Status Codes Deep Dive – Troubleshooting Win32 App Deployment

About an year ago, Microsoft announced Windows (Win32) app deployment using Intune, since then it has been improving with new additions/features.

Intune standalone allows greater Win32 app management capabilities. While it is possible for cloud-connected customers to use Configuration Manager for Win32 app management, Intune-only customers will have greater management capabilities for their Win32 line-of-business (LOB) apps.

For more information about Win32 App management, please read https://docs.microsoft.com/en-us/intune/apps/apps-win32-app-management

A few days ago, I was troubleshooting an issue on the autopilot device for win32 apps and some of the apps will not install for various reasons.

On windows, if app install is not working, it is always challenging and we always tend to look at the logs or event viewer or registry, to start troubleshooting.

For win32 app troubleshooting, there are logs or registry that will help you to provide more information about the issue.

In this blog post, we will see the logs, event viewer and status values for application state, Compliance State Message and Enforcement State Message in the Intune Management Extension registry.

Win32 apps log location:

Win32 Agent logs on the client machine are located at “C:\ProgramData\Microsoft\IntuneManagementExtension\Logs”.

clip_image002_thumb[1]

IntuneManagementExtension.log—>This is the main client log file, it contains all the agent check-in, compliance status, enforcement status, policy request, policy processing, and reporting activities.

_IntuneManagementExtension.log—> Historical log file, it contains all the agent check-in, compliance status, enforcement status, policy request, policy processing, and reporting activities.

AgentExecutor.log—> This log file is updated to track Powershell script execution details.

ClientHealth.log—>This log file is updated to track sidecar agent-client health activities.

Content download folders:

On X64 client machines:
C:\Program Files (x86)\Microsoft Intune Management Extension\Content
C:\windows\IMECache

On X86 client machines:
C:\Program Files\Microsoft Intune Management Extension\Content
C:\windows\IMECache

It is recommended to exclude the above directories from anti-malware scanning.

Win32 apps Registry location:

For any win32 app that gets deployed on a device, there is a registry location that stores the information about the app with its deployment status.

The registry location for win32 apps: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\

clip_image004_thumb[1]

In the registry key, you will see multiple SID’s either for device or user. For device, it will be all 0000 and rest will be user Object IDs.

These Object ID’s that you see in the registry key which do not contain 000000 are user object IDs coming from Azure Active directory.

clip_image006_thumb[1]

You can use Powershell or graph API to find the user based on object ID.

Under the user or device, you can see multiple ID’s and these are the win32 apps deployed by Intune.

Each Application ID contains 2 registry keys.

clip_image008_thumb[1]

clip_image010_thumb[1]

ComplianceStateMessage—>This consists of Applicability, ComplianceState , DesiredState, ErrorCode

EnforcementStateMessage—>EnforcementState

When you deploy an application, it contains several return codes and these codes are stored in registry with integer values.

If you open the IntuneManagementExtension.log, you will see the application status with applicability, compliance state, desired state error code, etc. but there is no meaningful description.

clip_image012_thumb[1]

I have listed the values for application states that are stored in the Intune Management Extension registry.

This should help you to identify the status of the deployed application.

Compliance State:

Values Description
0 Unknown
1 Compliant
2 Not compliant
3 Conflict (Not applicable for app deployment)
4 Error

Desired State:

Values Description
0 None
1 NotPresent
2 Present
3 Unknown
4 Available

Enforcement State:

Values Description
1000 Succeeded
1003 Received command to install
2000 Enforcement action is in progress
2007 App enforcement will be attempted once all dependent apps have been installed
2008 App has been installed but is not usable until device has rebooted
2009 App has been downloaded but no installation has been attempted
3000 Enforcement action aborted due to requirements not being met
4000 Enforcement action could not be completed due to unknown reason
5000 Enforcement action failed due to error.  Error code needs to be checked to determine detailed status
5003 Client was unable to download app content.
5999 Enforcement action failed due to error, will retry immediately.
6000 Enforcement action has not been attempted.  No reason given.
6001 App install is blocked because one or more of the app's dependencies failed to install.
6002 App install is blocked on the machine due to a pending hard reboot.
6003 App install is blocked because one or more of the app's dependencies have requirements which are not met.
6004 App is a dependency of another application and is configured to not automatically install.
6005 App install is blocked because one or more of the app's dependencies are configured to not automatically install.’

If there are any failed win32 apps and you want to reinitiate the installation, you can simply restart the win32 IME (Microsoft Intune Management Extension) service and monitor the logs.

clip_image014_thumb[1]

I hope you find this information useful for troubleshooting intune win32 apps deployment.

Continue reading:

Troubleshoot app installation issues https://docs.microsoft.com/en-us/intune/apps/troubleshoot-app-install

Troubleshooting MSI App deployments in Microsoft Intune https://techcommunity.microsoft.com/t5/Intune-Customer-Success/Support-Tip-Troubleshooting-MSI-App-deployments-in-Microsoft/ba-p/359125

Leave a Reply