This blog will explain you some tips and tricks to troubleshoot your MDM capability with ConfigMgr\Intune.
Configuration Manager has a few logs for you available once you have installed the Windows Intune Subscription and the Intune Connector server role.
Let’s have a look.
The Intune Connector establishes the connection between ConfigMgr and Intune related to that 2 log files (dmpuploader and dmpdownloader) might be useful.
This uploads changes from the On-Prem DB to Intune, for instance a new application which looks like this:
Errors that I have seen:
ERROR 1: LSU cannot be reached… There was no endpoint listening
ROOT CAUSE: Network Connectivity, Proxy issues,…
ERROR 2: LSU cannot be reached…The HTTP was forbidden with Client Authentication
ROOT CAUSE: The certificate that the connector is using to talk to Intune is invalid
ERROR 3: GetMessages CommunicationException (the HTTP service located at https://…)
ROOT CAUSE: most probably there is an issue in the MSFT datacenter
Downloader retrieves registration, inventory, status messages from devices send to Intune and forwards them to the corresponding on premise components
Here you can see if the users that are allowed to enroll devices (part of the Collection that you have configured during the Intune Subscription) are synced correctly into Intune.
Here is how a normal message looks like once you have added a new user to the Collection.
It might happen that users are failed, mostly this is because the user not exists in Intune because of the DirSync has not happend yet.
This should solve itself automatically as DirSync is scheduled (default each 3 hours) and CloudUserSync will sync each 5 minutes.
Another way to troubleshoot issues with users, is checking the CM database directly. More in particular the CloudUserID column of the USER_DISC table.
NULL: User is not licensed to enroll a device
GUID: User is licensed to enroll device
If you have 000000000-0000-0000-0000-000000000000000 it means that the user previously was licensed but is not a member of device management collection anymore.
If you distribute an Application that you want to target to Mobile Devices you need to select the Cloud DP in ConfigMgr (manage.microsoft.com)
If you experience problems to distribute your content to the cloud Outgoingcontentmanager.log might be an interesting log to check.
In Distrmgr.log you can see that the distribution gets prepared. (DMP)
In Outgoingcontentmanager.log you can see the actual progress to the cloud.
That’s all for now. Till next time!
Nico Sienaert (@nsienaert)