This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 56.00000000000001%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Having an issue with an AAD joined device that is no longer receiving client apps and updates. Under Managed Apps for the device, they are showing "Waiting for Install Status". Apps and updates were previously installing without issue.
I've gone through the following logs below and keep seeing errors over and over, most having to do with getting an AAD token. Does anyone have advice on how to resolve this issue?
IntuneManagementExtension log
Failed to get AAD token. len = 336 using client id fc0f3af4-6835-4174-b806-f7db311fd2f3 and resource id 0000000A-0000-0000-C000-000000000000, errorCode = 3399614476
AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '0000000a-0000-0000-c000-000000000000'.
Trace ID: 33d4e9f3-9cec-4b71-b9fd-0590843e1900
Correlation ID: 06186d47-771a-4dd0-93f9-096c42bfdd71
Timestamp: 2021-03-13 19:56:48Z
Failed to Get UserToken For Web Request with Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneTokenManager.<GetTokenInternalAsync>d__41.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.IntuneTokenManager.<GetTokenForNewRequestAsync>d__39.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.EmsServiceBase.<<SendWebRequestInternal>b__17_1>d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.ImpersonateHelper.<DoActionWithImpersonation>d__4.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
at Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.EmsServiceBase.<SendWebRequestInternal>d__17.MoveNext()
Also noticed:
[Win32App] start: app workload is not switched from SCCM, skip app check in. now check ESP status.
Doesn't make sense because device is AAD joined
AgentExecutor log
Errors started 12/2
DNS detection: WinHttpGetProxyForUrl call failed because of error 12167 AgentExecutor 12/2/2020 10:31:36 PM 1 (0x0001)
DHCP detection: WinHttpGetProxyForUrl call failed because of error 12167 AgentExecutor 12/2/2020 10:31:36 PM 1 (0x0001)
C:\Windows\TEMP\IntuneWindowsAgent_Proxy_HIDDEN.txt AgentExecutor 12/2/2020 10:31:36 PM 1 (0x0001)
{0} software distribution gets invoked AgentExecutor 12/3/2020 8:55:32 AM 1 (0x0001)
url is https://fef.msua02.manage.microsoft.com/TrafficGateway/TrafficRoutingService/SideCar/StatelessSideCarGatewayService AgentExecutor 12/3/2020 8:55:32 AM 1 (0x0001)
True AgentExecutor 12/3/2020 8:55:32 AM 1 (0x0001)
ClientHealth log
Got empty UserToken For Web Request IntuneManagementExtension 3/14/2021 10:09:09 AM 1 (0x0001)
<
Is it a co-managed state?
@McKeeman, Samuel Thanks for posting in our Q&A.
From the log you provided, I know that app workload is not switched from SCCM. Given this situation, we appreciate your help to collect some information:
If there is anything update, feel free to let us know.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Yes, I was concerned when I saw that about the workload because the device is not co-managed.
@McKeeman, Samuel Thanks for your update.
From the screen shots you provided, this device is not co-management and it is only managed by intune.
Please understand that for such kind of issue, the error logs is not enough to analyze and find the root cause, we may need more logs to analyze the whole process. It is better to create an online support ticket to handle this issue more effectively. It is free. Here is the online support link and hope it helpful.
https://learn.microsoft.com/en-us/mem/intune/fundamentals/get-support
Hope this issue will be solved as soon as possible.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 68%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
I am having exactly same issue and trying to fix sine last 4 weeks.
Did anyone have any solutions for this issue . My devices are Intune manged only and local updates no 3rd party or Confg mgr. My devices are purely Intune managed.
As per your screenshot the device seems to be checking in. I will not go by the status on Intune portal as that is never accurate. However, what you should do is check on the machine locally. Do you have the Company Portal app installed?