(158) Microsoft Intune - Company Portal failing to install during Autopilot (ESP)
- Mr B SOE way
- Mar 14
- 2 min read
Had this customer where I saw that Company Portal was failing during the ESP, viewing the appworkload.log
[Win32App][WinGetApp][AppPackageManager] Connect result status: CatalogError.
[Win32App][WinGetApp][WinGetOperation] Completed Detection for app with id: 0a74d8d1-42e1-414a-ade0-5cfec8545c94 and package id: 9WZDNCRFJ3PZ.
Result: CatalogError
[Win32App][WinGetApp][WinGetAppDetectionExecutor] Completed detection for app with id: 0a74d8d1-42e1-414a-ade0-5cfec8545c94.
WinGet operation result:
Operation result = CatalogError
Installed version =
Reboot required = False
Installer Error code =
Extended error code =
Detection result:
Action status: Failed
Detection state: NotComputed
Detected version:
Error code:
Solution:
Having a look at the issue, it seems it can't connect to the store properly, likely an SSL inspection issue.
Generally this would help in most cases for Windows 11 devices, https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-desktopappinstaller#enablebypasscertificatepinningformicrosoftstore unfortunately this customer was using Windows 10 (still), yes I know. Deploying this CSP to Windows 10 will fail, there is the option to use PowerShell or a Win32 app.
PowerShell:
# Registry key to create for the Desktop App Installer Policies
$RegistryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppInstaller"
# Check if the Appinstaller registry key already exists
if (!(Test-Path $RegistryPath)) {
New-Item -Path $RegistryPath -Force
}
# Create the Desktop App Installer registry values
New-ItemProperty -Path $RegistryPath -Name "EnableBypassCertificatePinningForMicrosoftStore" -Value "1" -PropertyType dword -ForceWin32 App:
I incorporated this the other App Installers which covers the following
Prepare the following:
Registry key to create for the Desktop App Installer Policies
$RegistryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppInstaller"
# Check if the Appinstaller registry key already exists
if (!(Test-Path $RegistryPath)) {
New-Item -Path $RegistryPath -Force
}
# Create the Desktop App Installer registry values
New-ItemProperty -Path $RegistryPath -Name "EnableAdditionalSources" -Value "0" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableAllowedSources" -Value "0" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableAppInstaller" -Value "1" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableDefaultSource" -Value "0" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableExperimentalFeatures" -Value "0" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableHashOverride" -Value "0" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableLocalManifestFiles" -Value "0" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableMicrosoftStoreSource" -Value "1" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableMSAppInstallerProtocol" -Value "0" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableSettings" -Value "0" -PropertyType dword -Force
New-ItemProperty -Path $RegistryPath -Name "EnableBypassCertificatePinningForMicrosoftStore" -Value "1" -PropertyType dword -Force$Path = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\AppInstaller"
$Name = "EnableMicrosoftStoreSource"
$Type = "DWORD"
$Value = "1"
Try {
$Registry = Get-ItemProperty -Path $Path -Name $Name -ErrorAction Stop | Select-Object -ExpandProperty $Name
If ($Registry -eq $Value){
Write-Output "Detected"
Exit 0
}
Exit 1
}
Catch {
Exit 1
}Wrap it up as a Win32 app with https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool, then upload to Intune.
Note:
Install command line:
%SystemRoot%\sysnative\WindowsPowerShell\v1.0\powershell.exe -windowstyle hidden -executionpolicy bypass -command .\install.ps1
Install behaviour must be in 'System' Context as it applies to the HKLM
Then test during the ESP either through pre-provision or normal autopilot, end result you will see Company Portal appear after your user profile is created.
Comments