Is it a co-managed state?
AAD joined device no longer receiving apps
Having an issue with an AAD joined device that is no longer receiving client apps and updates. Under Managed Apps for the device, they are showing "Waiting for Install Status". Apps and updates were previously installing without issue.
I've gone through the following logs below and keep seeing errors over and over, most having to do with getting an AAD token. Does anyone have advice on how to resolve this issue?
IntuneManagementExtension log
Failed to get AAD token. len = 336 using client id fc0f3af4-6835-4174-b806-f7db311fd2f3 and resource id 0000000A-0000-0000-C000-000000000000, errorCode = 3399614476
AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '0000000a-0000-0000-c000-000000000000'.
Trace ID: 33d4e9f3-9cec-4b71-b9fd-0590843e1900
Correlation ID: 06186d47-771a-4dd0-93f9-096c42bfdd71
Timestamp: 2021-03-13 19:56:48Z
Failed to Get UserToken For Web Request with Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneTokenManager.<GetTokenInternalAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneTokenManager.<GetTokenForNewRequestAsync>d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.EmsServiceBase.<<SendWebRequestInternal>b__17_1>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.ImpersonateHelper.<DoActionWithImpersonation>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.EmsServiceBase.<SendWebRequestInternal>d__17.MoveNext()
Also noticed:
[Win32App] start: app workload is not switched from SCCM, skip app check in. now check ESP status.
Doesn't make sense because device is AAD joined
AgentExecutor log
Errors started 12/2
DNS detection: WinHttpGetProxyForUrl call failed because of error 12167 AgentExecutor 12/2/2020 10:31:36 PM 1 (0x0001)
DHCP detection: WinHttpGetProxyForUrl call failed because of error 12167 AgentExecutor 12/2/2020 10:31:36 PM 1 (0x0001)
C:\Windows\TEMP\IntuneWindowsAgent_Proxy_HIDDEN.txt AgentExecutor 12/2/2020 10:31:36 PM 1 (0x0001)
{0} software distribution gets invoked AgentExecutor 12/3/2020 8:55:32 AM 1 (0x0001)
url is https://fef.msua02.manage.microsoft.com/TrafficGateway/TrafficRoutingService/SideCar/StatelessSideCarGatewayService AgentExecutor 12/3/2020 8:55:32 AM 1 (0x0001)
True AgentExecutor 12/3/2020 8:55:32 AM 1 (0x0001)
ClientHealth log
Got empty UserToken For Web Request IntuneManagementExtension 3/14/2021 10:09:09 AM 1 (0x0001)
<![LOG[Exception happens during client health Post Process, the exception is System.AggregateException: One or more errors occurred. ---> System.ComponentModel.Win32Exception: An attempt was made to reference a token that does not exist
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.EmsServiceBase.<SendWebRequestInternal>d__17.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.EmsServiceBase.<SendWebRequest>d__18.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneController.<Put>d__71.MoveNext() --- End of inner exception stack trace --- at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions) at System.Threading.Tasks.Task
1.GetResultCore(Boolean waitCompletionNotification)
at System.Threading.Tasks.Task1.get_Result() at Microsoft.Management.EndUser.IntuneWindowsAgent.ClientHealth.CHReporter.SendReport(SideCarHealthReport report, Int32 sessionId, IController serviceProxy) at Microsoft.Management.EndUser.IntuneWindowsAgent.ClientHealth.ClientHealthRuleEngine.PostProcess() at Microsoft.Management.EndUser.IntuneWindowsAgent.ClientHealth.ClientHealthManager.Run() ---> (Inner Exception #0) System.ComponentModel.Win32Exception (0x80004005): An attempt was made to reference a token that does not exist at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.EmsServiceBase.<SendWebRequestInternal>d__17.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.EmsServiceBase.<SendWebRequest>d__18.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task) at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneController.<Put>d__7
1.MoveNext()<---
11 answers
Sort by: Most helpful
-
-
Lu Dai-MSFT 28,441 Reputation points
2021-04-15T03:20:59.473+00:00 @McKeeman, Samuel Thanks for posting in our Q&A.
From the log you provided, I know that app workload is not switched from SCCM. Given this situation, we appreciate your help to collect some information:
- Is this device a co-management device?
- Please show the screen shot of the device's workload in intune portal.
Note:Please overwrite private information
If there is anything update, feel free to let us know.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread. -
McKeeman, Samuel 1 Reputation point
2021-04-15T16:53:07.817+00:00 Yes, I was concerned when I saw that about the workload because the device is not co-managed.
-
Lu Dai-MSFT 28,441 Reputation points
2021-04-16T02:19:31.767+00:00 @McKeeman, Samuel Thanks for your update.
From the screen shots you provided, this device is not co-management and it is only managed by intune.
Please understand that for such kind of issue, the error logs is not enough to analyze and find the root cause, we may need more logs to analyze the whole process. It is better to create an online support ticket to handle this issue more effectively. It is free. Here is the online support link and hope it helpful.
https://zcusa.951200.xyz/en-us/mem/intune/fundamentals/get-supportHope this issue will be solved as soon as possible.
-
Rahul Jindal [MVP] 10,521 Reputation points MVP
2021-04-16T05:52:59.927+00:00 As per your screenshot the device seems to be checking in. I will not go by the status on Intune portal as that is never accurate. However, what you should do is check on the machine locally. Do you have the Company Portal app installed?