync'd to AAD. I have confirmed the computer is a member of the on-prem AD group and that after synchronization it is a member of the group in AAD.
When you look at the configuration profile it says it is applied to two computers, but when you check Device Status it only list one computer. Same goes for the compliance profile, says it is applied to 10 devices but when you check Device Status only 9 are listed.
When you look at the computer itself it will have sync'd policy in the past 30 minutes but when you look at device compliance and device configuration it says no data.
Eventviewer looks good, but I do get the following error every 12 hours:
MDM ConfigurationManager: Command failure status. Configuration Source ID: (B2B5E459-8890-47C2-9C8F-7632556E62BB), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Receiver/Properties/Policy/FakePolicy/Version), Result: (The system cannot find the file specified.).
I've checked in IntuneManagementExtension.log and there are errors but Microsoft says they are transient.
Failed to get AAD token. len = 34 using client id fc0f3af4-6835-4174-b806-f7db311fd2f3 and resource id 00000002-0000-0000-C000-000000000000, errorCode = 3399548929
AAD User check is failed, exception is Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.
LogonUser failed with error code : 1008
AAD User check is failed, exception is System.ComponentModel.Win32Exception (0x80004005): An attempt was made to reference a token that does not exist
AAD User check using device check in app is failed, now fallback to the Graph audience. ex = System.ComponentModel.Win32Exception (0x80004005): An attempt was made to reference a token that does not exist
This happens to every single box we've enrolled into Intune. They work perfectly for an indeterminate amount of time then they just stop applying all Intune policies. The issues never correct themselves no matter how long we let them set, and they problems actually get worse the longer they set. The only thing we can do is reinstall the boxes but we're at the point where we are reinstalling boxes at least once a day.
Any help would be greatly appreciated.
Hi MPU-9566,
it seems that I‘m seeing exactly the same problems as you.
Did you ever find a solution?
Thank you in advance! :-)
Is there an update on this issue? We are facing the same issue in our environment.