Anyone reading this book who has administered any of SCCM 2012's predecessors will likely agree that the biggest headache was keeping your installed client base healthy; especially when working with SCCM clients running on Windows XP, which had a nasty habit of corrupting their WMI data.
With SCCM 2012, Microsoft has addressed many of issues with the inclusion of two monitoring components, Client Activity and Client Check. As an SCEP administrator, your ability to monitor malware activity is directly affected by the overall health status of SCCM clients.
This recipe will walk you through the process for utilizing Client Activity and Client Check to resolve some common issues. To illustrate this point, we will be working on workstation which seems to be no longer communicating with SCCM.
To complete this recipe, you will need to be using an account that has SCCM administrator privileges.
- Log in to your SCCM CAS server and launch your SCCM 2012 management console.
- Navigate to
MonitoringOverviewClientStatusClientActivityin the collection field; click on browse, and select All Systems. Click on the word inactive to create a node which contains a list of all the clients that have been flagged inactive; your console should automatically switch to viewing this list. Refer to the following screenshot:
- By entering the name of the workstation in the search bar, we can quickly determine if it is in this list or not. If the workstation is in this list, then it has not communicated with SCCM in over seven days.
- With inactive clients, it is always worth the effort to find the user of this workstation to check if they have simply gone on vacation and left their workstation powered down. To find out to whom a workstation belongs, right-click on the computer object and select Properties. Locate the Last Logon User Name properties. You can also view the last Logon Time Stamp (UTC) here as well. Refer to the following screenshot:
- If you have reached this point and determined that the workstation has not sent a heartbeat to SCCM more than seven days and no one has logged into it for the same amount of time, you can be fairly sure it's simply turned off. To verify this, you should attempt to ping the hostname (provided your firewall policy allows for pinging).
- One important thing to know in this scenario is: does your SCCM server have the clear install flag maintenance task enabled and if so, what is the threshold (the default is 21 days)? If you are using the clear install flag task, then as long as the PC is booted back up before the threshold is reached, everything be fine. If the PC will remains off longer than the clear install flag threshold, then SCCM will consider the workstation to have no SCCM client and the client will likely need to be redeployed to resolve the issue. To check your organization's current clear install flag setting, navigate to
AdministrationOverviewSiteConfigurationSites, click on the Settings button at the top of the UI, and then select Site Maintenance. Refer to the following screenshot:
- Next, we will be taking a look at the dashboard for client check, which pertains to SCCM 2012 abilities to self-heal many client issues. Navigate to
MonitoringOverviewClientStatusClientCheck, click on client check failed to bring up a node that lists all of the clients that have failed their client check. Refer to the following screenshot:
- Browse the list for any workstations that you suspect have not been reporting their SCEP data. If you do find any of these machines, the first step in remediation is usually to attempt to redeploy the client. To do so, right-click on the computer object and select Install Client.
- On the Installation Options page of the Install Configuration Manager client Wizard, make sure to select the option Always install the client software. This will reinstall the client even if the workstation already has one (albeit a broken client). Refer to the following screenshot:
- After you complete the wizard, you will see a summary completion page. This does not mean that the client was successfully reinstalled, just that the client push process was initiated. To view the current status of the client push, navigate to
MonitoringOverviewReportingReportsand execute the Client Push Installation details report. Refer to the following screenshot:
- If the client redeployment fails, check that the target PC is online and that the correct firewall ports are opened for SCCM client push. You will also want to verify that the service account used for client push is a local administrator of the target system.
SCCM uses its Client Activity and Client Check components to help administrators monitor their client base. While the Client Check component can deal with many common issues, such as remediating some Windows Management Instrumentation (WMI) issues, or verifying the operation and startup type for typical Windows services the client needs, it will not be able to fix every issue that occurs with an SCCM client. Sometimes the only choice is to redeploy the client.
If redeployment fails, the next step is to make sure the client still meets the minimum requirements for SCCM. One common configuration change that affects clients is closing WMI from remote systems or disabling the SMB ports. Also, if client pushes should fail, it's a good idea to verify that the service account for client installation has not been disabled.