This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
We're detecting something very strange about auto user device affinities.
In the Client Settings we are using the following parameters :
In the "Default Settings", "Allow user to define their primary devices" is not enabled.
Clients correctly receive the GPO for :
-"Audit account logon events".
-"Audit logon events".
For some computers the "Primary User" shows multiple assigned users. ( Also visible in the console in the grid of "devices" )
Among these users there is no real daily habitual user.
The users shown and assigned are old users, or users who do not reach the auto user device affinities values defined in the "Client Settings".
In theory, users who were previously "Primary Users" should be automatically removed from "Primary Users" if they no longer meet the requirements specified in the client settings.
Why is this not actually changed by "ConfigMgr" ?
Why is the user who satisfies the parameters of auto user device affinities not self-assigned to the computer ?
We have computers for which the operating system has also been reinstalled, but the old "Primary Users" are not removed and the new daily user is not auto-assigned. This is to point out that in the system, the configuration manager agent is as if it had been reinstalled.
Note : Do not tell me that I have to delete the computer from configuration manager when we reinstall it. Deletion is not mandatory, especially if we want to maintain and consult the inventory history. Reinstallation is done with the Configuration Manager "OSD" service.
Analyzing the log of a computer, which has also been reinstalled, we detect the following lines in the log "UserAffinity.log", from which the primary users should be: "domuserxx3" and "domuserxx5", but instead the users are assigned, "domuserxx4" and "domuserxx6", with 0 usage minutes.
>>>>>>Starting processing user affinity usage task<<<<<<
Auto affinity threshold settings Days = '4', User minutes threshold = '360', Auto approve affinity = '1'.
Clean up agents user logon events...
Retrieving user minutes map...
Loading approved and pending user affinities...
Checking if any pending affinity is approved...
Checking usage minutes per user against current minutes threshold...
User 'dom\userxx3' has 766 usage minutes
Unsetting auto affinity for user 'dom\userxx3'
Found same state message existing. (was sent before) Skip sending same state message for user 'dom\userxx3'..
User 'dom\userxx3' SID is 'S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxxx'
Failed to determine if user 'S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxxx' is cloud user, 0xcaa90014
User 'S-1-5-21-xxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxxx', Domain user yes, Cloud user undetermined
User 'dom\userxx4' has 0 usage minutes
Unsetting auto affinity for user 'dom\userxx4'
Found same state message existing. (was sent before) Skip sending same state message for user 'dom\userxx4'..
Failed to determine if user 'S-1-5-21-yyyyyy-yyyyyyyyy-yyyyyyyyy-yyyyy' is cloud user, 0x87d00323
User 'dom\userxx5' has 793 usage minutes
Unsetting auto affinity for user 'dom\userxx5'
Found same state message existing. (was sent before) Skip sending same state message for user 'dom\userxx5'..
Failed to determine if user 'S-1-5-21-zzzzz-zzzzzzzzz-zzzzzzzzzz-zzzzzzzz' is cloud user, 0x80004005
User 'dom\userxx6' has 0 usage minutes
Unsetting auto affinity for user 'dom\userxx6'
Found same state message existing. (was sent before) Skip sending same state message for user 'dom\userxx6'..
Failed to determine if user 'S-1-5-21-jjjjjjjj-jjjjjjjjjj-jjjjjjjjjjjjjj-jjjjjj' is cloud user, 0x87d00323
>>>>>>Finished processing user affinity usage task<<<<<<
What else can we analyze to understand where the problem is?
Has anyone ever detected this problem?
Is this a known problem?
Thank you all for your patience and support.
Have user been manually assigned a primary user? This can lead to multiple user per computer. What does WMI think who is top console user? https://www.recastsoftware.com/resources/how-to-query-asset-intelligence-for-top-console-user-details/
-Device affinity is not assigned manually.
-- We also checked :
-- Get-CMUserDeviceAffinity -DeviceName "COMPUTER1"
-- The result comes out with parameter "9".
-- From the table at the following link, the meaning is "Secure usage agent" .
-From "System Console Usage" in "Resource Explorer" = "dom\userxx3".
-From tool WBEMTest = 'dom\userxx3' on computer.
Thank you all for your patience and support.
The only way to get multiple primary user for a device is for a few manual assignments.
No manual assignments have ever been made.
The hypothesis, is that multiple assignments are caused by the failure of the automation of Configuration Manager, which should remove the "user device affinity" .
In the log I showed, there are some lines with errors, but I do not understand what they are and if they are the real cause of the anomaly.
We contacted Microsoft Support who confirmed the "BUG" and that it may be fixed in future versions of Configuration Manager.
I guess we are not the only ones who have automatisms built on the "UDA".
In addition, we have reported to Microsoft that it is important for us to fix this "BUG" .
We hope they decide to solve it and in a short time and that it can already be in the next version.
If you have the problem, report it to Microsoft.
To this day with version 2309, the problem is still present. Has anyone who has already installed version 2403 had a chance to check if the problem is resolved?