Friday, March 27, 2020

SCCM ConfigMgr Client Health

When you operate your client in an enterprise environment, then you may find from time to time clients in an unhealty condition. E.g. SCCM reporting does not work anymore or other issues around WMI originating from a corrupt WMI repository and much more.

The tech fellow Anders Rodland created a fantastic PowerShell based framework to diagnose and heal your (sccm) clients automatically.


ConfigMgr Client Health detects and fixes following errors:

  • ConfigMgr client is not installed.
  • ConfigMgr client is assigned the correct site code.
  • ConfigMgr client is upgraded to current version if not at specified minimum version.
  • ConfigMgr client not able to forward state messages to management point.
  • ConfigMgr client stuck in provisioning mode.
  • ConfigMgr client maximum log file size.
  • ConfigMgr client cache size. Fixed size (MB) or percentage of disk space.
  • ConfigMgr client certificate error.
  • ConfigMgr client hardware inventory not running.
  • ConfigMgr client CcmSQLCE.log exists and client is not in debug mode.
  • Corrupt WMI.
  • DNS server record matches local IP’s
  • Drivers – Reports faulty or missing drivers on client.
  • Logging to SQL database and / or file share
  • Pending reboot check
  • User-friendly reboot of computer with 3rd party reboot app when in pending reboot or computer uptime is more than specified in config.
  • Services for ConfigMgr client is not running or disabled.
  • Other services can be specified to start and run and specific state.
  • Windows Update Agent not working correctly, causing client not to receive patches.
  • Windows Update Agent missing patches that fixes known bugs.
  • PLUS additional ones in the latest version (check it out!)

More Information's can be found here:

And the latest "ConfigMgrClient Health" can be found on Github:

Monday, March 23, 2020

Autopilot with non-signature devices (CSP admins only)

Recently I had a customer they acquired Dell devices regularly without the Signature Edition so they would not receive the Autopilot hashes automatically in their tenant.

There is still a way to make it work. But this cant be done by a regular tenant admin. This need to be done by the CSP admin so you need to contact your Cloud Solution Provider (CSP) as they have a special chain of trust with Microsoft. You need to trust this CSP and allow him to be your CSP administrator in your tenant. This prevents any abuse of this process.

Therefore you need also to provide a CSV list to your CSP.

The format must be:

So you need the Device Serial Number, the Manufacturer Name and the Device model. 

(Device serial number,Windows product ID,Hardware hash,Manufacturer name,Device model) for copy&paste in your Excel table.

Manufacturer and Device model are very critical. So you can not write what you think of. It need to be the output of this Powershell command:

Get-CimInstance -ClassName Win32_ComputerSystem -property Manufacturer, Model | Select-Object Manufacturer, Model

Manufacturer          Model
------------          -----
Microsoft Corporation Surface Pro 6

You compile the table above with the serial number and these make and model information's (to be very exact is crucial!). The Windows product ID and the Hardwarehash need to be empty! 

Then you need to export this as CSV file and hand it over to your CSP for uploading it. This allows you also to on-board machines you have not yet bought as Autopilot machines (with Autopilot hardware vendor SKU and/or Signature Edition)

Additional drawback when not using the signature editon:
You still may have plenty bloatware installations in your image. You may want to remove them manually which might be tricky in some cases.

More information's about Autopilot can be found here:

More information's about the signature edition can be found here:

(dont be shocked. This is only available in Granada English! :-))