saschadrummer
Goto Top

Co-Management MECM (SCCM) mit Microsoft Intune (MEM)

Gude,

ich habe ein Problem mit der Co-Verwaltung zwischen Microsoft SCCM und Microsoft Intune.

Zuerst erkläre ich mal meinen Aufbau.
Ich habe eine Hybride-Microsoft Konfiguration. Über den AADC Connector wurden alle Devices in Azure synchronisiert. Alle Geräte bekommen dadurch auch den Type Hybrid Join Devices. Intune ist konfiguriert und wird auch schon für iOS Devices genutzt.

Im SCCM habe ich einen Cloud Attach eingerichtet mit 2 Collection mit der Pilot Phase. Alle Workloads laufen auf den SCCM.
Ich habe nun eine Reihe von Test PCs über den Cloud Attach nach Intune synchronisiert. Das passt soweit und funktioniert auch.
Allerdings bekommen die Geräte bei Verwaltet von den Eintrag ConfigMgr und nicht Gemeinsam verwaltet.

Ich habe gefühlt das komplett Microsoft Handbuch zum Theam Co-Managment gelesen. Die Troubleshootings habe ich schon durch gearbeitet. Diese waren auch alle Okay.

Hat jemand Erfahrung damit? Kann mir eine GPO die Verwaltung kaputt machen oder wird die MEM GPO trotzdem benötigt, auch wenn die Registrierung eigentlich über den SCCM laufen sollte.

Im Anhang habe ich mal eine Bild und eine Log Datei von einem PC angehängt.


Initializing co-management agent...	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Loaded EnrollPending=1, UseRandomization=1, LogonRetriesCount=0, ScheduledTime=1632425152, ErrorCode=0x0, ExpectedWorkloadFlags=1, LastState=101, EnrollmentRequestType=0	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Auto enrollment agent is initialized.	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Device is not enrolled.	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Co-management is disabled but expected to be enabled.	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Current workload settings is not compliant. Setting enabled = 1, workload = 1.	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Updating comanagement registry key to 0x1	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
CoManagement flags registry key updated.	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Setting co-management RS3 flags	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Device is not provisioned	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
StateID or report hash is changed. Sending up the report for state 100.	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)
Report detail: <ClientCoManagementMessage><MDMEnrollment><Enrolled Value="0" /><Provisioned Value="0" /><ServiceUri Value="" /><RegistrationKind Value="0" /><ScheduledEnrollTime Value="09/23/2021 19:25:52" /><ErrorCode Value="0" /><ErrorDetail Value="" /><EnrollmentRequestType Value="0" /></MDMEnrollment><CoMgmtPolicy><Enabled Value="0" /><PolicyReceived Value="1" /><WorkloadFlags Value="8193" /></CoMgmtPolicy></ClientCoManagementMessage>	CoManagementHandler	15.06.2022 14:14:24	8804 (0x2264)  
CCM_CoMgmt_Configuration instance not found. Using default value.	CoManagementHandler	15.06.2022 14:14:32	5552 (0x15B0)
Queue enrollment timer for user logon to fire at 06/15/2022 18:50:32 local time	CoManagementHandler	15.06.2022 14:14:32	5552 (0x15B0)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:32	5552 (0x15B0)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:32	5552 (0x15B0)
Device is not provisioned	CoManagementHandler	15.06.2022 14:14:32	5552 (0x15B0)
StateID or report hash is changed. Sending up the report for state 101.	CoManagementHandler	15.06.2022 14:14:32	5552 (0x15B0)
Report detail: <ClientCoManagementMessage><MDMEnrollment><Enrolled Value="0" /><Provisioned Value="0" /><ServiceUri Value="" /><RegistrationKind Value="0" /><ScheduledEnrollTime Value="06/15/2022 16:50:32" /><ErrorCode Value="0" /><ErrorDetail Value="" /><EnrollmentRequestType Value="0" /></MDMEnrollment><CoMgmtPolicy><Enabled Value="0" /><PolicyReceived Value="1" /><WorkloadFlags Value="8193" /></CoMgmtPolicy></ClientCoManagementMessage>	CoManagementHandler	15.06.2022 14:14:32	5552 (0x15B0)  
Processing GET for assignment (ScopeId_33A069E9-4352-4402-842F-2A2082597FEB/ConfigurationPolicy_b0ff1edf-0a4d-460f-8f09-d818ae82a8ca : 7)	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Getting/Merging value for setting 'CoManagementSettings_AutoEnroll'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Merged value for setting 'CoManagementSettings_AutoEnroll' is 'true'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Getting/Merging value for setting 'CoManagementSettings_Allow'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Merged value for setting 'CoManagementSettings_Allow' is 'true'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Getting/Merging value for setting 'CoManagementSettings_Capabilities'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Merging workload flags 8193 with 1	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Merging workload flags 8193 with 1	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Merged value for setting 'CoManagementSettings_Capabilities' is '8193'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
New merged workloadflags value with co-management max capabilities '16383' is '8193'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Co-management is disabled but expected to be enabled.	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Workloads rules are not compliant.	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Device is not provisioned	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
State ID and report detail hash are not changed. No need to resend.	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Processing SET for assignment (ScopeId_33A069E9-4352-4402-842F-2A2082597FEB/ConfigurationPolicy_b0ff1edf-0a4d-460f-8f09-d818ae82a8ca : 7)	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Getting/Merging value for setting 'CoManagementSettings_AutoEnroll'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Merged value for setting 'CoManagementSettings_AutoEnroll' is 'true'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Getting/Merging value for setting 'CoManagementSettings_Allow'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Merged value for setting 'CoManagementSettings_Allow' is 'true'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Getting/Merging value for setting 'CoManagementSettings_Capabilities'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Merging workload flags 8193 with 1	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Merging workload flags 8193 with 1	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Merged value for setting 'CoManagementSettings_Capabilities' is '8193'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
New merged workloadflags value with co-management max capabilities '16383' is '8193'	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)  
Successfully queued MDM auto enrollment	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Co-management is disabled but expected to be enabled.	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Workloads rules are not compliant.	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Setting workload info: Allowed = 1, Flags = 8193	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Updating comanagement registry key to 0x2001	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
CoManagement flags registry key updated.	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Upserted MDM_ConfigSetting instance for Co-Mgmt. Features flag: 0x2001	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Setting co-management RS3 flags	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Upserted RS3CoManagementInfo instance for Co-Mgmt. Features flag: 0x2001	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
CcmIsDeviceMdmEnrolled returned error 0x1, MDM Sync not executed.	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Device is not provisioned	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
State ID and report detail hash are not changed. No need to resend.	CoManagementHandler	15.06.2022 14:14:35	4248 (0x1098)
Initializing co-management agent...	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Loaded EnrollPending=1, UseRandomization=1, LogonRetriesCount=0, ScheduledTime=1655311832, ErrorCode=0x0, ExpectedWorkloadFlags=8193, LastState=101, EnrollmentRequestType=0	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Auto enrollment agent is initialized.	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Device is not enrolled.	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Co-management is disabled but expected to be enabled.	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Current workload settings is not compliant. Setting enabled = 1, workload = 8193.	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Updating comanagement registry key to 0x2001	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
CoManagement flags registry key updated.	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Setting co-management RS3 flags	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Device is not provisioned	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
State ID and report detail hash are not changed. No need to resend.	CoManagementHandler	15.06.2022 14:21:51	12388 (0x3064)
Queuing enrollment timer to fire at 06/15/2022 18:50:32 local time	CoManagementHandler	15.06.2022 14:21:54	17436 (0x441C)
Initializing co-management agent...	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Loaded EnrollPending=1, UseRandomization=1, LogonRetriesCount=0, ScheduledTime=1655311832, ErrorCode=0x0, ExpectedWorkloadFlags=8193, LastState=101, EnrollmentRequestType=0	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Auto enrollment agent is initialized.	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Device is not enrolled.	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Co-management is disabled but expected to be enabled.	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Current workload settings is not compliant. Setting enabled = 1, workload = 8193.	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Updating comanagement registry key to 0x2001	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
CoManagement flags registry key updated.	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Setting co-management RS3 flags	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Device is not provisioned	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
State ID and report detail hash are not changed. No need to resend.	CoManagementHandler	15.06.2022 14:31:09	12164 (0x2F84)
Queuing enrollment timer to fire at 06/15/2022 18:50:32 local time	CoManagementHandler	15.06.2022 14:31:15	11596 (0x2D4C)
Processing GET for assignment (ScopeId_33A069E9-4352-4402-842F-2A2082597FEB/ConfigurationPolicy_6c080476-e047-4a66-8811-24dff65ec904 : 4)	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Getting/Merging value for setting 'CoManagementSettings_AutoEnroll'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Merged value for setting 'CoManagementSettings_AutoEnroll' is 'true'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Getting/Merging value for setting 'CoManagementSettings_Allow'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Merged value for setting 'CoManagementSettings_Allow' is 'true'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Getting/Merging value for setting 'CoManagementSettings_Capabilities'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Merging workload flags 8193 with 1	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Merging workload flags 8193 with 1	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Merged value for setting 'CoManagementSettings_Capabilities' is '8193'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
New merged workloadflags value with co-management max capabilities '16383' is '8193'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Co-management is disabled but expected to be enabled.	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Workloads rules are not compliant.	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Device is not provisioned	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
State ID and report detail hash are not changed. No need to resend.	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Processing SET for assignment (ScopeId_33A069E9-4352-4402-842F-2A2082597FEB/ConfigurationPolicy_6c080476-e047-4a66-8811-24dff65ec904 : 4)	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Getting/Merging value for setting 'CoManagementSettings_AutoEnroll'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Merged value for setting 'CoManagementSettings_AutoEnroll' is 'true'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Getting/Merging value for setting 'CoManagementSettings_Allow'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Merged value for setting 'CoManagementSettings_Allow' is 'true'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Getting/Merging value for setting 'CoManagementSettings_Capabilities'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Merging workload flags 8193 with 1	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Merging workload flags 8193 with 1	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Merged value for setting 'CoManagementSettings_Capabilities' is '8193'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
New merged workloadflags value with co-management max capabilities '16383' is '8193'	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)  
Successfully queued MDM auto enrollment	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Could not check enrollment url, 0x00000001:	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Co-management is disabled but expected to be enabled.	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Workloads rules are not compliant.	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Setting workload info: Allowed = 1, Flags = 8193	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Updating comanagement registry key to 0x2001	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
CoManagement flags registry key updated.	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Setting co-management RS3 flags	CoManagementHandler	15.06.2022 15:11:58	17212 (0x433C)
Could not check enrollment url, 0x0
2022-06-15 15_43_33-window

Content-ID: 3082187869

Url: https://administrator.de/forum/co-management-mecm-sccm-mit-microsoft-intune-mem-3082187869.html

Ausgedruckt am: 22.12.2024 um 11:12 Uhr

nEmEsIs
nEmEsIs 15.06.2022 um 17:31:27 Uhr
Goto Top
Hi

Er meckert ja
Log ziemlich am Ende
Could not check enrollment url
Ist die richtig konfiguriert ?

Weiter
Co-management is disabled but expected to be enabled.

Und dein workload passt nicht
Workloads rules are not compliant.
Setting workload info: Allowed = 1, Flags = 8193

https://www.manishbangia.com/sccm-co-manage-capabilities-workload-explai ...

Prüf das mal alles

Mit freundlichen Grüßen Nemesis
SaschaDrummer
Lösung SaschaDrummer 17.06.2022 um 09:51:49 Uhr
Goto Top
Hi nEmEsIs,

danke für deine Nachricht.
Das ist alles richtig so.

Ich habe den Fehler aber gefunden.
In Intune haben wir unter Devices -> Enroll Devices -> Enroll device plattform restrictions -> Windows restrictions eine neue restriction angelegt. Das ist auch alles schön gut, nur leider greift hier nur die Default Policy.

Da wir in der Default Policy erstmal alles geblockt hatten, konnten sich die Devices nicht registrieren. Hier habe ich nun Windows (MDM) auf Allow gestellt und siehe da, die Rechner konnten sich nach einem Neustart in Intune als Co-managed registrieren.

Jetzt steht bei Microsoft ein Call aus, der klärt warum nicht die angelegt restriction dafür greift.
Sobald ich hier etwas weiß, stelle ich die Antwort noch ein.

Grüße

Sascha