The starting point of all mobile management project is enrolling devices. Without enrollment, you can’t manage any devices. When running in hybrid mode, the enrollment process is different than running Microsoft Intune in standalone mode.

The SCCM Service Connection Point role keeps connectivity between both end (SCCM on-premise and the Cloud). Both environments must be synchronized, otherwise, you have chance of getting Intune error User License Type Invalid during Intune enrollment on your mobile devices. This post will explains how to resolve this issue.

Intune Error User License Type Invalid

This is the error message shown just before the enrollment process when you click Enroll :

If you take a look, at the Company Portal log from the mobile device, you will see :

<ErrorType>UserLicense</ErrorType><Message>Invalid User License</Message>

** How to see Company Portal log? Please read this Technet post ** 

Cloud User Sync

During the configuration of the Intune subscription in your SCCM, you need to create and configure a user collection. Users that require to be enrolled in Intune must be member of that collection.

Every 5 minutes, new collection modifications are synchronized with the Cloud (Intune). To see how it works, opens cloudusersync.log using CMTrace located in the SCCM logs folder on your primary site server.

 

Let’s say you enabled Intune A license for one user, if the user enroll his device before its account is synchronized from SCCM to the Cloud, the user will receive the Intune error User License Type Invalid.

Every time we had this issue, it was because the user was not member of the Intune users collection or the user information was not properly synchronized with the Cloud.

 

[su_note note_color=”#e56e6e” radius=”8″]Note that if some compliance checks is stalled on few devices, with last sync from days ago, it can be related to the same issue. [/su_note]

Resolution

Normally, full users sync with the Cloud should occur every 7 days and delta sync every 24 hours. To resolve the synchronization problem, you can force a full sync by using registry.

1. Open Regedit from the command line, regedit.exe
2. Navigate to HKLM\Software\Microsoft\SMS\Components\SMS_Cloud_UserSync\LastFullSyncTimeStamp
3. Set Base to Decimal and modify Value Data to 1 and click Ok

To start a synchronization, force a restart of the Cloud User Sync thread from the SMS Executive service. You can do it from the Registry or Service Manager in SCCM. Since we are already in registry, follow these steps.

1. Under the Windows Registry, navigate to HKLM\Software\Microsoft\SMS\Components\SMS_Executive\Threads\SMS_Cloud_UserSync
2. Find the Requested Operation string and edit the Value Data to Stop
3. Refresh the page by pressing F5, the Current State should be Stopped
4. Return to the Request Operation string and edit the Value Data to Start
5. Refresh the page again by pressing F5, the Current State should be Running

When the services are restarted, review again CloudUserSync.log to confirm all users in the collection are evaluated.

After you see the confirmation on the log, ask the user to retry the enrollment process, the user should be able to enroll his devices again.

** Resolution Addition 2016-06-21**

You can also check the table User_DISC (CM db) if the user has a value that is not NULL or 00000000-0000-… We had to remove users from our MDM user collection, stop SMS_CLOUD_USERSYNC, add the same users, start SMS_CLOUD_USERSYNC. Thanks to Tommy Vigren!

Did this solution resolve your issue?