This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 2%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
We have setup Intune with autoenrollment and automatic encryption. Both of these portions appear to be working correctly, but nearly a third of the devices that are enrolled and encrypted give a compliance error in MEM.
---
State: Error
State Details: -2016345708 (Syncml(404): The requested target was not found).
Setting: Require BitLocker
State: Error
Source Profile: Default Win 10
Error Code: 0x87d10194
Error Details: Syncml(404): The requested target was not found
---
I am on a recent version of Win 10 (21H2).
I have confirmed TPM 2.0, PCR 7, and SecureBoot
Devices that are compliance share the same OS, updates, drivers, and computer models with others that are not compliant
The policy only contains a single setting: Require BitLocker
The devices have been rebooted multiple times, as well as suspending and reenabling bitlocker.
Can anyone help figure out why this shows as syncml error?
I got an answer in this topic from Microsoft. Check the following Registry Key. The Value of "Status" should be 3: Computer\HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TPM\WMI\HealthCert\Store\has.spserv.microsoft.com - Status = 3. If the Registry Key Exits and Status has Value 3, everything should be OK.
If the Registry Key not exists, or has Value 0, then you have to launch the Scheduled Task "Tpm-HASCertRetr" located at "\Microsoft\Windows\TPM".
Check the Registry again. The entire Key should now be present and "Status" should have the Value of "3". Wait until Intune has synced and check the compliance. It should be OK now.
An example where the registry key does not exist and the scheduled task is in an error state:
Rerun the Scheduled Task manually (as admin) fixes the problem.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 95%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECV%3C/text%3E%3C/svg%3E)
We had a number of these issues since the end of last week on newly built machines. To resolve we created a remediation script to run the scheduled task if the following key is not set to 3 \HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TPM\WMI\HealthCert\Store\has.spserv.microsoft.com - Status = 3.
And on how many machines did you fixed it successfully?