ConfigMgr Client Health

ConfigMgr Client Health is a PowerShell script that increased our patch compliance from 85% to 99%. It detects and fixes known errors in Windows and the Configuration Manager Client, and enforces required services to run and start as Automatic. The script should run in the system context on the computers you want to validate and fix. The script works with PowerShell version 2 and higher, and is tested on Windows 7 SP1, Windows 8., Windows 10. Windows Server 2012 R2 and Windows Server 2016.

This script was created after one of my customers experienced very bad patch compliance, and a lot of clients very not patched, or reported as compliant while not being patched at all. Our investigation discovered several root causes, and I created a tool to fix them all. After running this script on their computers, patch compliance increased significantly.

Note: This is the main page for ConfigMgr Client Health. It will always contain the latest information about the latest released version, and this is the place to find the most current documentation.

Latest version: 0.8.3 – Released 2020-11-15
Download location: GitHub

Note: Latest database version is 0.7.5. Upgrade from previous versions require a database upgrade. Copy / paste the content of “createdatabase.sql” to upgrade the database to the latest version.

Requirements

  • PowerShell version 5.1 or higher
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

Features

ConfigMgr Client Health detects and fixes following errors:

  • ConfigMgr client is not installed.
  • ConfigMgr client is assigned the correct site code.
  • ConfigMgr client is upgraded to current version if not at specified minimum version.
  • ConfigMgr client not able to forward state messages to management point.
  • ConfigMgr client stuck in provisioning mode.
  • ConfigMgr client maximum log file size.
  • ConfigMgr client cache size. Fixed size (MB) or percentage of disk space.
  • ConfigMgr client certificate error.
  • ConfigMgr client hardware inventory not running.
  • ConfigMgr client CcmSQLCE.log exists and client is not in debug mode.
  • Corrupt WMI.
  • DNS server record matches local IP’s
  • Drivers – Reports faulty or missing drivers on client.
  • Logging to SQL database and / or file share
  • Pending reboot check
  • User-friendly reboot of computer with 3rd party reboot app when in pending reboot or computer uptime is more than specified in config.
  • Services for ConfigMgr client is not running or disabled.
  • Other services can be specified to start and run and specific state.
  • Windows Update Agent not working correctly, causing client not to receive patches.
  • Windows Update Agent missing patches that fixes known bugs.

How to use ConfigMgr Client Health

This tool should be placed on a network share available to all clients where everyone have read access and only administrators have write access.

1
PowerShell.exe -ExecutionPolicy Bypass -Noninteractive -File "\\Server\Share\ConfigMgrClientHealth.ps1" -Config "\\Server\Share\Config.xml" -Webservice "https://server.domain/ConfigMgrClientHealth"

The Powershell script need to run with at least Administrator privileges. WMI remediation only works if the script is run with SYSTEM privileges. I recommend you deploy a GPO that create a scheduled task running this script with highest privileges (SYSTEM), and that it’s run from a network share. The health check use very little resources on the client.

Check out my guide: Powershell script with arguments as a scheduled task for how to deploy ConfigMgr Client Health as a scheduled task with group policy.

Run CreateDatabase.sql on your SQL server to create the SQL database. ConfigMgr Client Health can update the database either by accessing it directly using the computer account, or use the new webservice. The script sends the result of the health check to a webservice using either http or https, and the webservice use a service account to to update the SQL database. Instructions for installing and configuring the webservice are included in the in the downloaded file.

For the script to update the database directly, the computer account requires db_datareader and db_datawriter roles on the ClientHealth database on the SQL Server. A suggestion is to use “domain\domain computers” group.

Note: Pending reboot check is only implemented for logging and reporting. ConfigMgr Client Health do not have any functionality implemented to automatically reboot computers. But a computer stuck in pending reboot can be difficult to patch.

Updates

Place your mandatory updates in the respective folders for the operating system and architecture. Make sure to share the root update folder to everyone and everyone have read access. ConfigMgr Client Health will check the folder for its operating system and architecture and install any patches you place there.

Unfortunately, I cannot add the updates together with my published tool due to license restrictions. But I recommend you download and add the following updates as they all fix problems with the Windows Update Agent. Computers missing these updates may experience problems scanning for and applying new patches.

Windows 7

Windows 8.1

Config.xml

ConfigMgr Client Health uses config.xml to configure its settings. Below is a picture of an example config.xml file.

LocalFiles

A path to a directory locally on the computer running the script where ConfigMgr Client Health will store temporary files. Default is C:\ClientHealth

Client

Settings to verify and enforce on the Configuration Manager Client

  • Version: Minimum version of Configuration Manager Client to enforce. A client who is running a version greater than or equal the one specified in config.xml will not be upgraded, but any client running an older version will be upgraded to the client installation located in <ClientInstallProperty>/Source:</ClientInstallProperty>
  • Sitecode: Configuration Manager Sitecode
  • Domain: Verify the clients computer is a member of this domain.
  • AutoUpgrade: True / False. ConfigMgr Client Health will upgrade the client only when this is set to true.
  • CacheSize: Sets the required cache size for ConfigMgr client. A fixed number is read as KB. A number with % after is read as percentage of total disk space.
  • Share: Fileshare where ConfigMgr client source files is located. It is used when client health is installing the ConfigMgr client for the first time, upgrade the client to minimum version, or reinstalling if determined necessary to fix serious errors.
  • Log: MaxLogSize: Maximum log file size on ConfigMgr client. MaxLogHistory: Maximum log file history on client. Enable: Enable or disable this check.

Client Install Property

These are install properties used when ConfigMgr Client Health is reinstalling the configuration manager client on your Windows computer. You can add and remove as many as you want, and all official ccmsetup.exe switches are supported. For a full list of supported ccmsetup.exe switches: https://docs.microsoft.com/en-us/sccm/core/clients/deploy/about-client-installation-properties

Service

Services to enforce a specific startup type and running state on the client.

  • Name: Name of service
  • Startup type: Automatic, Manual, Disabled
  • State: Running, Stopped

BITSCheck

Option to check and remediate if BITS have any jobs stuck with errors. Enabling this check may fix errors where downloads are stuck at 0% in software center.

  • Enable: Enable or disable this component. Values: True / False.
  • Fix: Script will fix any errors if set to True. Only logs errors if False. Values: True / False.

DNSCheck

Option to check if IP addresses registered on DNS server record matches local IP addresses on the computer. Will perform a Resolve-DNSClient if Powershell version 4 or higher, or IPConfig /RegisterDNS if Powershell version 3 or lower.

  • Enable: Enable or disable this component. Values: True / False.
  • Fix: Script will fix any errors if set to True. Only logs errors if False. Values: True / False.

Drivers

Option to check if local drivers are working as intended. Will report back devices with missing drivers or faulty driver.

  • Enable: Enable or disable this component. Values: True / False.

Updates

ConfigMgr Client Health will detect operating system and architecture, and install all patches placed here for its operating system and architecture. A computer running Windows 7 64-bit will verify all patches in “\\CM01\ClientHealth$\Updates\Windows 7 64-Bit” are installed, and install those who are missing. This is a great way to install patches that fixes bugs in the Windows Update agent.

  • Share: Fileshare where updates are located
  • Fix: Script will fix any errors if set to True. Only logs errors if False. Values: True / False.
  • Enable: Enable or disable this component. Values: True / False.

Logging

Data gathered by the ConfigMgr Client Health script is stored in ClientHealth database on the SQL server and / or log share specified in the config.xml file. The agent will always log the following events to log share if log share is enabled.

  • Computer fails to connect to the SQL database.
  • Driver error. The failed drivers are listed in the log file for the specific computers.
  • DNS error. IP addresses from the DNS server and local computer is listed in the log file if the DNS check fails and reports Error in the database. Possible cause: DNS Server have an IP address registered that is not used by the computer.

Log settings

  • Share: File share where logs are stored.
  • Level: Depreciated
  • MaxLogHistory: How many times the script will save its log history for the computer before it discards the log file and starts over.
  • Enable: Enable or disable this component. Values: True / False.

PendingReboot

Component that detects if the computer is in a pending reboot state or not.

  • StartRebootApplication: Setting to determince if ConfigMgr Client Health will start the reboot application if the computer is in a pending reboot state. Values: True / False
  • Enable: Enable or disable this component. Values: True / False.

RebootApplication

A reboot application is a 3rd party application (or command) that will force a mandatory reboot of the computer. I recommend the use of Coretech’s Shutdown Tool to reboot computers as it gives the users a notice and opportunity to postpone the reboot.

  • Application: UNC path to application file, or shutdown command.
  • Enable: Enable or disable this component. Values: True / False.

Coretech Shutdown Tool: http://blog.coretech.dk/kea/new-version-of-the-coretech-shutdown-tool/

MaxRebootDays

This setting determines how many days a computer can be online before ConfigMgr Client Health will start the reboot application. This setting do nothing if RebootApplication is disabled.

OSDiskFreeSpace

Free space in percent on C: of the client. It’s recommended to have at least 10% free space on the OS drive.

HardwareInventory

ConfigMgr Hardware Inventory.

  • Days: ConfigMgr Client Health will start a hardware inventory on the client if last execution time was more than the days specified in this setting.
  • Enable: True / False
  • Fix: Script will fix any errors if set to True. Only logs errors if False. Values: True / False.

SoftwareMetering

This setting enables a test and remediation on the software metering prep driver.

Remediation

These settings control what components ConfigMgr Client Health will validate and fix.

  • AdminShare: Checks if Admin$ and C$ is shared and working correctly on the computer. Fix: True / False.
  • ClientProvisioningMode: Checks if Configuration Manager Client is stuck in provisioningmode. Fix: True / False.
  • ClientStateMessages: Fix: True / False.
  • ClientWUAHandler: Fix: True / False.
  • ClientCertificate: Fix: True / False. Checks if the PKI certificate used by ConfigMgr client is stored in the certificate store.
  • WMI: Checks if WMI is corrupt. Fix: True / False.

SQL Database

Execute the SQL query stored s”Createdatabase.sql” on your SQL server to create the SQL database. This query will create the database if it doesn’t exist, or upgrade it to the current version if already present.

You also need to give the Active Directory group “domain computeres” datareader and datawriter rights on the database.

The table Clients contains the following information in the database:

  • Hostname: Hostname of the computer.
  • OperatingSystem: Operating system of the computer.
  • Architecture: Operating system architecture.
  • Build: Build number of the operating system.
  • Manufacturer: Hardware Manufacturer.
  • Model: Hardware Model.
  • InstallDate: Date and time when the computer was installed.
  • OSUpdates: Date and time when the computer installed its latest patch.
  • LastLoggedOnUser: The username who last logged on the computer.
  • ClientVersion: Configuration Manager Client Version.
  • PSVersion: Powershell version.
  • PSBuild PowerShell build number.
  • Sitecode: Configuration Manager Client Sitecode.
  • Domain: The domain the computer is joined to.
  • MaxLogSize: Configuration Manager Client max size for log files.
  • MaxLogHistory: Configuration Manager Client max number of log history files pr log file.
  • CacheSize: Configuration Manager Client cache size.
  • ClientCertificate: The state of the Configuration Manager client certificate check.
  • Provisioning Mode: The state of the Configuration Manager Client provisioning mode check.
  • DNS: The state of the DNS check. If ‘Error’, Verify specific log file for more information on this error. The DNS server have registered an IP address for the hostname that is not present on the specific computer, and the IP addresses are listed in the log file.
  • Drivers: The state of the driver check. Verify specific log file for more information on this error. The drivers with errors are listed in the log file.
  • Updates: The state of the update check. Updates attempted to install on last execution is listed here.
  • Pending reboot. The state of the pending reboot check.
  • LastBootTime: Last boot time of the computer.
  • OSDiskFreeSpace: Free space in percent on the C: drive.
  • Services: The state of the services check.
  • AdminShare: The state of the AdminShare check.
  • StateMesasges: The state of the StateMesasges check. Verifies that the client successfully sends state messages to the management point.
  • WUAHandler: The state of the WUAHandler check. Performs check on Windows Update Agent Handler and registry.pol.
  • WMI: The state of the WMI check.
  • ClientInstalled. The date when ConfigMgr Client Health installed the Configuration Manager Client.
  • Version: The version of ConfigMgr Client Health script executed by the computer.
  • Timestamp: Latest execution time of the script.
  • HWInventory: Latest timestamp when hardware inventory ran on the client.
  • SWMetering: The state of the software metering check
  • BITS: The state of the Background Intelligent Transfer Service check.
  • Patchlevel. The current patchlevel of the device.

ConfigMgr Client Health Reports

Ben Morris have created a very cool report that you can import into SQL Server Reporting Sservices and SCCM. This is the same report that I used during my demo at System Center User Group Sweden.

Download: Technet Galleries

Useful SQL queries to run on the ClientHealth database

All computers, ordered by latest script execution time

SELECT * FROM dbo.Clients ORDER BY Timestamp DESC

Computers with less than 10% free space on C:

SELECT Hostname, OperatingSystem, InstallDate, LastLoggedOnUser, OSDiskFreeSpace FROM dbo.Clients WHERE OSDiskFreeSpace <=10 ORDER BY OSDiskFreeSpace ASC

Computers with low or no free space on C: can be hard to patch and deploy software to, but I do not want the client health script to attempt any auto-cleaning of files. Running this SQL query on the Client Health database lists all computers with 10% or less free space on C:. This is a list we send to our service desk, and they will help the users to clean up, or reinstall the computers.

Computers not patched in the latest 60 days

SELECT Hostname, OperatingSystem, InstallDate, OSUpdates, LastLoggedOnUser FROM dbo.Clients WHERE OSUpdates <= DATEADD(DAY, -60, GETDATE())

Computers who have not patched in 60 days or more should be investigated. This query gives you that list. The easy solution is to just reinstall the computers. The goal of ConfigMgr Client Health is to find as many causes as possible to why a computer is not patching, and automatically try to fix them. Please let me know if you find a root cause and fix not detected by this script and I would love to add it.

Right click tool console extension

The right click tool console extension makes it easy to remotely start ConfigMgr Client Health on devices and collections. It uses PowerShell to remotely start the scheduled task that executes ConfigMgr Client Health.

Windows Remote Management (WinRM) must be enabled on the devices for this console extension to work.

Use the PowerShell installer “Install.ps1” to install the right click tool console extension. The installer takes two arguments:

-Path
The path to where the console extension stores its assembly and scripts.

-ScheduledTaskName
The name of the scheduled task that starts ConfigMgr Client Health on your computers.

-MaxThreads
Optional parameter. Configures the maximum number of simultaneous threads when running against a collection of devices. Default value is 20.

Example:

Install.ps1 -Path "C:\Program Files\ConfigMgr Client Health Console Extension" -ScheduledTaskName "ConfigMgr Client Health" -MaxThreads 40

Webservice Troubleshooting

Edit web.config and change the setting: “stdoutLogEnabled” to True. Make sure the folder specified in “stdoutLogFile” exists. Log files with the specific errors are created in that folded if logging is enabled.

Webservice with SQL Express or different instance name.

Edit appsettings.json and make sure connection string SQLDatabase specifies hostname\\SQLexpress.

The double ‘\\’ is required due to a current bug in the webservice, this will be fixed in a future version.

Note: I’m happy to help with issues you have implementing this script, please use the comment below for that. It helps me a lot if the post your operating system and what rights the script is running. Minimum required rights are local administrator, recommended is system.

This solution is provided AS-IS and comes with no warranties. Use at your own risk.

54 thoughts to “ConfigMgr Client Health”

  1. Hi Anders, I did just install everything but failed now when I tried to test the webservice with 500.19 error. Anything I messed up during the installation or a hint where I could search for the error? thx

    1. I disabled dynamic and static compression module in web.config (WSUS is installed on same machine) and needed .net core version 2.0 – then it works – just to note it here if someone else faces this problem.

  2. Hi!
    I scrolled through the comments, but I didn’t find what I was looking for.
    What ports is needed for direct reporting from the clients to the SQL Server?
    Is it just TCP 1443 or what ports is needed?
    It takes weeks for our FW crew to handle and implement requests, so I want it to be correct. 🙂

  3. Thanks a lot for this script.
    Two suggestion to add :
    – check if computer is yet join to the domain with Test-ComputerSecureChannel
    – the sccm guid to check that we don’t have any duplicate

  4. Hello Anders,

    You have created an awesome tool. We love it.

    We find one issue. We run this after starting up a imaged laptop. If the installation failed, nothing is written to the database as the task sequence is still running.

    To avoid this issue I have rewritten the function Test-InTaskSequence

    Old:

    Function Test-InTaskSequence {
    try { $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment }
    catch { $tsenv = $null }

    if ($tsenv) {
    Write-Host "Configuration Manager Task Sequence detected on computer. Exiting script"
    Exit 2
    }
    }

    New:

    Function Test-InTaskSequence {
    try { $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment }
    catch { $tsenv = $null }

    if ($tsenv -ne $null) {
    $SMSTSType = $tsenv.Value("_SMSTSType")
    if ($SMSTSType -ne $null) {
    Write-Verbose "The TS variable _SMSTSType has value '$SMSTSType'. Configuration Manager Task Sequence detected on computer. Exiting script."
    Write-Host "Configuration Manager Task Sequence detected on computer. Exiting script"
    Exit 2
    }
    }
    }

    What do you think about this modification / change?

    With kind regards,
    Willem-Jan

  5. I have this script running on around 100 test computers (95 to be exact). There are logs for all of them in my log folder but there are only 24 devices in the SQL database. I don’t see any major differences in the log files of a computer in the database and one that isn’t. Do you have any idea why the computers aren’t in the database?

    1. Hello,

      I have created a batch file
      "C:WindowsSystem32WindowsPowerShellv1.0powershell.exe" -ExecutionPolicy Bypass -NoProfile -File "\pathtoConfigMgrClientHealth.ps1" -Config "\pathtoconfig.xml" -Webservice "http://server.something.local/ConfigMgrClientHealth" -Verbose > "\pathtoConfigMgrClientHealthLogs%COMPUTERNAME%_PowerShell.log"

      It creates a sort of logfile from the output. Maybe that will help you.

  6. There is a minor bug in (line 3120) where the if statement can go into the logging code even if you have SQL logging disabled.

    This: if (($SQLLogging -like ‘true’) -and (($null -eq $Webservice)) -or ($Webservice -eq “”))

    Should be: if (($SQLLogging -like ‘true’) -and !($Webservice)

  7. Has there been any changes in in the SQL database since the last version. Do we need to update SQL at all if we were running the last version of this script?

  8. I am testing the 0.8.2 version of this script and i am having issues with updates portion of the script. i have updates placed in the share and the share setup in the config file but when i run the script all i get for returns is Updates: No mandatory updates to install. I have tested with windows 10 1803, 1809, and 1903 64-bit with the same results in all instances. The update option is set to TRUE on both the fix and the enable fields. What else could i be missing?

  9. Hi Anders,

    Been using this solution for some time now and loving it, however I believe the console extension is causing me major slow-down issues on my console. Has there been any other reports of this? And, is there an easy way to remove the extension? I see the install.ps1 is basically just copying xml files, so do I just remove them?

    Thanks in advance.
    Ben

    1. The reason I ask is that Ive just deployed the script to Windows 7 with a backend of CM2012 and some are reporting ‘ConfigMgr Clients database files missing’ every day.

  10. I’m still not able to get this to consistently re-mediate our clients and it really hasn’t improved our environment at all. Right now the script only seems to re-mediate clients that are showing active. It’s not choosing any of our clients that are showing Inactive and re-mediating those. Does anyone know why that is or can shed some more light on how it chooses which client it’s going to re-mediate?

  11. Quick question regarding the patches. Is there a way you can just have the script point to SCCMs update directory for updates? This way we know for sure updates are always installed and that we won’t have to add the installers to another directory.

  12. Hey,
    i have the Problem that not all my Clients can update the Database over the IIS. I dont understand why, its not all clients. The Clients gets:

    Updating SQL database with results using webservice
    Error Invoking RestMethod POST on URI https://SERVER/ConfigMgrClientHealth/Clients. Failed to update database using webservice. Exception: Der Remoteserver hat einen Fehler zurückgegeben: (500) Interner Serverfehler.

  13. Hello,
    We’ve noticed an interesting side-effect when running the script, and we’re curious if this is intended. Our Windows-10 computers are imaged with a small number of Local GPO settings applied at both the User and Computer levels. What we’ve noticed is that the Computer settings appear to all get wiped out when we run the script on our system.
    We also noticed that if we re-apply the settings and run the script a 2nd time, it does not remove them. A bit of further research shows that the script writes a registry settings with the last run time of the script. We found that if we delete this entry, the script will once again remove the settings.

  14. Hi Anders, thanks for this great tool, in the Config file there is one line “mydomain.com, what about if you have more than 5 domains in my case?
    Regards
    Mo

  15. Hi,
    I’ve set up ConfigMgr Client Health with Web Service as per directions and get the message “…500 –
    Internal server error” when the client attempts top upload the report to the database via webservice. The client successfully uploads a report to the database when not using the WebService.
    To troubleshoot, a second server dedicated to this service was set up and result is the same.
    On both WebService Servers, an event log is found in Event Viewer > Applications and Service Logs > Microsoft > Windows > SMBClient > Connectivity Log:
    ———————
    Log Name:
    Microsoft-Windows-SmbClient/Connectivity
    Source: Microsoft-Windows-SMBClient
    Date: 6/18/2019 2:27:17 PM
    Event ID: 30800
    Task Category: None
    Level: Error
    Keywords: (64)
    User: SYSTEM
    Computer: ### Webservice Computer Name ###
    Description:
    The server name cannot be resolved.
    Error: The object was not found.
    Server name: cm01.rodland.lab
    ————————–
    This event is written during the step where the client is running the Update-Webservice PowerShell function.
    The Webservice appsettings.json file has my server name in it. The ConfigMgrClientHealth
    config file has my server names in it, or lines changed from CM01.rodland.lab to CM02.rodland.lab where tests are set to False.
    Since all lines that have cm01.rodland.lab in them were changed to cm02.rodland.lab and the PowerShell script does not have any lines where CM01.rodland.lab are actively read, then it seems that the only files where CM01.rodland.lab could come from are the WebService files that we cannot
    edit.
    Is it possible that CM01.rodland.lab is hardcoded in a WebService file somewhere and could it be resolved?

  16. Hi,
    I have setup and configured everything accordingly, however there are some issues as follow:
    1. Computer clients always fail to connect to the SQL database. The account used in SQL in client health database is a domain service account and has ‘db_accessadmin’ role as well as ‘db_datareader’ & ‘db_datawriter’.
    2. Resolve-client: ERROR: Client taged for reinstall, but failed to access fileshare :\abcd.lab.net.auClienthealthclient At D:ClientHealthConfigMgrCleintHealth.ps1:3066 char:9
    Resolve-client -xml $xml -clientinstallproperties $ClientInst…
    I gave read permission to “everyone” and also domain service account that use to access clienthealth database.

  17. Thanks so much for this. I used Bryan Dams suggestion to run it as a scheduled script. I also decided that the sql update via the web was a bit to fiddly for me so I rewrote the SQL bit to launch a stored procedure instead.

  18. Hey I’m running into a situation where it looks like the client repair script is only repairing a handful of workstations each day when we schedule the task to run. It only seems to be repairing around 1-7 machines per day when the task is deployed. We have around 400 workstations with inactive clients in our environment. Also they’re long intervals of time that go by between each repair. For example the script will repair one workstation at 8:30 AM and then won’t repair the next workstation until 9:45 AM. How many workstations should it be repairing per day? Why isn’t it addressing all of the inactive clients on our workstations when the task runs instead of just a handful? Our GPO is linked to our main domain and i have a security filter with all of our workstations with inactive clients in that security group filter. Any thoughts on this?

    1. There’s no logic in group policy or in CMCH to limit the number of independent clients that can run simultaneously. Is group policy otherwise working ok on these systems? Are you seeing reports from each client and it is only repairs that aren’t happening or do you think the script isn’t being run on all the clients as often as you expect? What method are you using to start up the CMCH script? Has someone cranked up the default GP refresh from 60-120 minutes to something much more? Do you have a low limit on connections to either the database or the reporting share that’s causing the script not to run or report on more than a few machines at a time?

  19. Hey Anders – have you run/tested this on Remote Desktop Services (RDS) servers? I have a client who is running into an issue where RDS servers are losing their RDS licensing configuration every time the script runs. I plan to take a look through the script and find out where the issue might reside, but didn’t know if you had run into this before.

  20. Quick question, do we still have to give the domain computers rights to the DB if we’re using the webservice? Trying to run as the scheduled task and feeding the -webservice switch but the logs that are created on my network share always start with “[2019-04-23 11:54:09] Error connecting to SQLDatabase ClientHealth on SQL Server JLSQL1.joshlab.local”

  21. Hey Anders,

    Logging on our clients indicate a SQL connection error. I disabled SQL logging with the below XML config, but it appears that the health script is still trying to log, unless I’m interrupting the error code wrong. Any suggestions?

    XML Configuration:

    Client Log Error:
    SQL Error: Exception calling “Open” with “0” argument(s): “A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server)”

    1. We are seeing the same problem. We have set enable to False on SQL and are not providing webservice as an argument when starting the script. Update-SQL shouldn’t be called when this is set to False, correct?

  22. Hi Anders,

    Thank you for you amazing support.

    I planning deploy the tool in my environment, but I don’t understand if Webserver should be in separate host than SCCM Server. That’s right?

  23. Version 0.8.1 I set in the config for testing but it is attempting to execute the Update-SQL function at the end of the script anyway. I did not include a Webservice command line parameter while executing the script either. I could not see where it was failing to set the proper conditions to skip the step.

    For the Repair-WMI function, I would recommend first trying winmgmt /salvagerepository and checking if the result is still inconsistent before running /resetrepository. Also, would be improved by incorporating the actions from this blog to try to reduce the chance of an inoperable WMI from missing some 3rd party namespaces. https://blogs.technet.microsoft.com/fieldcoding/2018/10/10/resetting-wmi-repository-dos-and-donts/

    In my testing, all the SCCM Client evaluation policy calls to Invoke-WMIMethod threw an error. It can be fixed by enclosing double-quotes around the $trigger variable. Quotes seem to be required on the command line for the trigger GUID parameter for it to interpret correctly, even with a variable.

    Script cleanup recommendation, if you do not need a wildcard match (*), use -eq instead of -like for string comparison as -like could end up with some unexpected behaviors and may consume a few more CPU cycles. In addition with the configuration checks, you can just check if enabled -eq $true instead of -eq ‘true’. PowerShell will automatically handle the type casting and will properly evaluate 0 or True (with any upper/lower case) to the boolean $true. This will also cut out the need to make an additional .NET call to .ToLower().

    1. We are seeing the same problem with logging. We have set enable to False on SQL and are not providing webservice as an argument when starting the script. Update-SQL shouldn’t be called when this is set to False, correct?

  24. HI Anders,
    Thanks for sharing this great tool. I am in a Multi domain infrastructure and The management domain does not trust the underlaying domains but underlaying domains trust the management site. This is thus a single way trust. For computers in the same management domain no problem but trying to run the task scheduler from computers in underlying domains give a powershell scripts errors 4294770688. Do you have any idea?
    Thanks a lot.

  25. Is there an idots guide to installing this? I’ve inherreted a messy SCCM install and am still finding my feet, due to budget there is no support option, I understand bits of it but not enough to get it working.

  26. Great Client Health remediation tool but would be nice if you created your logs in the standard format that cmtrace.exe understands so it display’s at least the Date/Time. Any log related to SCCM, whether you are logging in real time or not, should follow the cmtrace format. There are plenty of threads out there that show you how to do this so very surprised a script of this level would not be using it.

  27. Hi Anders,

    Thank you for this script – it is a powerful solution to remediate broken clients. I have a few questions on the .Net Core prerequisite for the web service.

    The instruction says to install .Net Core 2.0 Runtime & hosting bundle for Windows v2.0.9 as a prerequisite to configure web service. Since this version has end of life support by Microsoft, our security policy restricts to use this version in our environment. We tried with latest .Net Core 2.2 Runtime v2.2.2, however, the web service failed to run and errored out with “HTTP Error 502.5 – Process Failure”. So are there plans to rebuild the web service code using the latest .Net Core 2.2?

    Will there be a new version of web service or the script that will work with latest .Net Core 2.2 Runtime? Or is there a way we can try to make the current web service code work with latest .Net Core 2.2?

    Please advise. Thank you again!

  28. HI
    I’ve just followed the instructions to test in my lab when I run the script from numerous clients I get the following at the end of the powershell
    Error Invoking RestMethod POST on URI http://configmgr.xxxxxxx/configmgrclienthealth/Clients. Failed to update database using webservice. Exception: The remote server returned an error: (500) Internal Server Error.

    When I first got this, I removed all config and started again and I still get the same, I’ve given the service account owner permissions on the db just to rule out a permission issue.
    anybody had this issue before

    1. Hey Trevor, did you ever get this error fixed? I’m seeing the same thing and tried a number of things to get it going. Can’t figure it out either…

    2. I also get this message, can’t see where the error is either…
      The serviceaccount is dbo and no logs on the server is updated.

      Anyone that ever got this fixed?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.