Intune Win32 App Troubleshooting Client Side Process Flow

30
Intune Win32 App Troubleshooting

In my previous post part 1, we the created Intune Win32 app and deployed as “available” for users. In this post, we will Deep dive intune client-side events. Intune Win32 app troubleshooting details are explained in this post.

****Updated on 17th April 2019

How to deploy .EXE applications via Intune? The same Intune Win32 app packaging and installation method can be used for installing .EXE applications via Intune.

Do you see any similarities between the Intune Win32 app troubleshooting and SCCM troubleshooting? If so, that is not coincident 🙂 Intune Win32 app code is very similar to SCCM application model. Hence in many scenarios, you will see many similarities.

[Related TopicIntune Win32 App Deployment using Modern Management]

Intune Win32 Application – Client-Side Events

I tried to explain you the Intune Win32 app deployment process flow. You need to understand the process flow to perform Intune Win32 app troubleshooting.

intune win32 application workflowUser Requested legacy apps

We initiated the application installation from the company portal. Once initiated the application will start downloading and install. Intune Win32 App Troubleshooting starts with the deployments checks or Intune troubleshooting as Anoop explained in his post.

Intune Win32 App Troubleshooting Client Side Process Flow 1

Intune Management Extension

The Intune management extension is the client-side component to manage the MDM Win 32 application deployment. Below are the 3 Intune Management Extension Agent working folders. We will go through the purpose of these folders in detail.

Location of logs C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

[Related TopicIntune Win32 App Deployment using Modern Management]

  • Incoming
  • Staging
  • Staged

Intune Win32 App Troubleshooting

Logs – Intune Win32 App Troubleshooting

For troubleshooting Intune client-side events, you can refer below 3 logs

  • IntuneManagementExtension.log : Tracks the Intune Management extension component events
  • AgentExecuter : Track any PowerShell execution events
  • ClientHealth.log :  Track client-health related events

Intune Win32 App Troubleshooting

Detection Rules Evaluation – Intune Win32 App Troubleshooting

Detection rules are again used in SCCM application model deployments, and Intune win32 uses the similar detection rules 🙂

  • Detection rules processed
  • WMI query used to detect the application installation status.
[Win32App] ProcessDetectionRules starts
query: select * from Win32_Product where IdentifyingNumber='{AC76BA86-7AD7-1033-7B44-AC0F074E4100}' or IdentifyingNumber='AC76BA86-7AD7-1033-7B44-AC0F074E4100'
[Win32App] Checked ProductCode {AC76BA86-7AD7-1033-7B44-AC0F074E4100}, Cannot find, applicationDetected: False
[Win32App] Completed detectionManager SideCarProductCodeDetectionManager, applicationDetectedByCurrentRule: False

Intune Win32 App Troubleshooting

Check Applicability – Intune Win32 App Troubleshooting

Once app “Detection rule” evaluation complete then next step is “Check Applicability“. Checks performed against the rules we configured before.

[Win32App] applicationRequirementMetadata RequiredOSArchitecture: 2, client Is64BitOperatingSystem: True, applicability: Applicable.
[Win32App] applicationRequirementMetadata expected version: 10.0.14393, client version: 10.0.17763, applicability: Applicable.
[Win32App] applicationRequirementMetadata RequiredFreespace: 250.00, availableFreeSpaceInMB: 10,925.00 on Drive C:\, applicability: Applicable
[Win32App] applicationRequirementMetadata RequiredTotalPhysicalMemory: 250.00, totalPhysicalMemoryInMB: 1,024.00, applicability: Applicable.

Intune Win32 App Troubleshooting

After “Check applicability” completes then next stage is to process Content Download

Content Download – Intune Win32 App Troubleshooting

You can see Package Content is missing in the cache hence content started to download.

[Related TopicIntune Win32 App Deployment using Modern Management]

Content cache miss for app id 86995d21-f2ed-4e2c-a88e-1ef5f65d02e3,start downloading...

Intune Win32 App Troubleshooting Client Side Process Flow 2

The Intune CDN URL used to download the file if you suspect any download issue due to network proxy. You can copy the URL and paste download in your browser to troubleshoot.

https://swdc01.manage.microsoft.com/5d3c257f-df2e-4885-b9b3-01dd9713d655/
081e6fbd-2594-44f6-9f5b-f3532d7652da/ad87f066-4d0e-4d05-b495-73ad17490b12.intunewin.bin

Content is download initially to folder “Incoming”

The encrypted file downloads first to folder “Incoming”. This is a temporary download folder for further processing. The extension of the file will be in bin format.

Intune Win32 App Troubleshooting Client Side Process Flow 3

“Incoming” folder to “Staging folder”

The download file moves from “Incoming” folder to “Staging folder”. In Staging Folder, the downloaded file will be in Zip format.

C:\Program Files (x86)\Microsoft Intune Management Extension\Content\
Staging\86995d21-f2ed-4e2c-a88e-1ef5f65_1\86995d21-f2ed-4e2c-a88e-1ef5f65_1.zip

Hash verification and Decryption

Hash value checked to ensure downloaded content is consistent. Decryption starts after hash verification.
[Win32App] Starts verifying encrypted hash
[Win32App] hmac validation is pass.
[Win32App] file hash validation pass, starts decrypting
[Win32App] Decryption is done successfully.
[Win32App] CDN mode, content is decrypted.

Intune Win32 App Troubleshooting Client Side Process Flow 4

Unzipping Stage

In this stage downloaded package in zip format gets uncompressed. Content gets extracted from “Staging” folder to “Staged” folder.

Unzipping file on session 2 from C:\Program Files (x86)\Microsoft Intune
Management Extension\Content\Staging\86995d21-f2ed-4e2c-a88e-1ef5f65d02e3_1
\86995d21-f2ed-4e2c-a88e-1ef5f65d02e3_1.zip to C:\Program Files (x86)\
Microsoft Intune Management Extension\Content\Staged\86995d21-f2ed-4e2c-a88e-1ef5f65d02e3_1

Intune Win32 App Troubleshooting Client Side Process Flow 5

Intune Win32 App Troubleshooting Client Side Process Flow 6

Clean up Staging content

Once unzip completes then temporary content in the staging folder removed.

Cleaning up staging content C:\Program Files (x86)\Microsoft Intune Management Extension\Content\Staging\86995d21-f2ed-4e2c-a88e-1ef5f65d02e3_1

Intune Win32 App Troubleshooting Client Side Process Flow 7

Started application installation

This stage is the installation stage. So you can jump to this stage if you have no issues with content download etc. Intune Win32 App Troubleshooting.

    • The installation directory is set
    • Launched the Intune application installation in machine context.
    • While troubleshooting, you can make a note of the process id to track.
  • The Installation process is completed.
[Win32App] SetCurrentDirectory: C:\Program Files (x86)\Microsoft Intune Management Extension\Content\Staged\86995d21-f2ed-4e2c-a88e-1ef5f65d02e3_1
[Win32App] Launch Win32AppInstaller in machine session
[Win32App] lastWin32Error 0 after CreateProcess
[Win32App] Create installer process successfully.
[Win32App] process id = 6256
[Win32App] Installer process timeout milliseconds: 3600000.
[Win32App] Installation is done, collecting result

Intune Win32 App Troubleshooting Client Side Process Flow 8

Detection Rules after Application Installation

Post application installation, Intune client evaluate application detection rules in the computer. In our example detection Logic is MSI product code. WMI query is used to detect the MSI product code.

[Related TopicIntune Win32 App Deployment using Modern Management]

query: select * from Win32_Product where IdentifyingNumber='{AC76BA86-7AD7-1033-7B44-AC0F074E4100}' or IdentifyingNumber='AC76BA86-7AD7-1033-7B44-AC0F074E4100'
[Win32App] Checked ProductCode {AC76BA86-7AD7-1033-7B44-AC0F074E4100}, Found it. 
sideCarProductCodeDetectionMetadata.ProductVersionOperator is 0 applicationDetected: True
[Win32App] detectionManager SideCarProductCodeDetectionManager got applicationDetectedByCurrentRule: True as system

Intune Win32 App Troubleshooting Client Side Process Flow 9

Compliance State Message

State messages processed as shown below. These state messages are being delivered to back to Intune as part of Intune Win32 App Troubleshooting.

Intune Win32 App Troubleshooting

The compliance information sent from Windows 10 client to Intune cloud. As seen below you can see state message results posted by the client to Intune cloud service. After this, you can see the application installation status from intune console.

Successfully get the token
Add Token with length 1654 into WebRequest
Add MdmDeviceCertificate F70D046494CEF0F625365320CDC47DE8E635865B into WebRequest
SendWebRequest, client-request-id: d98c8975-3c54-4d0c-ad79-582cecb2f927, Method: PUT
Current proxy is https://fef.msuc01.manage.microsoft.com/SideCar/StatelessSideCarGatewayService/SideCarGatewaySessions('04d64f55-0c99-4cb8-bd09-d7e71dfdefcf')%3Fapi-version=1.1
Sending network request...
[Win32App] Results are successfully sent.
[Win32App] Got result with session id 04d64f55-0c99-4cb8-bd09-d7e71dfdefcf. RequestContentType: Acknowledge

Intune Win32 App Troubleshooting Client Side Process Flow 10

After successful application installation, Toast message displayed to the user.

Intune Win32 App Troubleshooting Client Side Process Flow 11

End User Experience of Intune Win32 App Deployment

Microsoft Intune Software Distribution is successfully completed.

Intune Win32 App Troubleshooting

Resource:

Intune Troubleshooting – https://www.anoopcnair.com/configuration-profile-settings-view/

How to deploy .EXE applications via Intune? – More details here

Intune Standalone – Win32 app management (Public Preview) – https://docs.microsoft.com/en-us/intune/apps-win32-app-management

30 COMMENTS

  1. This is a great article. A lot of stuff I could have used the first time around!

    What log viewer is that?? It’s so hard to read the logs in notepad.

  2. Hi,

    I am new to Intune and having used SCCM prior. I don’t see these folders on my Windows 10 desktops. The systems are enrolled and have policies pushed to it as well as having the iSpring MSI package I created to test that.

    Is your client configuration different?

  3. The only traces that I can see that Intune is apparently working is the msinstaller in Event Viewer showing the directory c:\windows\system32\config\systemprofile\appdata\local\mdm\ but it is empty after the software installs.

    I tried typing that directory in just in case, it’s really hidden but it is not there.

    Under the specific system from the console, I can see for the Win32 apps say Waiting for Install status and it shows it’s online from the current check-in. Nothing from Event Viewer to indicate this downloaded to even run on the system.

    I was able to deploy Office 365 and so far the other msi I created for testing just having issues with Win32.

    • I think there should be a Intune Win32 agent service running on your machine. And the following folder is created ? C:\Program Files(x86)\Microsoft Intune Management Extension
      What are the OS requirements you have given when you create Intune Win32 package from Intune portal? Have you given the correct Windows version?

      • I am rebuilding the package, the minimum version is 1607 and the systems are on Pro 1803 or higher. The OS architecture is 64 bit, before it was 32 and 64 selected? To have both selected is to pick one or the other?

        We’ll see how it goes this time.

  4. easy to trouble shoot when nothing goes wrong 🙂

    I get this in the log, trying to move a 4gb package, so i can upgrade windows to 1809 with intune app.
    Its the mediacreation tool iso file repackaged.
    I even removed some file from the package because i couldnt unzip by hand. Im still thinking its something like that, but it unzips neatly manually.

      • WTF ?
        It left out all my error details ?
        I hate troubleshooting 😉 No thats not true, I hate troubleshoot when the errors makes no sense..

        When intune is trying to do the final unpack the 3rd in the deploy process I get this error

        },”ErrorDetails”:”System.UnauthorizedAccessException: Access to the path \u0027C:\\Program Files (x86)\\Microsoft Intune Management Extension\\Content\\Staging\\0a056f5d-237c-44f9-af64-3fe847bbf67d_1\\0a056f5d-237c-44f9-af64-3fe847bbf67d_1.zip\u0027 is denied.\r\n at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)\

        I can unzip the package fine by hand, to the same folder even. So it shouldnt be a deep path issue.
        When the portal does give an error its say “Error unzipping the downloaded content, 0x87d30067, which in the only other post i can find, it looks like a path to deep issue.

  5. And the fun goes on.
    I have an app, around 1.1 GB in size.
    It downloads fine to the content incoming folder.
    In the final extraction to the c:\windows\imecache folder, only one folder and around 15mb of data is present. and naturally the installation fails.
    I have tried to download and decrypt the package using this
    https://www.scconfigmgr.com/2019/01/18/how-to-decode-intune-win32-app-packages/
    And all files are present, with the correct folders and all.

    The intune logs dont indicate that the final extraction failed.

    I have excluded the C:\windows\imecache from windows defender.

    Anybody have any idea whats going on here ??

      • Yes i did. Nothing
        from The intunemanagementextention.log
        Decryption is done successfully.]LOG]!>
        content is decrypted and verified successfully.]LOG]!>
        Downloaded file size 1,140,824,299.00]LOG]!>
        Downloaded file time 0.00]LOG]!>
        Start unzipping.]LOG]!>
        Unzipping file on session 0 from C:\Program Files (x86)\Microsoft Intune Management Extension\Content\Staging\217258ac-1eca-4175-a774-d60baa8ee4cd_2\217258ac-1eca-4175-a774-d60baa8ee4cd_2.zip to C:\WINDOWS\IMECache\217258ac-1eca-4175-a774-d60baa8ee4cd_2]LOG]!>

        ===Step=== ExecuteWithRetry]LOG]!>
        ExecuteWithRetry Parsing InstallEx…]LOG]!>
        ===Step=== Execute retry 0]LOG]!>

        SetCurrentDirectory: C:\WINDOWS\IMECache\217258ac-1eca-4175-a774-d60baa8ee4cd_2]LOG]!>
        Launch Win32AppInstaller in machine session]LOG]!>

        And when i look in the C:\WINDOWS\IMECache\217258ac-1eca-4175-a774-d60baa8ee4cd_2
        only a handfull of files and 30 mb data

    • Hi Kenneth – Please share more details about the error you are seeing? Did application started installation and later failed ?
      What error are you seeing in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs

      • Only error in the intune log was of a failed installation.
        Which makes sense, since the setup.exe I was trying to run didn’t exist in the c:\windows\imecache folder.

        The Application should have been 1+ GB ,but it only extracted around 20mb of data.

  6. I worked around my issue.
    I wrapped the files in a zip archive, and create an install.cmd which calls a ps script to unzip the archive and run the install. and that looks likes its working.

    Seems like intune, sometimes, dont like alot of files / big packages

  7. Hi Anoop,

    We have a similar issue to Kenneth, We have been deploying an app using Win32 packager, this was working since last November. Now it is not working anymore.
    I can see the in the log it is executing the install.cmd and changing to c:\windows\imecache\.. but the folder is empty.
    This started at the beginning of March.

  8. Hi Anoop,

    thanks for the great post.
    In our case, the deployment does not go over the detection phase since it will always run into an timeout and won’t start downloading.
    Did you saw something like that before?

    Looks like:
    query: select * from Win32_Product where IdentifyingNumber='{B850B42F-249D-4C94-8536-B08205EB5C77}’ or IdentifyingNumber=’B850B42F-249D-4C94-8536-B08205EB5C77′

    [Win32App] Exception occurs when ProcessDetectionRules [{“DetectionType”:1,”DetectionText”:”{\”ProductCode\”:\”{B850B42F-249D-4C94-8536-B08205EB5C77}\”,\”ProductVersion\”:null,\”ProductVersionOperator\”:0}”}], the Exception is System.Management.ManagementException: Zeitüberschreitung (german for timeout)
    bei System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
    bei System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
    bei Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.WMIHelper.CheckProductCodeExistsFromWMI(String productCode)
    bei Microsoft.Management.Services.IntuneWindowsAgent.AgentCommon.SideCarProductCodeDetectionManager.Detect(SideCarDetectionRuleMetadata sideCarDetectionRuleMetadata)
    bei Microsoft.Management.Clients.IntuneManagementExtension.Win32AppPlugIn.DetectionHelper.ProcessDetectionRules(SideCarApplicationClientPolicy appPolicy, Int32 sessionId)

    I really cnnot get behind this WMI query timeout since the same detection mehtod is working on SCCM.
    Any idea would me much appreaciated.

    Greetings

      • Thanks for your help. Seems like it is a WMI-related problem indeed. I tried getting values from Win32_Product with the WMI Explorer and monitored the eventlog WMI-Activity and there I got Error 0x80041003 which translates into Access Denied. So I tried other users e.g. the local administrator with the same result. I could dive into setting up a whitelist for remote WMI queries but in this case I do not even know what to whitelist. Is it possible that some of the newer Defender features like Exploit guard etc are the reason for that?

      • Edit: It just took ages to read the Win32_Product.. around 1 hour? I will try to get around thoose insane query time and report back if I found something. No wonder the Intune-detection phase is canceling the query every time.

  9. Hi Anoop,

    First i push win32 intune apps to a group compose of user account and it works fine but if I push the same package to a device group it does not work. I check the client apps>package>overview monitor> device and user status are empty. I check the manageapps for the specific device member of the said group the apps is not even listed in it. Does Intune support deployment of win32 intune apps to a device group?

  10. Hi Anoop,

    I tried to push win32 intune apps to a group compose of user account and it works fine but if I push the same package to a device group it does not work. I check the client apps>package>overview monitor> device and user status are empty. I check the manageapps for the specific device member of the said group the apps is not even listed in it. Does Intune support deployment of win32 intune apps to a device group?

  11. Hi Anoop,

    Please ignore my comments. I realized there are multiple record of the same device in AAD due to i have reverted the VM several times. I cleaned up some and retain only the latest one then i rea-dd it in device group then it works.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.