Share via

InTune compliance error on sync

Mark R 11 Reputation points
2022-10-12T20:36:02.463+00:00

We have setup Intune with autoenrollment and automatic encryption. Both of these portions appear to be working correctly, but nearly a third of the devices that are enrolled and encrypted give a compliance error in MEM.

---
State: Error
State Details: -2016345708 (Syncml(404): The requested target was not found).
Setting: Require BitLocker
State: Error
Source Profile: Default Win 10
Error Code: 0x87d10194
Error Details: Syncml(404): The requested target was not found
---

I am on a recent version of Win 10 (21H2).
I have confirmed TPM 2.0, PCR 7, and SecureBoot
Devices that are compliance share the same OS, updates, drivers, and computer models with others that are not compliant
The policy only contains a single setting: Require BitLocker
The devices have been rebooted multiple times, as well as suspending and reenabling bitlocker.

Can anyone help figure out why this shows as syncml error?

Windows 365 Business
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,523 questions

6 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gerber Patrick BIT 56 Reputation points
    2024-10-07T11:20:10.17+00:00

    I got an answer in this topic from Microsoft.
    Check the following Registry Key. The Value of "Status" should be 3:
    Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TPM\WMI\HealthCert\Store\has.spserv.microsoft.com - Status = 3.
    If the Registry Key Exits and Status has Value 3, everything should be OK.
    User's image

    If the Registry Key not exists, or has Value 0, then you have to launch the Scheduled Task "Tpm-HASCertRetr" located at "\Microsoft\Windows\TPM".
    User's image

    Check the Registry again. The entire Key should now be present and "Status" should have the Value of "3".
    Wait until Intune has synced and check the compliance. It should be OK now.

    4 people found this answer helpful.
    0 comments
  2. Abia Samuel 10 Reputation points
    2024-02-13T05:43:03.7+00:00

    I have the same issue.
    2016345708(Syncml(404): The requested target was not found. It is pretty frustrating to see this happening with Microsoft Intune. I have over 300 endpoints on Intune, and about 40 have this sync issue. Not just Bitlocker but other settings like password complexity, Antivirus and Firewall. I wish Microsoft would be looking into these problems and providing lasting solutions. It is causing a lot of problems during auditing. I have the same problem with Bitlocker, but when I check the PC, BitLocker works well with no issues. Same for Antivirus. It is installed and updated, but I still have an error on the MDM. I need urgent help on this matter. I have removed some of the PCs from MDM and rejoined again, but the same problem persists.

    2 people found this answer helpful.
    0 comments
  3. Crystal-MSFT 51,726 Reputation points Microsoft Vendor
    2022-10-13T05:19:43.343+00:00

    @Mark R , From your description, I know one device shows compliance error with Require BitLocker. And you have done some checking that the secure boot state is on and the pcr7 configuration is set to bound, Restart multiple times. But it is still not working. If there's any misunderstanding, feel free to let us know.

    In General, 'Require BitLocker' uses Windows Device Health Attestation service to check its settings; according to this page under 'Hardware Requirements' a requirement of this service is 'UEFI 2.3.1 or later firmware with Secure Boot enabled. Please check if the device meets this requirement:
    https://learn.microsoft.com/en-us/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices#hardware-req

    Meanwhile, Could you check if the Bitlocker encryption is completed on the device? Please run the following commands to check:
    Manage-bde -status
    Manage-bde -protectors -get C:

    In addition, I notice we have configured auto encryption, could you get a screen shot of the profile settings to let us know it better.

    Please check the above information. If there's any update, feel free to let us know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.
  4. Akbar 5 Reputation points
    2024-03-14T06:55:27.54+00:00

    i have also same issues -2016345708(Syncml(404),i have checked bitlocker with run this cmd Manage-bde -status Manage-bde -protectors -get C: 100% completed then why getting this issues,kindly help to resolve issues

    1 person found this answer helpful.
  5. Jonathan Lappin 10 Reputation points
    2025-02-04T06:45:01.7533333+00:00

    great fix, thanks Gerber Patrick BIT

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.