1E Verified
Copyright © 1E 2022 All Rights Reserved
MEMCM Client Health
Downloads
362
Endorsements
12
Components
1
Added
4 years ago
Last Updated
7 months ago
Compatibility
Client Supported - 8.1, 9.0
OS Supported - Microsoft Windows 11, 10
OS Supported - Microsoft Windows 11, 10
Description
The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability, Configuration Manager WMI integrity and common causes of Configuration Manager client problems on devices.
The MEMCM Client Health policy replaces the previous SCCM Client Health policy.
Key Features
- The policy in this product pack will:- Ensure the correct version of the CM client is installed and running and assigned to the correct site.
- Ensure the CM client is not stuck in provisioning mode.
- Ensure that heartbeat discovery, inventory and state messages are being sent regularly.
- Ensures the CM client cache is set to the correct size.
- Ensure the CM client log settings are correct.
- Ensure the BITS service exists, configured to start up automatically and is running.
- Ensure the Windows Time service exists with correct startup settings.
- Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running.
- Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent.
- Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source.
Setup
- This Product Pack contains Rules.
- Upload this Product pack with the help of Tachyon Product Pack Deployment Tool.
- A Guaranteed State Policy named MEMCM Client Health will be created.
- Guaranteed State Rules will be created in this policy.
Usage
- Review any rule, For Example MEMCM Client CacheSize.
- The precondition ensures that storage InstallRecord exists.
- The rule will be triggered in every 24 hrs.
- The Check is performed to ensure that the CM Cache size is between 2560-5120 MB by default. You may reconfigure it.
- Lastly a fix is applied by configuring the CM Cache size to 5120 MB if the current CM Cache size is not between the MinMB and MaxMB value.
- Enable this rule. Review all the rules in this Policy and enable them before deploying it.
- Assign the MEMCM Client Health Policy to a management group.
- Deploy the MEMCM Client Health Policy.
- Within a period of a day or two you would start seeing the compliance reports on MEMCM Client Health.
Components
MEMCM Client Health
POLICY
Ensure the MEMCM client and supporting components are healthy (WindowsUpdate, W32Time, BITS, WMI, MEMCM service)
WMI Win32_ComputerSystem ClassExists (Rule)
Ensure the Win32_ComputerSystem class exists in WMI #MEMCMClientHealth
Service Winmgmt Automatic (Rule)
Ensure that the Winmgmt (Windows Management Instrumentation) service is set to automatic. Set it to automatic if not. #MEMCMClientHealth
1E-GuaranteedState-Fix-Service-SetStartTypeAutomatic (Fix)
Set %ServiceName% service to Automatic start type and confirm change within %Timeout% seconds
Service Winmgmt Exists (Rule)
Ensure that the Winmgmt (Windows Management Instrumentation) service exists. #MEMCMClientHealth
Service Winmgmt Running (Rule)
Ensure that the Winmgmt (Windows Management Instrumentation) service is running. Start it if it isn't. #MEMCMClientHealth
Service wuauserv Exists (Rule)
Ensure that the wuauserv (Windows Update) service exists. CAUTION: Hard reset of Windows Update if it doesn't exist. #MEMCMClientHealth
Service wuauserv Manual (Rule)
Ensure that the wuauserv (Windows Update) service is set to manual. Set it to manual if it's not. #MEMCMClientHealth
Service wuauserv TriggerStart (Rule)
Ensure that the wuauserv (Windows Update) service is set to trigger start #MEMCMClientHealth
WindowsUpdate ConnectionOK (Rule)
Ensure the connection to Windows Update is OK. #MEMCMClientHealth
1E-GuaranteedState-Check-WindowsUpdate-ConnectionOK (Check)
Check that the client can connect to the configured Windows Update source
WindowsUpdate Source (Rule)
Ensure the connection to the specified Windows Update source (Configuration Manager, Local WSUS, Remote WSUS) is OK #MEMCMClientHealth
1E-GuaranteedState-Check-WindowsUpdate-Source (Check)
Check Windows Update agent is configured to use %Source% as source
WMI cimv2 NamespaceExists (Rule)
Ensure the default (cimv2) namespace exists in WMI. #MEMCMClientHealth
WMI Repository Consistency (Rule)
Ensure the WMI repository is consistent. Salvage the repository and (optionally) reset it if inconsistent. #MEMCMClientHealth
1E-GuaranteedState-Check-Wmi-Repository (Check)
Check the WMI repository is consistent
1E-GuaranteedState-Precondition-MEMCM-AssignedSite (Precondition)
Check the CM client is assigned to %SiteCode%
1E-GuaranteedState-Precondition-MEMCM-CacheSizeBetween (Precondition)
Precondition that checks the CM cache size is between %MinMB% and %MaxMB%
1E-GuaranteedState-Precondition-MEMCM-CertificateInStore (Precondition)
Check the CM certificate is in the certificate store by checking CM log files in %MEMCMLogsDirectory%
1E-GuaranteedState-Fix-Wmi-Repository (Fix)
Fix the consistency of the WMI Repository and run ResetRepository command if %ResetRepository%=True
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringUsageReportCycle (Fix)
Invoke CM software metering usage report cycle
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventoryCollectionCycle (Fix)
Invoke CM software inventory collection cycle
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringGeneratingUsageReport (Fix)
Invoke CM software metering generate usage report action
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareUpdatesAssignmentsEvaluationCycle (Fix)
Invoke CM software updates assignments evaluation cycle
1E-GuaranteedState-Fix-MEMCM-InvokeSourceUpdateMessage (Fix)
Invoke CM source update message
1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendHigh (Fix)
Invoke CM state system policy bulk send high
1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendLow (Fix)
Invoke CM state system policy bulk send low
1E-GuaranteedState-Fix-MEMCM-InvokeSumUpdatesInstallSchedule (Fix)
Invoke CM Software Updates install schedule
1E-GuaranteedState-Fix-MEMCM-InvokeUpdateStorePolicy (Fix)
Invoke CM update store policy
1E-GuaranteedState-Fix-MEMCM-InvokeUserPolicyAgentCleanup (Fix)
Invoke CM user policy agent cleanup
1E-GuaranteedState-Fix-MEMCM-InvokeWindowsInstallerSourceListUpdateCycle (Fix)
Invoke CM Windows Installer source list update cycle
1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyCacheCleanout (Fix)
Invoke CM state system policy cache cleanout
1E-GuaranteedState-Fix-MEMCM-RefreshServerComplianceState (Fix)
Refresh CM server compliance state
1E-GuaranteedState-Fix-MEMCM-ResetPolicy (Fix)
Reset CM policy with option %ResetOption%
1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentRequestAssignmentUser (Fix)
Invoke CM User policy request
1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateMachinePolicyAssignment (Fix)
Invoke CM machine policy / assignment validation
1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateUserPolicyAssignment (Fix)
Invoke CM user policy / assignment validation
1E-GuaranteedState-Fix-MEMCM-InvokePowerManagementStartSummarizer (Fix)
Invoke CM power management start summarizer
1E-GuaranteedState-Fix-MEMCM-InvokeRefreshDefaultMPTask (Fix)
Invoke CM refresh default MP task
1E-GuaranteedState-Fix-MEMCM-InvokeRetryingRefreshingCertificatesInAdOnMp (Fix)
Invoke CM retrying/refreshing certificates in AD on MP
1E-GuaranteedState-Fix-MEMCM-InvokeScanByUpdateSource (Fix)
Invoke CM scan by update source
1E-GuaranteedState-Fix-MEMCM-InvokeSchedule (Fix)
Invoke CM client %Schedule% action
1E-GuaranteedState-Fix-MEMCM-InvokeSendUnsentStateMessage (Fix)
Invoke CM send unsent state message action
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventory (Fix)
Invoke CM software inventory action
1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentEvaluateAssignmentUser (Fix)
Invoke CM User policy evaluation
1E-GuaranteedState-Fix-MEMCM-InvokePeerDpStatusReporting (Fix)
Invoke CM peer DP status reporting
1E-GuaranteedState-Fix-MEMCM-InvokePeerDpPendingPackageCheckSchedule (Fix)
Invoke CM peer DP pending package check schedule
1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyEvaluation (Fix)
Invoke CM machine policy evaluation
1E-GuaranteedState-Fix-MEMCM-InvokeFileCollectionCycle (Fix)
Invoke CM file collection cycle
1E-GuaranteedState-Fix-MEMCM-InvokeDiscoveryDataCollectionCycle (Fix)
Invoke CM discovery data collection cycle
1E-GuaranteedState-Fix-MEMCM-InvokeEndpointAMPolicyReevaluate (Fix)
Invoke CM Endpoint Protection Antimalware policy reevaluation
1E-GuaranteedState-Fix-MEMCM-InvokeEndpointDeploymentReevaluate (Fix)
Invoke CM Endpoint Protection deployment reevaluation
1E-GuaranteedState-Fix-MEMCM-InvokeExternalEventDetection (Fix)
Invoke CM external event detection
1E-GuaranteedState-Fix-MEMCM-InvokeFileCollection (Fix)
Invoke CM file collection
1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventory (Fix)
Invoke CM hardware inventory
1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventoryCollectionCycle (Fix)
Invoke MEMCM hardware inventory collection cycle
1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollection (Fix)
Invoke CM IDMIF collection
1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollectionCycle (Fix)
Invoke CM IDMIF collection cycle
1E-GuaranteedState-Fix-MEMCM-InvokeLSRefreshLocationsTask (Fix)
Invoke CM client Location Services refresh locations task
1E-GuaranteedState-Fix-MEMCM-InvokeLSTimeoutRefreshTask (Fix)
Invoke CM client Location Services timeout refresh action
1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAgentCleanup (Fix)
Invoke CM machine policy agent cleanup action
1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAssignmentsRequest (Fix)
Invoke CM machine policy assignments request
1E-GuaranteedState-Fix-MEMCM-InstallClient (Fix)
Install the CM client using CCMSETUP.EXE from %CcmSetupFileURL% with size %CcmSetupFileSize% and hash %CcmSetupFileHash% and commandline options %SourceList% %MpList% %RegToken% %RetryMinutes% %ServiceNoService% %InstallUninstall% %Logon% %ForceReboot% %BITSPriority% %DownloadTimeout% %UsePKICert% %NoCRLCheck% %ConfigFile% %SkipPrereqFileList% %ForceInstall% %ExcludeFeaturesList% %CcmSetupMsiProperties% %ClientMsiProperties%
1E-GuaranteedState-Fix-MEMCM-InvokeDataDiscoveryRecord (Fix)
Invoke CM data discovery record action
1E-GuaranteedState-Fix-MEMCM-InvokeClientMachineAuthentication (Fix)
Invoke CM client machine authentication action
1E-GuaranteedState-Fix-MEMCM-InvokeClearingProxySettingsCache (Fix)
Invoke CM clearing proxy settings cache action
1E-GuaranteedState-Fix-MEMCM-InvokeBranchDistributionPointMaintenanceTask (Fix)
Invoke CM branch distribution point maintenance task
1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerUserPolicyAction (Fix)
Invoke CM Application manager user policy action
1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerPolicyAction (Fix)
Invoke CM Application manager policy action
1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerGlobalEvaluationAction (Fix)
Invoke CM Application manager global evaluation action
Service ccmexec DelayedStart (Rule)
Ensure that the ccmexec (SMS Agent Host) service is set to Automatic (Delayed Start). Set it if not. #MEMCMClientHealth
Service W32Time TriggerStart (Rule)
Ensure that the W32Time (Windows Time) service is set to trigger start. #MEMCMClientHealth
1E-GuaranteedState-Check-Service-TriggerStart (Check)
Check the %ServiceName% service is set to start on a trigger
Service W32Time Manual (Rule)
Ensure that the W32Time (Windows Time) service is set to manual. Set it to manual if not. #MEMCMClientHealth
1E-GuaranteedState-Fix-Service-SetStartTypeManual (Fix)
Set %ServiceName% service to Manual start type and confirm change within %Timeout% seconds
Service W32Time Exists (Rule)
Ensure that the W32Time (Windows Time) service exists. #MEMCMClientHealth
Service ccmexec Running (Rule)
Ensure that the ccmexec (SMS Agent Host) service is running. Start it if it's not. #MEMCMClientHealth
Service ccmexec Exists (Rule)
Ensure that the ccmexec (SMS Agent Host) service exists. Install the MEMCM Client if it doesn't. #MEMCMClientHealth
Service BITS Exists (Rule)
Ensure that the BITS (Background Intelligent Transfer Service) service exists. #MEMCMClientHealth
1E-GuaranteedState-Check-Service-Exists (Check)
Check that %ServiceName% service exists
Service BITS DelayedStart (Rule)
Ensure that the BITS (Background Intelligent Transfer Service) service is set to manual. Set it if not. #MEMCMClientHealth
1E-GuaranteedState-Check-Service-StartType (Check)
Check that %ServiceName% start type is %StartType%
1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart (Fix)
Set %ServiceName% service to Automatic (Delayed Start) start type and confirm change within %Timeout% seconds
Network IPv4 PrimaryAddressInDNS (Rule)
Check the FQDN matches DNS by looking up the primary IPv4 address in DNS #MEMCMClientHealth
1E-GuaranteedState-Check-Network-IPv4-PrimaryAddressInDNS (Check)
Check the Device FQDN matches the value from DNS
MEMCM Client Version (Rule)
Ensure the right version of the MEMCM client is installed. If not, install the client. #MEMCMClientHealth
1E-GuaranteedState-Check-Wmi-ClassColumnVersion (Check)
Check if the value of the WMI attribute defined by %Namespace%, %Class%, %ColumnName% (and optional %WhereClause%) is a version number (e.g. 7.2.5.612) that is lower, higher or the same (defined by %DesiredResult%) as %VersionToCompare%
MEMCM Client StateMessagesSent (Rule)
Ensure that state messages are being sent regularly. #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-StateMessagesSent (Check)
Check the CM client has sent state messages within the last %Days% days
1E-GuaranteedState-Check-MEMCM-UserPolicyValid (Check)
Check that the CM client has checked for user policy within the last %Days% days
MEMCM Client SoftwareInventorySent (Rule)
Ensure that software inventory is being sent regularly. #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-SoftwareInventorySent (Check)
Check the CM client has sent software inventory within the last %Days% days
MEMCM Client NamespaceExists (Rule)
Ensure the MEMCM (ROOTccm) namespace exists in WMI. If it doesn't, install the MEMCM client. #MEMCMClientHealth
1E-GuaranteedState-Check-Wmi-NamespaceExists (Check)
Check that WMI %Namespace% exists
MEMCM Client Logging (Rule)
Ensure the MEMCM client log settings are set to the right values #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-GlobalLoggingConfiguration (Check)
Check that the CM client logging is configured with %LogLevel%, %MaxSize%, %MaxHistoryFiles% and %DebugLogging% settings
MEMCM Client Assignment (Rule)
Ensure the client is assigned to the right site. Assign it if it isn't #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-AssignedSite (Check)
Check the CM client has been assigned to site %SiteCode%
1E-GuaranteedState-Precondition-MEMCM-DataDiscoveryRecordSent (Precondition)
Precondition that checks the CM client has sent a DDR (Data Discovery Record) within the last %Days% days
1E-GuaranteedState-Precondition-MEMCM-FileCollectionSent (Precondition)
Precondition that checks the CM client has performed a file collection within the last %Days% days
1E-GuaranteedState-Precondition-MEMCM-GlobalLoggingConfiguration (Precondition)
Precondition that checks the CM client logging is configured with %LogLevel%, %MaxSize%, %MaxHistoryFiles% and %DebugLogging% settings
1E-GuaranteedState-Precondition-MEMCM-HardwareInventorySent (Precondition)
Precondition that checks the CM client has sent hardware inventory within the last %Days% days
1E-GuaranteedState-Precondition-MEMCM-IDMIFCollectionSent (Precondition)
Precondition that checks the CM client has performed an IDMIF collection within the last %Days% days
1E-GuaranteedState-Precondition-MEMCM-MachinePolicyValid (Precondition)
Check the CM client has checked for machine policy within the last %Days% days
1E-GuaranteedState-Precondition-MEMCM-SoftwareInventorySent (Precondition)
Check the CM client has sent software inventory within the last %Days% days.
1E-GuaranteedState-Precondition-MEMCM-StateMessagesSent (Precondition)
Check the CM client has sent status messages within the last %Days% days.
1E-GuaranteedState-Precondition-MEMCM-UserPolicyValid (Precondition)
Check the CM client has checked for user policy within the last %Days% days
1E-GuaranteedState-Precondition-MEMCM-Client (Precondition)
Precondition: MEMCM Client
1E-GuaranteedState-Precondition-MEMCM-ClientCommunication (Precondition)
Check the CM client has sent data back within the last %Days% days
1E-GuaranteedState-Precondition-MEMCM-ClientProvisioningMode (Precondition)
Check if the CM ClientProvisioningMode is set to %TrueFalse%
1E-GuaranteedState-Fix-MEMCM-SetAssignedSite (Fix)
Set CM assigned site to %SiteCode%
MEMCM Client IDMIFCollectionSent (Rule)
Ensure that IDMIF collection is being sent regularly. #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-IDMIFCollectionSent (Check)
Check that the CM client has performed an IDMIF collection within the last %Days% days
1E-GuaranteedState-Check-MEMCM-MachinePolicyValid (Check)
Check that the CM client has checked for machine policy within the last %Days% days
MEMCM Client HardwareInventorySent (Rule)
Ensure that hardware inventory is being sent regularly. #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-HardwareInventorySent (Check)
Check that the CM client has sent hardware inventory within the last %Days% days
MEMCM Client FileCollectionSent (Rule)
Ensure that file collection is being sent regularly. #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-FileCollectionSent (Check)
Check that the CM client has performed a file collection within the last %Days% days
MEMCM Client DataDiscoveryRecordSent (Rule)
Ensure that a data discovery record (DDR) is being sent regularly. #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-DataDiscoveryRecordSent (Check)
Check that the CM client has sent a DDR (Data Discovery Record) within the last %Days% days
MEMCM Client ClientProvisioningMode (Rule)
Ensure the client is not stuck in provisioning mode. Turn it off if it is #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-ClientProvisioningMode (Check)
Check the CM ClientProvisioningMode is set to %TrueFalse%
1E-GuaranteedState-Precondition-Multiple (Precondition)
Multiple checks using specified parameters %1EClientVersionToCompare% %1EClientVersionDesiredResult% %DeviceChassisTypeList% %DeviceCpuTypeList% %DeviceDomainList% %DeviceFqdnList% %DeviceManufacturerList% %DeviceModelList% %DeviceRamMBMin% %DeviceRamMBMax% %DeviceTimeZoneOffsetList% %DirectoryExists% %DirectoryName% %DnsLookupFqdnList% %FileNameExists% %FileName% %OsTypeList% %OsArchitectureList% %ProcessExists% %ProcessExecutableList% %QuarantineStatus% %RegistryExists% %RegistryHive% %RegistryKey% %RegistryValue% %RegistryData% %ServiceExists% %ServiceName% %ServiceStartAccountName% %ServiceStartType% %ServiceState% %ServiceTriggerStart% %ServiceType% %SoftwareExists% %SoftwareProduct% %SoftwarePublisher% %SoftwareVersionToCompare% %SoftwareVersionDesiredResult% %WindowsUpdateSource% %WmiNamespace% %WmiClass% %WmiColumn% %WmiWhereClause% %WmiVersionToCompare% %WmiDesiredResult%
1E-GuaranteedState-Precondition-Network-IPv4-PrimaryAddressInDNS (Precondition)
Precondition-Network-IPv4-PrimaryAddressInDNS: #BuildingBlocks
1E-GuaranteedState-Fix-MEMCM-SetClientProvisioningMode (Fix)
Set MEMCM client provisioning mode to %TrueFalse%
MEMCM Client ClassExists (Rule)
Ensure the SMS_Client class exists in WMI. If not, install the MEMCM client. #MEMCMClientHealth
1E-GuaranteedState-Check-Wmi-ClassExists (Check)
Check that WMI %Class% exists in %Namespace%
MEMCM Client CacheSize (Rule)
Ensure the MEMCM client cache is set to the right size. Set it if it isn't. #MEMCMClientHealth
1E-GuaranteedState-Check-MEMCM-CacheSizeBetween (Check)
Check that the CM cache size is between %MinMB% and %MaxMB%
1E-GuaranteedState-Check-MEMCM-ClientCommunication (Check)
Check that the CM client has sent data back within the last %Days% days.
1E-GuaranteedState-Fix-MEMCM-SetCacheSize (Fix)
Set CM client cache size to %MaxMB% MB