Forum Discussion
Intune Doesn't Install Win32 Apps Until a User Logs On?
Hi, I'm using autopilot in self-deployment mode to provision devices. I have about 10 apps assigned to a dynamic security group that contains my devices. I have ESP configured to allow the user to "Continue Anyway" because some of the apps have known reasons for failing (e.g. doing I'm testing on a Surface device but trying to install an nVidia driver/app) so I had to enable the ability to move on from ESP when those apps fail, or I'd be waiting all year for ESP to finish. (doesn't seem to time out at 60 min as it should)
So after hitting the "Continue Anyway" button, Autopilot completes, and I'm left at a logon screen. I noticed that the only app that installed was an MSI. None of my Win32 apps installed until I logged in. Even after logging in, it's still pretty flaky. This is a "video wall" device, sort of like a kiosk but not as locked down and it is logging in with a local user account. I'm getting lots of "Failed to get AAD token" errors in the IntuneManagementExtension.log file and I'm not sure if that's why app deploy is so unreliable. Reboots seem to help or deleting the IntuneManagementExtension reg key and restarting the service. App deploy seems to be more reliable when I log in with my AAD account.
This is a completely standalone tenant - no hybrid, pretty basic.
Is this to be expected that Win32 apps don't install until a user is logged in? I know there are kiosk/autologon device config profiles available and intended for similar scenarios but in my case, those would be a bit too restrictive for this particular scenario.
I really need zero touch deployment and app install using a local account with auto logon. Am I swimming upstream? One of my win32 apps is a powershell script that creates the autologon user and uses autologon64.exe to configure autologon. (and a powershell detection script to look for the reg entries)
thanks,
Dan
Hello DanWheeler ,
I had exact the same issue, and have been pulling my hair on this. It was also a dynamic device group.
And for me, it was the dynamic security device group that was the issue.
The dynamic device group was probably not fast enough populated. The dynamic query was adding w10 devices.
But at the time the device is in the ESP phase, I think the dynamic device group was not yet populated, and for that reason there were no apps to install.
Maybe it can help someone having the same issue,
regards,
Tom
tom76dc it’s been a while but I think I had better luck with filtering vs dynamic groups. So the general idea would be to target the deployment profile to all devices but filter it to a specific name. Or something like that. I wish I could remember exactly what I did to get it working but it was something like that. Dynamic groups just didn’t populate fast enough to be ready for autopilot.
I don't know if it's an option, but you might want to start adding apps one-by-one to see how and where things break apart.
That being said, Rudy_Ooms_MVP dived into your logs, so he'll probably be able to tell you which color socks the developer was wearing when he's done
. - Hahaha .. true... he solved it by reinstalling the device with win10 first and upgrading it to 11.. I am going to take a look at the logs.... but I just stumbled upon something else... which caught my attention ! 🙂 ... blog will be released tomorrow.
- Hi guys, yeah, I'm still stuck on this and it's blocking our migration since we have both point-of-sale and digital signage devices that autologon with local accounts. I opened a case with Azure Support quite a while ago and they recently came back and said it is expected behavior. Glad to hear another repro case and thanks Corné for getting some logs to Rudy.
- How long did wait and the app didn’t get installed? It could be a matter of time.
- Long long time... hours. It's just not doing anything in the background. As mentioned, the MSI installed fine but none of the Win32 or UWP apps installed. They didn't install when I logged in with a local account either. They didn't start installing until I logged in with my AAD account then everything "woke up" and started installing. The install behavior is set to "System" so it shouldn't be waiting for a user.
HI normally when the win32apps are targetted at a device group, they should be installed. Which version of the intunewinapp util did you use? As I also have seen this happening... what happens when you repack the win32app with a new version of the tool
I know there were some issues with the 04 Dec 2020 release (6.2107.27.0) version- Hmm, I built my apps over a period of a few months on a different computer which I re-imaged so I'm not sure which version of IntuneWinApp I used for the bulk of them. I re-built one app yesterday using 6.2107.52.0 and that app seems to have the same issue.
It SEEMS like the issue is that it's not even trying to install anything when the device is logged out OR logged in with a local account. Just looking at the IntuneManagementExtension.log file, it seems like its not even trying to install apps. Sort of like when you look at the appdiscovery.log file for SCCM and its simply not doing anything.
Or it could be that there's some issue with the local account related to all the token failure errors that is preventing the agent from running app evaluations?- You are mentioning the only app.. Is it the only app besides the IME msi itself? Also autopilot seemed to be a little bit buggy the last week. Which windows build are you testing with?
