July, 2017

SCCM client = None after deploying an operating system

In an environment where you use certificates this can happen.

CLientIDManagerStartup.log will mention

Regtask: Failed to refresh MP. Error: 0x80004005

alot of times...

Below I have the 2 fixes!

Fix 1 is to take advantage of the TS Variable SMSTSPostAction to restart the computer once completed
with the value 'shutdown /r /t 0 /f'

This should ensure the cert is requested.

Fix 2:

From testing - after Fix 1 you may need to re-start the SCCM agent.
To do this create a scheduled task that runs on start-up

Program: Powershell

Arguments: -Command "& {start-sleep 120; restart-service ccmexec; Unregister-ScheduledTask -TaskName 'Restart SCCM Initial boot' -Confirm:$false;}"

Run whether or not user is logged on.

 

Export the scheduled task as 'RestartSCCM.xml' and create a package and command line to run at the end of OSD

SCHTASKS.exe /CREATE /RU system /XML "RestartSCCM.xml" /TN "Restart SCCM Initial boot"

 

Happy deploying!

Setting the Client Status Settings for Client Activity based on AD logon

SCCM will mark a computer inactive if none of the activity checks happen

  • Client policy request
  • Heartbeat discovery
  • Hardware Inventory
  • Software Inventory
  • Status messages sent

See technet

The default settings are 7 days for each of these settings which can be fine for a lot of businesses. If there are many devices that don't often connect to the network if may look as if there is more client health issues than there really is. To get an idea of how many devices have been on the network within x amount of days you can run the following query in the SQL Management Studio:

select sys.Name0, ClientActiveStatus, ClientState, ClientStateDescription, LastOnline 
from v_CH_ClientSummary cli
join v_R_System sys on sys.ResourceID=cli.ResourceID
where DATEDIFF(d, LastOnline, GetDate()) < 7
order by LastOnline desc

This uses LastOnline (Connected to AD) to get a list of the last 7 days. Then all you need to do is modify the 7 in the query to higher values to get a number that represents a higher percentage of your fleet contacting the AD. It could be 14 days, 30 days.

This will change depending on VPN usage, Direct Access. Once you enable the Cloud Management Gateway this setting will need to be tweaked again not using this data as clients will request policy from the internet.

 

To configure these settings:

  1. In the Monitoring workspace, click Client Status, then, in the Home tab, in the Client Status group, click Client Status Settings.