question

TomGorgis-5668 avatar image
0 Votes"
TomGorgis-5668 asked PuDerBaer edited

ConfigMgr Co-managed Hybrid Intune

I have currently integrated ConfigMgr 2006 with Intune, I can see in the MEM admin Portal ConfigMgr and Co-Managed for the same device 2x entries and the logs show that there is an error when trying to MDM the device. I cannot understand why that error message is appearing.

<![LOG[Getting/Merging value for setting 'CoManagementSettings_Capabilities']LOG]!><time="23:27:37.221-660" date="11-12-2020" component="CoManagementHandler" context="" type="1" thread="2040" file="handler.cpp:167">
<![LOG[Merged value for setting 'CoManagementSettings_Capabilities' is '1']LOG]!><time="23:27:37.221-660" date="11-12-2020" component="CoManagementHandler" context="" type="1" thread="2040" file="handler.cpp:219">
<![LOG[New merged workloadflags value with co-management max capabilities '4095' is '1']LOG]!><time="23:27:37.221-660" date="11-12-2020" component="CoManagementHandler" context="" type="1" thread="2040" file="handler.cpp:235">
<![LOG[Getting/Merging value for setting 'CoManagementSettings_Allow']LOG]!><time="23:27:37.221-660" date="11-12-2020" component="CoManagementHandler" context="" type="1" thread="2040" file="handler.cpp:167">
<![LOG[Merged value for setting 'CoManagementSettings_Allow' is 'true']LOG]!><time="23:27:37.221-660" date="11-12-2020" component="CoManagementHandler" context="" type="1" thread="2040" file="handler.cpp:219">
<![LOG[Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).]LOG]!><time="23:27:37.221-660" date="11-12-2020" component="CoManagementHandler" context="" type="2" thread="2040" file="MdmRegLib.cpp:214">
<![LOG[Machine is already enrolled with MDM]LOG]!><time="23:27:37.331-660" date="11-12-2020" component="CoManagementHandler" context="" type="1" thread="2040" file="handler.cpp:397">
<![LOG[Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).]LOG]!><time="23:27:37.331-660" date="11-12-2020" component="CoManagementHandler" context="" type="2" thread="2040" file="MdmRegLib.cpp:214">
<![LOG[Device is provisioned]LOG]!><time="23:27:37.346-660" date="11-12-2020" component="CoManagementHandler" context="" type="1" thread="2040" file="MdmRegLib.cpp:671">
<![LOG[State ID and report detail hash are not changed. No need to resend.]LOG]!><time="23:27:37.346-660" date="11-12-2020" component="CoManagementHandler" context="" type="1" thread="2040" file="comgmtagent.cpp:1754">
<![LOG[Device is enrolled.]LOG]!><time="00:29:56.743-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="3280" file="comgmtagent.cpp:482">
<![LOG[Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).]LOG]!><time="00:29:56.743-660" date="11-13-2020" component="CoManagementHandler" context="" type="2" thread="3280" file="MdmRegLib.cpp:214">
<![LOG[Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).]LOG]!><time="00:29:56.758-660" date="11-13-2020" component="CoManagementHandler" context="" type="2" thread="3280" file="MdmRegLib.cpp:214">
<![LOG[Device is provisioned]LOG]!><time="00:29:56.774-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="3280" file="MdmRegLib.cpp:671">
<![LOG[State ID and report detail hash are not changed. No need to resend.]LOG]!><time="00:29:56.774-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="3280" file="comgmtagent.cpp:1754">
<![LOG[Processing GET for assignment (ScopeId_F1E90A61-DC90-44DB-9E38-6D47B55B70FC/ConfigurationPolicy_c0c98226-b50a-4a09-827a-c5696deffb23 : 1)]LOG]!><time="00:41:36.166-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="handler.cpp:74">
<![LOG[Getting/Merging value for setting 'CoManagementSettings_AutoEnroll']LOG]!><time="00:41:36.166-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="handler.cpp:167">
<![LOG[Merged value for setting 'CoManagementSettings_AutoEnroll' is 'true']LOG]!><time="00:41:36.166-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="handler.cpp:219">
<![LOG[Getting/Merging value for setting 'CoManagementSettings_Capabilities']LOG]!><time="00:41:36.166-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="handler.cpp:167">
<![LOG[Merged value for setting 'CoManagementSettings_Capabilities' is '1']LOG]!><time="00:41:36.166-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="handler.cpp:219">
<![LOG[New merged workloadflags value with co-management max capabilities '4095' is '1']LOG]!><time="00:41:36.166-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="handler.cpp:235">
<![LOG[Getting/Merging value for setting 'CoManagementSettings_Allow']LOG]!><time="00:41:36.166-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="handler.cpp:167">
<![LOG[Merged value for setting 'CoManagementSettings_Allow' is 'true']LOG]!><time="00:41:36.166-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="handler.cpp:219">
<![LOG[Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).]LOG]!><time="00:41:36.166-660" date="11-13-2020" component="CoManagementHandler" context="" type="2" thread="4552" file="MdmRegLib.cpp:214">
<![LOG[Machine is already enrolled with MDM]LOG]!><time="00:41:36.213-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="handler.cpp:397">
<![LOG[Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).]LOG]!><time="00:41:36.213-660" date="11-13-2020" component="CoManagementHandler" context="" type="2" thread="4552" file="MdmRegLib.cpp:214">
<![LOG[Device is provisioned]LOG]!><time="00:41:36.229-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="MdmRegLib.cpp:671">
<![LOG[State ID and report detail hash are not changed. No need to resend.]LOG]!><time="00:41:36.229-660" date="11-13-2020" component="CoManagementHandler" context="" type="1" thread="4552" file="comgmtagent.cpp:1754">

mem-cm-co-management
· 5
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TimmyAndersson avatar image TimmyAndersson ·

Some follow up question,

  1. Do you see this problem on all of your devices ?

  2. What Win10 version are you on ?

  3. When did you start seeing this issue?

  4. did it work in the past ?


0 Votes 0 ·
TomGorgis-5668 avatar image TomGorgis-5668 TimmyAndersson ·

Do you see this problem on all of your devices ? Yes

What Win10 version are you on ? Win 10 20H2

When did you start seeing this issue? This started recently after an upgrade to ConfigMgr 2006 KB4578605

did it work in the past ? It did work in the past now I can no longer have 1 its 2x entries for every device thats added to configmgr and enrolled into intune.

I am having suspicions it is something to do with the client ID not being detected once it registers

0 Votes 0 ·
SimonRenMSFT-3639 avatar image SimonRenMSFT-3639 ·

Hi,

Thanks for posting in Microsoft MECM Q&A forum and your information.

1.What version of ConfigMgr client agent you are using? If possible, please update the ConfigMgr client agent to the latest version to have a try.

2.Can we find any further information in CoManagementHandler.log and ComplRelayAgent.log?

Best regards,
Simon

0 Votes 0 ·
TomGorgis-5668 avatar image TomGorgis-5668 SimonRenMSFT-3639 ·

@SimonRenMSFT-3639 thanks for reaching out,

My ConfigMgr version is 2006 with the latest hotfix and I have Client version 5.00.9012.1052

I deleted the machines from SCCM and from MEM and then rediscovered the devices, I then readded the devices to the Co-Management SCCM collection to rediscover for Co-Management.

  1. device worked perfectly fine I am waiting for the other they take a bit of time to re-register.

I think there is something about devices and moving from ConfigMgr to Co-Managed status - When I look it reads as though the ConfigMgr and Comanaged are being seen as a duplicate at times....

Once I remove them they do not have the issue this happened since the I updated ConfigMgr to Hotfix KB4578605 this seems to be causing the problem

I will attach the logs once the device is re-registered and if it has the same problem after the new discovery.



0 Votes 0 ·
TomGorgis-5668 avatar image TomGorgis-5668 TomGorgis-5668 ·

39889-comanagementhandler.log




0 Votes 0 ·
comanagementhandler.log (115.5 KiB)

4 Answers

SimonRenMSFT-3639 avatar image
0 Votes"
SimonRenMSFT-3639 answered SimonRenMSFT-3639 commented

Hi,

Thanks for your reply.

As you have installed KB 4578605 and clients have upgraded to version 5.00.9012.1052 before completing the co-management onboarding process. It looks like the scenario described in KB4575787:
Co-management enrollment takes longer than expected for Configuration Manager clients

If clients have not yet upgraded to version 5.00.9012.1052 from KB 4578605, it is recommended first to disable automatic client upgrade on the Client Upgrade tab of Hierarchy Settings. This removes the need to upgrade clients twice in a row: once from the update rollup and once from this standalone update. The client.msp file shipping in this update contains all of the prior changes that shipped with update rollup KB 4578605.

Best regards,
Simon

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TomGorgis-5668 avatar image TomGorgis-5668 ·

Thank you Simon,

I update the environment tonight and see how it goes i think this will resolve my issue.

I did a work around above and seems to be working ok but I will give this update a try as well no harm in trying it :)

0 Votes 0 ·
SimonRenMSFT-3639 avatar image SimonRenMSFT-3639 TomGorgis-5668 ·

Hi,

Thanks for your reply. If you have any questions in future, we warmly welcome you to post in Microsoft Q&A forum again.

Have a nice day!

Best Regards,
Simon

0 Votes 0 ·
MartinsKlisans-3756 avatar image
1 Vote"
MartinsKlisans-3756 answered

Hi,
I have the same problem. Error in many of SCCM client logs - Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000).
I am not shure, that samething is not working on SCCM client side. Should I worry about that?
My SCCM server is updatet with all avalible updates.
See attached screenshot of SCCM an client log file with these errors.
42981-capture.png


42895-comanagementhandler.log



capture.png (8.1 KiB)
comanagementhandler.log (179.1 KiB)
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

BelanMarek avatar image
0 Votes"
BelanMarek answered

I have the same problem. Environment on 2010 :
Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000) on all devices !!!

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PuDerBaer avatar image
0 Votes"
PuDerBaer answered PuDerBaer edited

Same problem here: Failed to GetDeviceManagementConfigInfo, honor MEM authority. Error (0x00000000) on all devices with Windows 10 20H2.
It does not happen with 1803.

SCCM 2006 with all patches.

In the IntuneManagementExtension.log I can also see:

AAD User check is failed, exception is Intune Management Extension Error.
Exception: Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.TokenAquireException: Attempt to get token, but failed.

LogonUser failed with error code : 1008

AAD User check is failed, exception is System.ComponentModel.Win32Exception (0x80004005): An attempt was made to reference a token that does not exist

AAD User check using device check in app is failed, now fallback to the Graph audience. ex = System.ComponentModel.Win32Exception (0x80004005): An attempt was made to reference a token that does not exist

And after a couple of days the devices are completely loosing their management in MDM. All configuration policies and Apps that were deployed are gone.

A manual sync works perfect and the device shows up in the MDM portal with a recent contact date and time......

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.