Fix Intune Enrollment Error Unknown Win32 Error code 0x8018002b | 0xcaa90014

I have seen Intune Enrollment Error Unknown Win32 error codes 0x8018002b & 0xcaa90014 a couple of times in different environments. Normally this issue is because one or more Intune enrollment prerequisites are not met. But this issue and fix are a bit different and strange.

Hopefully, this post will help you to understand the importance of patience. In this post, you will also learn about the Intune MDM enrollment-related event logs and the flow of events. Intune MDM component-related troubleshooting is mainly based on event logs.

Related Post – Learn How To Collect Windows 10 Diagnostics Information From Intune Portal | Endpoint Manager – HTMD – How To Manage Devices

Missing Info Tab?

The first step is that you need to confirm whether the Windows 10 device is enrolled in Intune or not. You can check this from:

• Click on the Start button and type Settings to open the settings page.
• Click on the Accounts option from the setting page.
• Click on the Access Work or School button.
• Check whether you can see any connection box there.
• Click on the connection Box and check whether the INFO button is there or not.
• If the Info tab is missing from the connection box, this device is not enrolled in Intune yet.

Intune Enrollment Error Unknown Win32 Error code 0x8018002b | 0xcaa90014

You can get more details about Intune Enrollment Error Unknown Win32 Error code 0x8018002b and 0xcaa90014 from the event logs.

NOTE! – Location of Intune MDM Event Logs > Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider/Admin

I have seen the following errors in the event log and a blog post related to this error. I don’t think I have the same issue because we don’t sync the password hash to Azure AD using Azure AD Connect.

Event ID 76 Auto MDM Enroll: Device Credential (0x0), Failed (The system tried to delete the JOIN of a drive that is not joined.)
Event ID 90 Auto MDM Enroll Get AAD Token: Device Credential (0x0), Resource Url (NULL), Resource Url 2 (NULL), Status (Unknown Win32 Error code: 0x8018002b)
Event ID 76 Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0x8018002b)
Event ID 76 Auto MDM Enroll: Device Credential (0x0), Failed (Unknown Win32 Error code: 0xcaa90014)

Prerequisite Check

I have gone through all the Intune Group policy enrollment-related prerequisite checks one by one, as I explained in the following blog post – Windows 10 Intune Enrollment Using Group Policy | Automatic Enrollment | WVD HTMD Blog (anoopcnair.com).

I have also checked the Azure AD portal to see whether the device record is available there or not. The device record was there in the Azure AD portal as well.

I tried to run and check whether the Hybrid Azure AD joined worked OK or not using the following command-line utility.

• DSREGCMD /STATUS
  • The device is successfully joined to Hybrid Azure AD as per the status of the command-line tool.

Windows – Intune Enrollment Process Flow

Well, now I’m stuck. I couldn’t figure out what I should be the next as a troubleshooting step. I tried to check Azure’s health status, and it also looked ok. I wanted to have a tea break to get energized again. Let’s find out what is that interesting fix for Intune Enrollment Error Unknown Win32 Error.

After the tea break, the issue got resolved without any interaction from my side. Also, I’m not aware of any issues related to AAD connect or ADFS involved in this. I know this is something extraordinary. The fix here is to have some patience (the cloud is a black box), wait for 30-40 minutes, and check again.

If it’s happening regularly in your environment, you need to troubleshoot further to understand why there is a delay with Intune enrollment. I have seen the delay mostly due to network connectivity or firewall issues.

Now, let’s look into the event logs to understand the Intune enrollment process.

Event IDs 90 and 91 indicate that the Azure AD token authentication with device credentials worked fine before Intune enrollment. It’s able to send the AADRESOURCEURL with tenant ID and user UPN to check whether the user has a valid license and other configurations.

• Event ID 90 – Auto MDM Enroll Get AAD Token: Device Credential (0x0), Resource Url (https://enrollment.manage.microsoft.com/), Resource Url 2 (NULL), Status (The operation completed successfully.)
• Event ID 91 – Auto MDM Enroll Enrollment Information: AadResourceUrl (https://enrollment.manage.microsoft.com/enrollmentserver/discovery.svc), DiscoveryServiceFullUrl (https://enrollment.manage.microsoft.com/), TenantID (386b38hh-yx65-442b-aaOe-3b94ad25a97b), Upn ([email protected])

The following event IDs related to Intune Enrollment help understand the Intune (MDM) client-side workflow.

• Event ID 4 – MDM Enroll: Certificate policy request sent successfully.
• Event ID 6 – MDM Enroll: Certificate policy response processed successfully.
• Event ID 8 – MDM Enroll: Certificate enrollment request sent successfully.
• Event ID 10 – MDM Enroll: Certificate enrollment response parsed successfully.
• Event ID 16 – MDM Enroll: OMA-DM client configuration succeeds.
• Event ID 58 – MDM Enroll: Provisioning succeeded.
• Event ID 72 – MDM Enroll: Succeeded
• Event ID 75 – Auto MDM Enroll: Device Credential (0x0), Succeeded

Resources

• Windows 10 Intune Enrollment Using Group Policy | Automatic Enrollment | WVD HTMD Blog (anoopcnair.com)
• Endpoint Manager / Intune AutoJoin different local domain – Microsoft Q&A
• Windows 10 MDM Log Checklist – Ultimate Help Guide – #1 (anoopcnair.com)

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…