The issue seems to be not resolved yet, i think microsoft intune team need to release a bug fix update. So many companies are relied on intune.
2016345612(Syncml(500) - Intune Compliance Policy Error
We have had this recurring issue for a long time now, and despite searching the error all over the place, there seem to be a lot of other IT professionals in the same boat, but no obvious answers.
The error is on the Anti-Virus setting on the default compliance policy.
2016345612(Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request)
The compliance policy in question is assigned to all users.
This is a very annoying issue as it stops users from being able to access any MSFT apps as it marks the device as non compliant.
we are forced to add users to the exclusion list of the policy until the error clears on it's own days/weeks later.
If anyone has any ideas on what could be the cause or any possible fixes, it would be greatly appreciated
43 answers
Sort by: Most helpful
-
-
Joni Mattila 5 Reputation points
2024-09-11T06:42:48.3933333+00:00 We have the same problem, Intune support unhelpful and will not recognize it as Intune problem. Windows team blames Intune. Intune support refers to this thread as it would be official answer... They told to do windows 10 updates and our devices are Windows 11 and the character limit which is not documented to my understanding and is happening to devices less than the recommended character limit. Same error for Firewall and Antivirus. Would be great to get actual technical help.
-
Laurens Driessen 10 Reputation points
2024-09-16T11:45:33.5366667+00:00 Ok so we also have this error for some devices for some customers.
This customer uses a password and PIN to sign-in. Lot's of them only use their PIN.
The password was recently changed (a few days), is correct and every application works with it.I could fix the not compliant issue by locking the device and sign-in with the password instead of the PIN. Then rebooted the device and let the user sign-in with the password aswel instead of the PIN.
Started multiple syncs from the Settings > accounts > work/school > Emailadress > Info > Sync.
Suddenly, after 10m and many many many refresh of intune device page later the device came compliant =)
-
YuriL 5 Reputation points
2024-09-20T08:29:54.86+00:00 Change default windows compliance assignment group to device instead of user
-
Laurens Driessen 10 Reputation points
2024-09-24T07:47:23.2533333+00:00 Current situation:
- So we have an Device Compliance Policy for W10/11 where Firewall is Enabled. (MarkDeviceNotCompliant = 1 Days). We use a Dynamic Security group with a DevicePhysicallds filter: "(device.devicePhysicalIds -any _ -startsWith "[OrderID]:User")". Hostnames are less then 15 characters.
- We use GlobalProtect VPN, which will not work if the device is in de Not Compliant state and shows us the device does not comply with the Compliance Policy because the Edge account is not signed-in and synchronizing. Strangly all other apps work fine. We see that mostly new or reprovisioned with autopilot devices are getting the error on Firewall:
"2016345612(Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request)"
So firstly, we checked the firewall on the devices, which state is Enabled and no errors on the device.
Disabled the Firewall multiple times and performed multiple quickscans and Syncs after that. As mentioned as a solution on many forms. Sadly it only fixed it on one device.So we researched a bit more on the internet and came accross multiple actions we could try as follows:
- Check Edge > logged on + sync > Sync device no result
- Laptop login > Password
- Recently changes password? > about 2 weeks (sometimes Lock device+ signin again works)
- Defender Quick scan + Sync device no result
- Sync from Settings > / work/school > No result
- Disable PANGPS (Windows service for GlobalProtect VPN)
- Check CPU time > 16h > Rebooted machine > Sync device no result
- Powershell:
Start-Process -FilePath "C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe" -ArgumentList "intunemanagementextension://synccompliance"
&
Get-ScheduledTask -TaskName “Schedule #3 created by enrollment client” | Start-ScheduledTask
Lock/reboot:
- Lock device and login with password > functional
- Reboot device + sign-in with password > functional
- Sync from Settings > / work/school and from company portal
The strange thing is, we could fix the issue on two devices where we just had to Lock device and Sign in with Password instead of PIN code and sync the device. After that it came compliant.
On another device we could fix the issue by performing a quickscan and a Sync. After we tried every step mentioned above and after that it came compliant.
On again another device we could fix the issue, after trying everyting mentioned above, with the mentioned Powershell commands which perform a Sync.
On again another device we could fix the issue after signing in with the Local Admin Password configured in Intune. Sync within that account and then sign-in again with the primary user.
Further research:
[https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows#:~:text=Device%20Security-,Firewall%3A,-Not%20configured%20(](https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows#:~:text=Device%20Security-,Firewall%3A,-Not%20configured%20()
Checked if there is an GPO with a Firewall settings what could override the Intune policies > no GPO active as far as I could find.I also checked the IntuneManagementLogs if I could find something helpfull but sadly it did not pointed me in any direction.
So, I really have no clue what the root cause of the issue is here because of the multiple actions that could fix the issue.