2016345612(Syncml(500) - Intune Compliance Policy Error

Craig Pennington 265 Reputation points
2023-09-05T13:23:04.57+00:00

We have had this recurring issue for a long time now, and despite searching the error all over the place, there seem to be a lot of other IT professionals in the same boat, but no obvious answers.

The error is on the Anti-Virus setting on the default compliance policy.

2016345612(Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request)User's image

The compliance policy in question is assigned to all users.

This is a very annoying issue as it stops users from being able to access any MSFT apps as it marks the device as non compliant.

we are forced to add users to the exclusion list of the policy until the error clears on it's own days/weeks later.

If anyone has any ideas on what could be the cause or any possible fixes, it would be greatly appreciated

Microsoft Intune Compliance
Microsoft Intune Compliance
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Compliance: Adhering to rules, standards, policies, and laws.
169 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,202 questions
{count} votes

43 answers

Sort by: Most helpful
  1. Abhilash Raveendran 5 Reputation points
    2024-09-06T07:36:54.5266667+00:00

    The issue seems to be not resolved yet, i think microsoft intune team need to release a bug fix update. So many companies are relied on intune.

    1 person found this answer helpful.

  2. Joni Mattila 5 Reputation points
    2024-09-11T06:42:48.3933333+00:00

    We have the same problem, Intune support unhelpful and will not recognize it as Intune problem. Windows team blames Intune. Intune support refers to this thread as it would be official answer... They told to do windows 10 updates and our devices are Windows 11 and the character limit which is not documented to my understanding and is happening to devices less than the recommended character limit. Same error for Firewall and Antivirus. Would be great to get actual technical help.

    1 person found this answer helpful.
    0 comments No comments

  3. Laurens Driessen 10 Reputation points
    2024-09-16T11:45:33.5366667+00:00

    Ok so we also have this error for some devices for some customers.
    This customer uses a password and PIN to sign-in. Lot's of them only use their PIN.
    The password was recently changed (a few days), is correct and every application works with it.

    I could fix the not compliant issue by locking the device and sign-in with the password instead of the PIN. Then rebooted the device and let the user sign-in with the password aswel instead of the PIN.

    Started multiple syncs from the Settings > accounts > work/school > Emailadress > Info > Sync.

    Suddenly, after 10m and many many many refresh of intune device page later the device came compliant =)

    1 person found this answer helpful.
    0 comments No comments

  4. YuriL 5 Reputation points
    2024-09-20T08:29:54.86+00:00

    Change default windows compliance assignment group to device instead of user

    1 person found this answer helpful.

  5. Laurens Driessen 10 Reputation points
    2024-09-24T07:47:23.2533333+00:00

    Current situation:

    • So we have an Device Compliance Policy for W10/11 where Firewall is Enabled. (MarkDeviceNotCompliant = 1 Days). We use a Dynamic Security group with a DevicePhysicallds filter: "(device.devicePhysicalIds -any _ -startsWith "[OrderID]:User")". Hostnames are less then 15 characters.
    • We use GlobalProtect VPN, which will not work if the device is in de Not Compliant state and shows us the device does not comply with the Compliance Policy because the Edge account is not signed-in and synchronizing. Strangly all other apps work fine. We see that mostly new or reprovisioned with autopilot devices are getting the error on Firewall:

    "2016345612(Syncml(500): The recipient encountered an unexpected condition which prevented it from fulfilling the request)"

    So firstly, we checked the firewall on the devices, which state is Enabled and no errors on the device.
    Disabled the Firewall multiple times and performed multiple quickscans and Syncs after that. As mentioned as a solution on many forms. Sadly it only fixed it on one device.

    So we researched a bit more on the internet and came accross multiple actions we could try as follows:

    • Check Edge > logged on + sync > Sync device no result
    • Laptop login > Password
    • Recently changes password? > about 2 weeks (sometimes Lock device+ signin again works)
    • Defender Quick scan + Sync device no result
    • Sync from Settings > / work/school > No result
    • Disable PANGPS (Windows service for GlobalProtect VPN)
    • Check CPU time > 16h > Rebooted machine > Sync device no result
    • Powershell:

    Start-Process -FilePath "C:\Program Files (x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe" -ArgumentList "intunemanagementextension://synccompliance"

    &

    Get-ScheduledTask -TaskName “Schedule #3 created by enrollment client” | Start-ScheduledTask

    Lock/reboot:

    • Lock device and login with password > functional
    • Reboot device + sign-in with password > functional
    • Sync from Settings > / work/school and from company portal

    The strange thing is, we could fix the issue on two devices where we just had to Lock device and Sign in with Password instead of PIN code and sync the device. After that it came compliant.

    On another device we could fix the issue by performing a quickscan and a Sync. After we tried every step mentioned above and after that it came compliant.

    On again another device we could fix the issue, after trying everyting mentioned above, with the mentioned Powershell commands which perform a Sync.

    On again another device we could fix the issue after signing in with the Local Admin Password configured in Intune. Sync within that account and then sign-in again with the primary user.

    Further research:
    [https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows#:~:text=Device%20Security-,Firewall%3A,-Not%20configured%20(](https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows#:~:text=Device%20Security-,Firewall%3A,-Not%20configured%20()
    Checked if there is an GPO with a Firewall settings what could override the Intune policies > no GPO active as far as I could find.

    I also checked the IntuneManagementLogs if I could find something helpfull but sadly it did not pointed me in any direction.

    So, I really have no clue what the root cause of the issue is here because of the multiple actions that could fix the issue.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.