Copyright © 1E 2022 All Rights Reserved
1E Nomad Client Health
OS Supported - Microsoft Windows 11, 10
Description
The Nomad Client Health Policy verifies common Nomad requirements such as ACP registration, disk availability, firewall exceptions, crash notifications and cache monitoring.
The Nomad client health policy replaces the client health tile in the Nomad dashboard plus additional remediation steps.
This policy is intended for deployment to Windows devices only.
Key Features
A Nomad administrator uses Guaranteed State to monitor the health of Nomad across the enterprise to ensure that content can be transferred effectively. They use the policy to:
- Keep content distribution services up and running on Nomad clients, so that users are secure and productive.
- Ensure the Alternative Content Provider (ACP) registration configuration is set.
- Maintain optimal disk availability and monitors cache size for storage capacity planning.
- Enforce Firewall exceptions.
Setup
- This Product Pack contains Instructions and Rules.
- Upload this Product pack with the help of Tachyon Product Pack Deployment Tool.
- A Guaranteed State Policy named Nomad Client Health will be created.
- Guaranteed State Rules will be created in this policy.
- An Instruction Set named Nomad Client Health containing all the instructions will be created.
Usage
- Review any rule, For Example Check Nomad can generate LSZ files on ConfigMgr distribution points.
- There is a precondition to check the device is a Distribution point, SMB is enabled and has ConfigMgr Client installed or not.
- Then check will be performed on validate if the LSZ generation setting is correctly configured on standalone Distribution Points.
- If not enabled, then you can configure the Fix to remediation. This step is optional and can be skipped.
- Enable this rule. Review all the rules before deploying the Policy
- Assign the Nomad Client Health Policy to a management group.
- Deploy the Nomad Client Health Policy.
- Within a period of a day or more you would start seeing the reports on whether Nomad can generate LSZ files on ConfigMgr distribution points.
Components
1E-Exchange-NomadClientHealth-ConfigureGeneralSettings
Description
Configure Nomad General Settings
Readable Payload
Configure Nomad Client %SettingName% to %SettingValue%. 1E Client Service Restart Type: %ServiceRestart%
1E-Exchange-NomadClientHealth-ConfigureP2PSettings
Description
Configure Nomad P2P Settings
Readable Payload
Configure Nomad client P2P: %SettingName% to %SettingValue%
1E-Explorer-NomadClientHealth-ElectionWeightVsCriticality
Description
Returns peer to peer election weight and the criticality of the device.
Readable Payload
P2P election weight vs criticality
1E-Exchange-NomadClientHealth-ConfigureCacheSettings
Description
Configure Nomad Cache Settings
Readable Payload
Configure Nomad client Cache: %SettingName% to %SettingValue%
Nomad Client Health
The Nomad Client Health policy ensures that the health of the Nomad client is compliant with a reference baseline.
Ensure Nomad P2P Settings Correct (Rule)
Ensure Nomad P2P settings are configured correctly.
1E-GuaranteedState-Nomad-Check-P2PSettings (Check)
Check Nomad P2P settings P2PEnabled %P2PEnabled%, P2PPort %P2PPort%, P2PHttpPort %P2PHttpPort%, P2PHttpsPort %P2PHttpsPort%, P2PSslSettings %P2PSslSettings%, SSDEnabled %SSDEnabled% are configured correctly
Ensure Nomad General Settings Correct (Rule)
Ensure Nomad General settings are configured correctly.
1E-GuaranteedState-Nomad-Fix-GeneralSettings (Fix)
Set Nomad General settings CertIssuer %CertIssuer%, CompatibilityFlags %CompatibilityFlags%, Debug %Debug%, LocalCachePath %LocalCachePath%, LogFileName %LogFileName%, SpecialNetShare %SpecialNetShare%, MaxLogFileSize %MaxLogFileSize%, SuccessCodes %SuccessCodes% to the specified values
Ensure Nomad Content Distribution Settings Correct (Rule)
Ensure Nomad Content Distribution settings are configured correctly.
1E-GuaranteedState-Nomad-Fix-CDSettings (Fix)
Set Nomad CD settings BackgroundChannelUrls %BackgroundChannelUrls%, CacheStateSyncIntervalMinutes %CacheStateSyncIntervalMinutes%, ContentProviderOnWiFi %ContentProviderOnWiFi%, ContentRegistration %ContentRegistration% and DeliveryOptimizationReportingEnabled %DeliveryOptimizationReportingEnabled% to the specified values
Ensure Nomad Cache Settings Correct (Rule)
Ensure Nomad Cache settings are configured correctly.
1E-GuaranteedState-Nomad-Fix-CacheSettings (Fix)
Set Nomad Cache settings CacheCleanCycleHrs %CacheCleanCycleHrs%, MaxCacheDays %MaxCacheDays%, MaxPreCacheDays %MaxPreCacheDays%, MaxSUCacheDays %MaxSUCacheDays%, CacheCleanSubnetLookup %CacheCleanSubnetLookup%, MaxCacheSizeMB %MaxCacheSizeMB%, PercentAvailableDisk %PercentAvailableDisk% to the specified values
Check Nomad P2P Settings (Rule)
Check whether Nomad P2P settings are configured correctly.
1E-GuaranteedState-Nomad-Fix-P2PSettings (Fix)
Set Nomad P2P settings P2PEnabled %P2PEnabled%, P2PPort %P2PPort%, P2PHttpPort %P2PHttpPort%, P2PHttpsPort %P2PHttpsPort%, P2PSslSettings %P2PSslSettings%, SSDEnabled %SSDEnabled% to the specified values
Check Nomad General Settings (Rule)
Check whether Nomad General settings are configured correctly.
1E-GuaranteedState-Nomad-Check-GeneralSettings (Check)
Check Nomad General settings CertIssuer %CertIssuer%, CompatibilityFlags %CompatibilityFlags%, Debug %Debug%, LocalCachePath %LocalCachePath%, LogFileName %LogFileName%, SpecialNetShare %SpecialNetShare%, MaxLogFileSize %MaxLogFileSize%, SuccessCodes %SuccessCodes% are configured correctly
Check Nomad Content Distribution Settings (Rule)
Check whether Nomad Content Distribution settings are configured correctly.
1E-GuaranteedState-Nomad-Check-CDSettings (Check)
Check Nomad CD settings BackgroundChannelUrls %BackgroundChannelUrls%, CacheStateSyncIntervalMinutes %CacheStateSyncIntervalMinutes%, ContentProviderOnWiFi %ContentProviderOnWiFi%, ContentRegistration %ContentRegistration% and DeliveryOptimizationReportingEnabled %DeliveryOptimizationReportingEnabled% are configured correctly
Check Nomad Cache Settings (Rule)
Check whether Nomad Cache settings are configured correctly.
1E-GuaranteedState-Nomad-Check-CacheSettings (Check)
Check Nomad Cache settings CacheCleanCycleHrs %CacheCleanCycleHrs%, MaxCacheDays %MaxCacheDays%, MaxPreCacheDays %MaxPreCacheDays%, MaxSUCacheDays %MaxSUCacheDays%, CacheCleanSubnetLookup %CacheCleanSubnetLookup%, MaxCacheSizeMB %MaxCacheSizeMB%, PercentAvailableDisk %PercentAvailableDisk% are configured correctly
Ensure Nomad does not have its content indexed by ConfigMgr software inventory checks (Rule)
Ensures that skpswi.dat exists in the Nomad cache directory
1E-GuaranteedState-Nomad-Fix-SkpSwiDat (Fix)
Ensure skpswi.dat exists on disk
Ensure Nomad's share is accessible by specific accounts (Rule)
Ensures that the correct accounts are able to access Nomad's share.
1E-GuaranteedState-Nomad-Fix-ShareAccount (Fix)
Ensures the Nomad share account is correctly configured
Ensure Nomad's share directory is accessible (Rule)
Ensures that Nomad's share is accessible if it is configured to require a share.
1E-GuaranteedState-Nomad-Fix-Share (Fix)
Ensures the Nomad share is available
Ensure Nomad is running (Rule)
Ensure the Nomad service is running, starting the service if required.
1E-GuaranteedState-Nomad-Fix-StartService (Fix)
Ensures that Nomad is running
Ensure Nomad is registered as an Alternate Content Provider with ConfigMgr (Rule)
Ensure Nomad is registered as an Alternate Content Provider with ConfigMgr, registering it if necessary
1E-GuaranteedState-Nomad-Fix-AlternateContentProvider (Fix)
Ensures Nomad is correctly registered within Microsoft ConfigMgr
Ensure Nomad has sufficient disk space to download content (Rule)
Cleans the Nomad cache with Force.
1E-GuaranteedState-Nomad-Fix-CacheCleaner (Fix)
Cleans the Nomad cache with Force %Force% and MaxCacheAge %MaxCacheAge%
Ensure Nomad has a virtual directory on ConfigMgr distribution points to perform LSZ generation (Rule)
Ensure that an LSZFILES virtual directory has been created on a ConfigMgr distribution point
1E-GuaranteedState-Nomad-Fix-DpLszVirtualDirectory (Fix)
Ensure that the LSZ directory is correctly configured on Distribution Points
Ensure Nomad can communicate through the Windows Firewall (Rule)
Ensures there are Windows Firewall program exceptions for Nomad and its related executables.
1E-GuaranteedState-Nomad-Fix-FirewallExceptions (Fix)
Ensures the required firewall exceptions exist for Nomad
Check Nomad's share is accessible by specific accounts (Rule)
Checks that the correct accounts are able to access Nomad's share.
1E-GuaranteedState-Nomad-Check-ShareAccount (Check)
Checks whether the Nomad share account is correctly configured
Check Nomad can communicate through the Windows Firewall (Rule)
Check that there are Windows Firewall program exceptions for Nomad and its related executables.
1E-GuaranteedState-Nomad-Check-FirewallExceptions (Check)
Checks whether firewall exceptions exist for Nomad
1E-GuaranteedState-Nomad-PreCondition-MultiTests (Precondition)
Check if standard conditions apply for Nomad plus optionally: is a ConfigMgr DP (%sccmDp%); has a ConfigMgr client (%hasCmClient%); SMB sharing is enabled (%smbEnabled%)
Check Nomad's share directory is accessible (Rule)
Check whether Nomad needs a share, and if it does that it would be accessible to other devices.
1E-GuaranteedState-Nomad-Check-Share (Check)
Checks whether the Nomad share is available
Check Nomad variant status (Rule)
Checks whether the running Nomad service was one supplied with the 1E Client
1E-GuaranteedState-Nomad-Check-Variant (Check)
Check whether the correct variant of Nomad (that supplied with the 1E Client, not standalone Nomad) is used for the service
Check Nomad run status (Rule)
Checks that the Nomad service is running.
1E-GuaranteedState-Nomad-Check-StartService (Check)
Checks that Nomad is running
Check Nomad is registered as an Alternate Content Provider with ConfigMgr (Rule)
Check that Nomad is correctly registered as an Alternate Content Provider with ConfigMgr.
1E-GuaranteedState-Nomad-Check-AlternateContentProvider (Check)
Check whether Nomad is correctly registered within Microsoft ConfigMgr
Check Nomad is not using the Windows temp directory for caching (Rule)
Checks that Nomad is not configured to use the Windows temporary directory for caching.
1E-GuaranteedState-Nomad-Check-CacheInTemp (Check)
Checks whether Nomad's cache is not in a temporary directory
Check Nomad has sufficient disk space to download content (Rule)
Check the drive that Nomad is using for content download has sufficient disk space.
1E-GuaranteedState-Nomad-Check-DiskAvailablility (Check)
Checks whether there is sufficient disk space for Nomad
Check Nomad has a virtual directory on ConfigMgr distribution points to perform LSZ generation (Rule)
Check that an LSZFILES virtual directory has been created on a ConfigMgr distribution point.
1E-GuaranteedState-Nomad-Check-DpLszVirtualDirectory (Check)
Check whether the LSZ directory is correctly configured on Distribution Points
Check Nomad does not have its content indexed by ConfigMgr software inventory checks (Rule)
Checks whether skpswi.dat exists in the Nomad cache directory
1E-GuaranteedState-Nomad-Check-SkpSwiDat (Check)
Check whether skpswi.dat exists on disk
Check Nomad crash dumps status (Rule)
Checks whether Nomad has generated any crash dump in the last seven days.
1E-GuaranteedState-Nomad-Check-CrashDumps (Check)
Check whether there have been any crashdump files created by Nomad in last 7 days.
Check Nomad can hash content (Rule)
Checks Nomad content hashing is enabled.
1E-GuaranteedState-Nomad-Check-HashingEnabled (Check)
Check whether hashing is enabled in Nomad
Check Nomad can generate LSZ files on ConfigMgr distribution points (Rule)
Check that LSZ generation is enabled on ConfigMgr distribution points.
1E-GuaranteedState-Nomad-Check-DpLszEnabled (Check)
Check whether LSZ generation is correctly configured on standalone Distribution Points
What's New
10-Sep-2024: Nomad share fragment bug fixed.
21-Aug-2023: Added rules to check and ensure the Nomad cache setting, Content distribution setting. General setting and P2P setting on endpoints.