Call4Cloud | MMP-C | Autopilot | Device Preparation

The school for ADMX upload and Evil

Patch My Pc | install & update thousands of apps

In this blog, I will summarize some of the ADMX/ADML upload errors I got while playing around with them. Of course, I will also try to show you what could be going wrong in your ADMX/ADML files.

Please note: This blog is a work in progress, so I will add errors as I stumble upon them. I needed to start somewhere! Feel free to reach out if you have any nice additions!

1. Value cannot be Null

The first error I ran into is about nothing… or maybe I should instead tell Null. Someone asked me to look at the ADMX he created with the reg_2_ADMX tool to define some additional OneNote settings.

With these additional OneNote ADMX, he wanted to define the BackupFolderPath and the BackupRuneveryXMinutes settings

Afbeelding met tekst  Automatisch gegenereerde beschrijving

As shown below, when importing the custom-made OneNote ADMX, I also received the error: Value cannot be Null. Parameter Name: Presentation

Value cannot be Null. Parameter Name: Presentation

That’s a nice one, right? So I started looking at what could have caused this nice presentation error. When rereading the error, we must start looking at the presentation parts.

Afbeelding met tekst  Automatisch gegenereerde beschrijving

It took me some time, but after digging in a bit, I found out it had something to do with the HEX register value being mentioned in the ADML file itself.

And the HXT (HEX) parameter being used in the ADMX element

Afbeelding met tekst  Automatisch gegenereerde beschrijving

When taking a closer look at the ADML file below, I noticed “something” missing

If we have configured some settings in the registry, we want to convert to an ADMX with the tool, we need to be aware of something

Afbeelding met tekst  Automatisch gegenereerde beschrijving

If you defined a REG_EXPAND_SZ, the Reg2ADMX tool will convert it to a text box… but a textbox must have a label part. As shown below, the wrong one and a working one

When converting those registry values it fails to add the label part to it. If possible I would advise changing the REG_EXPAND_SZ to REG_SZ before creating the reg file that you are going to convert.

I guess it fails because of all the HEX values. Another possibility is to change it manually, add the LABEL part, and import it again.

2. The Given key was not present in the dictionary

Let’s move on to another error I noticed when playing around with the ADMX import function and trying to find out what errors it could produce

The error below mentions that the upload of this ADMX has failed: the giving key was not present in the dictionary

the giving key was not present in the dictionary

That’s a funny one? Not present in the dictionary. Someone at Microsoft decided to add this nice error to tell us that there is something wrong with the dictionary?

Dictionary GIFs - Get the best GIF on GIPHY

Let me tell you what I broke! When trying to solve the first error, I tried copying and pasting the working policy from another ADMX to the not working one. But while doing so, I totally forgot to change the Policy ParentCategory to match the category defined at the top.

Afbeelding met tekst  Automatisch gegenereerde beschrijving

I guess it is safe to say that the dictionary error could mean that you specified a parent category that is missing and doesn’t correspond to the category you specified earlier!

3. One or More errors occurred

This error was a blast…The error below mentions that the upload of this ADMX has failed: One or more errors occurred…! That’s a pretty useful error?

admx upload had faild. One or more error occurred

Luckily, when you don’t know where to begin, you can always copy and paste the ADMX and ADML files to the policy definitions folder, as I also pointed out in the Memoirs of an ADMX blog.

Build your own ADMX templates and deploy them into Intune (call4cloud.nl)

When opening the group policy editor after making sure those files were copied, I ended up with a nice notification mentioning that a parsing error occurred when opening the ADML file

That’s just perfect! It just tells me where to start looking! Whoop Whoop! More time to spend on #beertune! As shown below, If you are altering an ADMX on your own, please make sure you close (/) the stuff you put in!

A quick note to add: Also, beware of capitals as it also could give you some weird errors…

Afbeelding met tekst  Automatisch gegenereerde beschrijving

4. Sequence contains no elements

Next!!! The error below mentions that the upload of this ADMX has failed: The sequence contains no elements error. This is an easy one!

The sequence contains no elements error

Someone asked me to take a look at the AdobeReaderDC.ADMX and ADML file after he got the sequence error

If you have listened to Mike Danoski and his wonderful talk about the Import function during the Policy management with Microsoft Intune talk you can solve it pretty easy.

Because the ADMX needs to comply with the conditions and the predefined structure, when I looked at it, I immediately felt that “something” was off. So, I decided to look for the reader DC ADMX myself.

When I compare the one I downloaded from Adobe to the one he sent me, the differences aren’t hard to notice.

After uploading the version I got, it instantly worked! I guess the bottom line with this error is that when you experience this error when uploading an ADMX, try to find another one…

5. ADMX file referenced not found

Could the ADMX upload error below look familiar ??? admx file referenced not found namespacemissing:microsoft.policies.windows. please upload it first.

admx file referenced not found namespacemissing:microsoft.policies.windows. please upload it first.

Yes, it does! I already wrote a dedicated blog about this upload error. So if you are looking to resolve this error, please visit this dedicated blog to that error instead

ADMX Upload Error: Missing Microsoft.Policies.Windows ADMX (call4cloud.nl)

6. 0x20101 / 131329

Even when you succeed in uploading your friendly ADMX and ADML file to Intune, we need to beware of some issues that could occur when defining the corresponding device configuration profile

The error below mentions that the upload of this ADMX has failed the administrative template file failed to be sent to the device 131329 error code and 0x20101

As shown above, we could run into the error mentioning the fact that the administrative template file failed to be sent to the device with the corresponding error codes: 131329 and 0x20101

Please make sure you check the ADMX before uploading it! For example, let’s examine the WindowsStore.admx file with a PowerShell tool and by opening the ADMX with Notepad.

As shown above, this ADMX file contains some prohibited registry keys and can’t be used! You can look up which registry keys are valid and which ones are not in this Microsoft Document

Win32 and Desktop Bridge app ADMX policy Ingestion – Windows Client Management | Microsoft Learn

So even when the ADMX looks like it uploaded correctly, it will fail you in the end!!.

In my opinion, it’s pretty weird that the ADMX itself is NOT being blocked during the upload but how am I to judge?

Luckily, we always have the event log to notice these kinds of errors. As shown below, after the device reached out to Intune to fetch the latest policies, we will spot event 850, mentioning the Blocked Registry Key!

blocked registry key event 850

7. The method or operation is not implemented

Another almost forgotten issue that I needed to add to the list of ADMX Import errors. This nice error below, mentioning the method or operation is not implemented could be noticed when importing the Citrix Receiver ADMX File. The error below mentions that the method or operation is not implemented

a screenshot of a computer error message

It’s a good thing Microsoft put some nice documentation together in which they mention this issue. Unfortunately, they don’t provide the specific error message, but who cares? Uhhh, I do.

Import custom and third party partner ADMX templates in Microsoft Intune | Microsoft Learn

If you open the ADMX file, guess what the Citrix ADMX file contains?

Luckily, Adam Gross had already noticed this issue and decided to remove those combo boxes! So go download those new and improved Citrix ADMX files from his github.

Toolbox/Intune/ADMXIngestion at master · AdamGrossTX/Toolbox · GitHub

8. The Administrative Template file failed to be sent to the device

I was asked to take a look at this reg file below to determine why converting this reg file to an ADMX was causing some weird errors

After uploading this custom ADMX file to Intune and creating a device configuration profile to configure the Citrix DisableLanguageBar settings, you could end up with a nice 0x20101 error mentioning the fact that the Administrative template failed to be sent to the device

0x20101 error mentioning the fact that the Administrative template failed to be sent to the device

This was definitely an error that was hard to solve…. at first. Luckily we always will have the devicemanagement-enterprise-diagnostics-provider event log. These error messages were shown within a minute when manually syncing the device.

As shown above, this error is telling us that the equivalent area name from categories should be limited to 255 characters (Max registry key length). When receiving the above error, you will also notice another error popping up mentioning that the data area passed to a system call is too small.

When you examine those error messages and the reg file I showed, you can make a wild guess about what is causing the import failure.

For each registry key in the reg file, a separate “category” with a unique GUID needed to be created. Adding all of those categories together in one string definitely caused the errors. First, I tried solving these errors by changing the reg to the ADMX tool itself.

As shown above, I changed the (sTemp)-4) part to (sTemp)-10) to limit the last amount of characters in the category GUID

This change solved the 255-character error, but the “the data area passed to a system call is too small” error message remained. Most of the time, the simplest idea that pops up in your head will solve the issue.

As shown below, I removed the additional (not needed) registry keys in the reg file and converted the reg file to a new ADMX file again.

Guess what it solved! the device configuration profile containing the registry settings was now applied successfully!

9. Object Reference not set to an instance of an object

Another thing I need to add to the list of ADMX import errors we could receive when importing a third-party ADMX is As shown below, we could end up with the error:The upload of this ADMX file has failed: Object Reference not set to an instance of an object

object reference not set to an instance of an object

Luckily, it’s very easy to answer this question, and I like easy solutions! Just remove the ADMX upload attempt and upload the ADMX again!

Conclusion:

Having the possibility to add your own ADMX to Intune is great! Hopefully, Microsoft will provide us with some troubleshooting documentation .. Ow wait…. “stay tuned”

13 thoughts on “The school for ADMX upload and Evil

  1. Useful info here! Thanks for mentioning he Citrix receiver.ADMX link from Adam Gross. It saved us a lot of time!

  2. Rudy, I’ve the issue you’ve described in #9. I am trying to upload the ADMX of our VPN Client. Simply reuploading does not work, any idea?
    Link to the vendors ADMX in their article: https://www.sparklabs.com/support/kb/article/deploy-viscosity-windows-under-a-gpo-group-policy-environment/

  3. Yep I’ve got issue #9 too with a custom Adobe admx file. Tried deleting and uploading a few times but always the same error.
    File was from here: – https://github.com/nsacyber/Windows-Secure-Host-Baseline/tree/master/Adobe%20Reader/Group%20Policy%20Templates

    It was created a while ago this ADMX but is the only custom Adobe Reader one I could find that has the extra elements I wanted to control. Adobe only provide a basic one with a few elements to control.
    The reason for using is that I wanted to make use of the new Intune Microsoft Store App deployment to deploy Adobe Reader, which although nice and simple means you lose out creating your own custom Adobe Reader install using their customization wizard and transform file. But this method creates a 1.14GB intunewin file. so liked the idea of using the new MS store method. But now I need to make the customization post install with ADMX policy.

    1. You could also create your own admx with only the gpo settings you want? https://call4cloud.nl/2022/10/admx-when-nature-calls/
      Of course it depends on the registry keys that you want to configure if those are restricted but… its worth a try?

  4. For #9, references (e.g. ref=”123″) are case-sensitive. Once I corrected that, my import was successful.

  5. “The method or operation is not supported ” Received this with the HP Universal Print Driver GPO template. https://support.hp.com/us-en/drivers/selfservice/hp-universal-print-driver-series-for-windows/503548 “HP Print Administrator Resource Kit”. The .admx does not have the word Combo in it, so I don’t think it’s a combobox issue.

  6. Hi,

    Any idea what to do when we can import the ADMx template with sucess, but getting an error during the profile deployment

    Error Code Code 131329 | 0x20101 (The administrative template file failed to be sent to the device)

    Looking into Event viewer I found an Access is denied error:
    event id 404 devicemanagement-enterprise-diagnostics-provider(Admin)

    MDM ConfigurationManager: Command failure status. Configuration Source ID: (96BB8D4F-FAF0-4484-810D-AFD3EAA984B8), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/SecGuide8f979486-a1d1-4549-8d5f-cc573c397337/Policy/SecGuide8f979486-a1d1-4549-8d5f-cc573c397337), Result: (Access is denied.)

    Setting: LSA Protection (\MS Security Guide)
    Template: SecGuide.ADMX

    1. Mmm that access denied is the error you could get when targetting the policies that arent allowed as mentioned here
      https://call4cloud.nl/2022/10/memoirs-of-an-admx/

  7. Hey, i am trying to configure powershell core with the admx from the latest windows 10 policy defintions in intune. Upload went good, but if i want to configure anything, i get the mentioned error code 131329 “The administrative template file failed to be sent to the device.”. After reading this, i am now unsure how to solve this issue and get this admx working. It also affects other admx files aswell, so i guess i need a fix for this. Can anyone help me with this? Google isnt helpful at all imo

    “MDM-PolicyManager – ADMX Ingestion: Blocked Registry Key: (SOFTWARE\Policies\Microsoft\PowerShellCore) in tag (policy)” is shown in the event log

    1. the “policies” key is indeed a blocked registry key (as I also am describing somewhere in the same blog) so settng that policy with an admx isnt allowed for now

Leave a Reply

Your email address will not be published. Required fields are marked *

66  −  56  =  

Proudly powered by WordPress | Theme: Wanderz Blog by Crimson Themes.