MEMCM Client Health DEX Pack
DEX Pack used to create the MEMCM Client Health policy.
Overview
Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.
The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.
The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:
-
Ensure the correct version of the CM client is installed and running and assigned to the correct site
-
Ensure the CM client is not stuck in provisioning mode
-
Ensure that heartbeat discovery, inventory and state messages are being sent regularly
-
Ensures the CM client cache is set to the correct size
-
Ensure the CM client log settings are correct
-
Ensure the BITS service exists, configured to start up automatically and is running
-
Ensure the Windows Time service exists with correct startup settings
-
Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running
-
Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent
-
Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source.
This policy is intended for deployment to Windows devices only.
Before deploying the MEMCM Client Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network. By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.
A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Endpoint Automation reports, and confirming the checks and enabled fixes are working as expected. When you are comfortable with the results you can then deploy to larger Management Groups.
Instructions
This product pack contains no instructions.
Policies
The following table shows the policies included in the Integrated Product Pack.
Name |
Description |
---|---|
MEMCM Client Health |
The MEMCM (Microsoft Endpoint Manager - Configuration Manager) Client Health policy ensures that the MEMCM client and surrounding technologies are healthy. |
Rules
The following table shows the rules included in the above policy. Any parameter values shown in the Check and Fix fragments, Triggers and Precondition fragment columns are specifically set in the rules when the pack is uploaded. These may be different from the default values shown in the Fragments table. You can modify these if required.
Name |
Type |
Description |
Check and Fix fragments |
Triggers |
Precondition fragment |
---|---|---|---|---|---|
MEMCM Client Assignment |
Fix |
Ensure the client is assigned to the right site. Assign it if it isn't. |
Periodic (24 hours) |
1E-GuaranteedState-Precondition-Multiple
|
|
MEMCM Client Cache Size |
Fix |
Ensure the MEMCM client cache is set to the right size. Set it if it isn't. |
Periodic (24 hours) |
|
|
MEMCM Client ClassExists |
Check(1) |
Ensure the default CCM class exists in WMI. |
Periodic (24 hours) |
||
MEMCM Client ClientProvisioningMode |
Fix |
Ensure the client is not stuck in provisioning mode. Turn it off if it is. |
Periodic (24 hours) |
||
MEMCM Client DataDiscoveryRecordSent |
Check |
Ensure that a data discovery record (DDR) is being sent regularly. |
Periodic (24 hours) |
||
MEMCM Client FileCollectionSent |
Check |
Ensure that file collection is being sent regularly. |
Periodic (24 hours) |
||
MEMCM Client HardwareInventorySent |
Check |
Ensure that hardware inventory is being sent regularly. |
Periodic (24 hours) |
||
MEMCM Client IDMIFCollectionSent |
Check |
Ensure that IDMIF collection is being sent regularly. |
Periodic (24 hours) |
||
MEMCM Client Logging |
Check |
Ensure the MEMCM client log settings are set to the right values. |
Periodic (24 hours) |
||
MEMCM Client NamespaceExists |
Check(1) |
Ensure the MEMCM (CCM) namespace exists in WMI. |
Periodic (24 hours) |
||
MEMCM Client SoftwareInventorySent |
Check |
Ensure that software inventory is being sent regularly. |
Periodic (24 hours) |
||
MEMCM Client StateMessagesSent |
Check |
Ensure that state messages are being sent regularly. |
Periodic (24 hours) |
||
MEMCM Client Version |
Check(1) |
Ensure the right version of the client is installed. |
Periodic (24 hours) |
||
Network IPv4 PrimaryAddressInDNS |
Check |
Check the FQDN matches DNS by looking up the primary IPv4 address in DNS |
Periodic (24 hours) |
||
Service BITS DelayedStart |
Fix |
Ensure that the BITS (Background Intelligent Transfer Service) service is set to Automatic (Delayed Start). Set it if not. |
1E-GuaranteedState-Check-Service-StartType 1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart |
Periodic (24 hours) |
|
Service BITS Exists |
Check |
Ensure that the BITS (Background Intelligent Transfer Service) service exists. |
Periodic (24 hours) |
||
Service BITS Running |
Fix |
Ensure that the BITS (Background Intelligent Transfer Service) service is running. Start it if it isn't |
Service Status Change |
||
Service ccmexec DelayedStart |
Fix |
Ensure that the ccmexec (SMS Agent Host) service is set to Automatic (Delayed Start). Set it if not. |
1E-GuaranteedState-Check-Service-StartType 1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart |
Periodic (24 hours) |
|
Service ccmexec Exists |
Check(1) |
Ensure that the ccmexec (SMS Agent Host) service exists. |
Periodic (24 hours) |
||
Service ccmexec Running |
Fix |
Ensure that the ccmexec (SMS Agent Host) service is running. Start it if it isn't |
Service Status Change |
||
Service W32Time Exists |
Check |
Ensure that the W32Time (Windows Time) service exists. |
Periodic (24 hours) |
||
Service W32Time Manual |
Fix |
Ensure that the W32Time (Windows Time) service is set to manual. Set it to manual if it's not. |
Periodic (24 hours) |
||
Service W32Time TriggerStart |
Check |
Ensure that the W32Time (Windows Time) service is set to trigger start. |
Periodic (24 hours) |
||
Service Winmgmt Automatic |
Fix |
Ensure that the Winmgmt (Windows Management Instrumentation) service is set to automatic. Set it to automatic if it's not. |
Periodic (24 hours) |
||
Service Winmgmt Exists |
Check |
Ensure that the Winmgmt (Windows Management Instrumentation) service exists. |
Periodic (24 hours) |
||
Service Winmgmt Running |
Fix |
Ensure that the Winmgmt (Windows Management Instrumentation) service is running. Start it if it isn't |
Service Status Change |
||
Service wuauserv Exists |
Check(2) |
Ensure that the wuauserv (Windows Update) service exists. |
Periodic (24 hours) |
||
Service wuauserv Manual |
Fix |
Ensure that the wuauserv (Windows Update) service is set to manual. Set it to manual if it's not. |
Periodic (24 hours) |
||
Service wuauserv TriggerStart |
Check |
Ensure that the wuauserv (Windows Update) service is set to trigger start. |
Periodic (24 hours) |
||
WindowsUpdate ConnectionOK |
Check |
Ensure the connection to Windows Update is OK |
Periodic (24 hours) |
||
WindowsUpdate Source |
Check |
Ensure the connection to Windows Update is using the right source (Configuration Manager, WSUS, Microsoft Update) |
Periodic (24 hours) |
||
WMI cimv2 NamespaceExists |
Check |
Ensure the default (cimv2) namespace exists in WMI. |
Periodic (24 hours) |
||
WMI Repository Consistency |
Fix |
Ensure the WMI repository is consistent. Salvage the repository or (optionally) reset it if inconsistent. |
Periodic (24 hours) |
||
WMI Win32_ComputerSystem ClassExists |
Check |
Ensure the default Win32_ComputerSystem class exists in WMI. |
Periodic (60 min) |
Fragments
The Parameters column in the following table shows the ranges and default values for the parameters. The default values are used when you create custom rules using these fragments, unless you select alternative values.
Fragments used in MEMCM Client Health Policy rules
The following fragments are used by the rules defined above in the MEMCM Client Health policy.
Spare fragments
The following fragments are included in the MEMCM Client Health Integrated Product Pack but are not used in any predefined rules. You can use these in rules that you create or modify in any policy.
Name |
Type |
Readable Payload and summary |
Parameters |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1E-GuaranteedState-Check-MEMCM-CertificateInStore |
Check |
Check that the CM certificate is in the certificate store by looking in the CM client logs located in %MEMCMLogsDirectory% This checks the ClientIDManagerStartup.log for "Failed to find the certificate in the store" error messages, which indicates the CM client certificate is likely missing. |
MEMCMLogsDirectory The full path to the MEMCM client logs directory (%Environment% variables accepted) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Check-MEMCM-ClientCommunication |
Check |
Check that the CM client has sent data back within the last %Days% days. This checks to see if hardware inventory, software inventory, DDRs or IDMIFs have been sent anytime in the past %Days% days. |
Days Look for client messages sent back in this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Check-MEMCM-MachinePolicyValid |
Check |
Check that the CM client has checked for machine policy within the last %Days% days |
Days Look for machine policy validated within this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Check-MEMCM-UserPolicyValid |
Check |
Check that the CM client has checked for user policy within the last %Days% days |
Days Look for user policy validated within this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
FIx |
Install the CM client using CCMSETUP.EXE from %CcmSetupFileUrl% having size %CcmSetupFileSize% and hash %CcmSetupFileHash% with command line options %SourceList% This is essentially a front-end for the ccmsetup.exe installation parameters found in Microsoft Documentation. See https://docs.microsoft.com/en-us/configmgr/core/clients/deploy/about-client-installation-properties for more information about the installation parameters. |
Expand parameters... CcmSetupFileUrlEither the full HTTP or HTTPS URL path to the ccmsetup.exe file on a web server or the relative path to be appended to the Content directory under the background channel URL DEFAULT: ccmsetup.exe CcmSetupFileSizeThe size of the ccmsetup.exe file in bytes DEFAULT: 4099328 CcmSetupFileHash The SHA256 hash of the ccmsetup.exe file DEFAULT: ab85f58b0cc257d25628384b0ec8fab1f9e15ca2b110a1e425e86e56b47ebde1 SourceList A semicolon ; delimited list of download locations for setup media DEFAULT: {none} MpList A semicolon ; delimited list of management points or cloud management gateway DEFAULT: {none} RetryMinutes The retry interval in minutes to retry setup if it fails to download installation files. -1 to ignore this parameter DEFAULT: -1 ServiceNoServiceTells setup to install as a service or no service DEFAULT: Service Valid Values: Service NoService InstallUninstall Tell setup to install or uninstall the client DEFAULT: Install Valid Values: Install Uninstall Logon If any version of the client is already installed, install will stop DEFAULT: False Valid Values: True False ForceReboot Setup should force the client to reboot if necessary to complete installation Valid Values: True False BITSPriority Download priority when client installation files are downloaded over HTTP connection DEFAULT: Normal Valid Values: Foreground High Normal Low DownloadTimeout Length of time in minutes that setup tries to download the installation files before stopping DEFAULT: 1440 UsePKICert Uses a PKI cert that includes client authentication, if available. If can't find a valid cert, it uses HTTP with self-signed cert. DEFAULT: False Valid Values: True False NoCRLCheck Client won't check the cert revocation list when it uses HTTPS with PKI cert DEFAULT: False Valid Values: True False ConfigFile The name of a text file that lists client installation properties DEFAULT: {none} SkipPrereqFileList A semicolon ; delimited list of prerequisite files that will be skipped during install DEFAULT: {none} ForceInstall Uninstall any existing client and install a new client DEFAULT: False Valid Values: True False ExcludeFeaturesList Do not install the semicolon ; delimited list of features (ClientUI is supported) when installing the client DEFAULT: {none} Valid Values: ClientUI CcmSetupMsiProperties Properties that modify the installation behavior of ccmsetup.msi DEFAULT: {none} ClientMsiProperties Properties that modify the installation behavior of client.msi DEFAULT: {none} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerGlobalEvaluationAction |
Fix |
Invoke CM Application manager global evaluation action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000123} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerPolicyAction |
Fix |
Invoke CM Application manager policy action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000121} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerUserPolicyAction |
Fix |
Invoke CM Application manager user policy action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000122} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeBranchDistributionPointMaintenanceTask |
Fix |
Invoke CM branch distribution point maintenance task Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000109} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeClearingProxySettingsCache |
Fix |
Invoke CM clearing proxy settings cache action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000037} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeClientMachineAuthentication |
Fix |
Invoke CM client machine authentication action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000012} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeDataDiscoveryRecord |
Fix |
Invoke CM data discovery record action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000001} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeDiscoveryDataCollectionCycle |
Fix |
Invoke CM discovery data collection cycle Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000103} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeEndpointAMPolicyReevaluate |
Fix |
Invoke CM Endpoint Protection Antimalware policy reevaluation Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000222} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeEndpointDeploymentReevaluate |
Fix |
Invoke CM Endpoint Protection deployment reevaluation Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000221} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeExternalEventDetection |
Fix |
Invoke CM external event detection Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000223} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeFileCollection |
Fix |
Invoke CM file collection Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000010} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeFileCollectionCycle |
Fix |
Invoke CM file collection cycle Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000104 |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventory |
Fix |
Invoke CM hardware inventory Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000001} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventoryCollectionCycle |
Fix |
Invoke MEMCM hardware inventory collection cycle Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000101} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollection |
Fix |
Invoke CM IDMIF collection Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000011} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollectionCycle |
Fix |
Invoke CM IDMIF collection cycle Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000105} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeLSRefreshLocationsTask |
FIx |
Invoke CM client Location Services refresh locations task Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000024} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeLSTimeoutRefreshTask |
Fix |
Invoke CM client Location Services timeout refresh action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000025} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAgentCleanup |
Fix |
Invoke CM machine policy agent cleanup action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000040} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAssignmentsRequest |
Fix |
Invoke CM machine policy assignments request Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000021} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyEvaluation |
Fix |
Invoke CM machine policy evaluation Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000022} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokePeerDpPendingPackageCheckSchedule |
Fix |
Invoke CM peer DP pending package check schedule Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000062} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokePeerDpStatusReporting |
Fix |
Invoke CM peer DP status reporting Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000061} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentEvaluateAssignmentUser |
Fix |
Invoke CM User policy evaluation Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000027} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentRequestAssignmentUser |
Fix |
Invoke CM User policy request Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000026} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateMachinePolicyAssignment |
Fix |
Invoke CM machine policy / assignment validation Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000042} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateUserPolicyAssignment |
Fix |
Invoke CM user policy / assignment validation Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000043} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokePowerManagementStartSummarizer |
Fix |
Invoke CM power management start summarizer Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000131} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeRefreshDefaultMPTask |
Fix |
Invoke CM refresh default MP task Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000023} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeRetryingRefreshingCertificatesInAdOnMp |
Fix |
Invoke CM retrying/refreshing certificates in AD on MP Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000051} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeScanByUpdateSource |
Fix |
Invoke CM scan by update source Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000113} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeSchedule |
Fix |
Invoke CM client %Schedule% action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: <ScheduleID> List of ScheduleIDs:
|
Schedule The MEMCM client schedule (client action) to trigger Valid Values: Select a name from the table in the Summary column. These are presented as a dropdown in the UI. The string values are converted to the ScheduleID required by the WMI method. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeSendUnsentStateMessage |
Fix |
Invoke CM send unsent state message action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000111} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventory |
Fix |
Invoke CM software inventory action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000002} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventoryCollectionCycle |
Fix |
Invoke CM software inventory collection cycle Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000102} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringGeneratingUsageReport |
Fix |
Invoke CM software metering generate usage report action Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000031} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringUsageReportCycle |
Fix |
Invoke CM software metering usage report cycle Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000106} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareUpdatesAssignmentsEvaluationCycle |
Fix |
Invoke CM software updates assignments evaluation cycle Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000108} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeSourceUpdateMessage |
Fix |
Invoke CM source update message Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000032} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendHigh |
Fix |
Invoke CM state system policy bulk send high Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000115} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendLow |
Fix |
Invoke CM state system policy bulk send low Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000116} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyCacheCleanout |
Fix |
Invoke CM state system policy cache cleanout Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000112} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeSumUpdatesInstallSchedule |
Fix |
Invoke CM Software Updates install schedule Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000063} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeUpdateStorePolicy |
Fix |
Invoke CM update store policy Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000114} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeUserPolicyAgentCleanup |
Fix |
Invoke CM user policy agent cleanup Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000041} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-InvokeWindowsInstallerSourceListUpdateCycle |
Fix |
Invoke CM Windows Installer source list update cycle Namespace: ROOT\CCM Class: SMS_CLIENT Method: TriggerSchedule ScheduleId: {00000000-0000-0000-0000-000000000107} |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-RefreshServerComplianceState |
Fix |
Refresh CM server compliance state Com Object: Microsoft.CCM.UpdatesStore.RefreshServerComplianceState() |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Fix-MEMCM-ResetPolicy |
Fix |
Reset CM policy Namespace: ROOT\CCM Class: SMS_CLIENT Method: ResetPolicy uFlags: <see list below>
|
ResetOption Valid values
These are presented as a dropdown in the UIO and converted to the numeric value required by the WMI method. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Fix |
Completely reset Windows Update from scratch (Experimental) Process mostly inspired Reset-WindowsUpdate.ps1 and tweaked a little to be more forceful Process also inspired by https://www.definit.co.uk/2012/02/powershell-recursively-taking-ownership-of-files-and-folders-and-adding-permissions-without-removing-existing-permissions/ This is a very destructive and involved process. It should only be used as a last resort to fix a broken Windows Update system. The machine will be somewhat unusable until it is rebooted and should be rebooted right away. Many different and unrelated apps may throw odd and misleading errors until the reboot happens. General process:
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-1EClient-Version |
PreCondition |
Checks for the existence of the 1E client with version lower, same or higher (%DesiredResults%) than %VersionToCompare%. |
VersionToCompare A version number to compare against the installed 1E Client version number. Examples: 5 5.0 5.0.0 5.0.0.745 DEFAULT: 0 DesiredResultsThe outcome that's desired when actual version is compared to passed in version. DEFAULT: SameOrHigher Valid values:
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-AssignedSite |
PreCondition |
Check the CM client is assigned to %SiteCode% |
SiteCode Check to see if the MEMCM client is assigned to this site code |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-CacheSizeBetween |
PreCondition |
Check the CM cache size is between %MinMB% and %MaxMB% |
MinMB The cache size should be at least this big (in Megabytes) MaxMBThe cache size should be at most this big (in Megabytes) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-CertificateInStore |
PreCondition |
Check the CM certificate is in the certificate store by checking CM log files in %MEMCMLogsDirectory% This checks the ClientIDManagerStartup.log for "Failed to find the certificate in the store" error messages, which indicates the CM client certificate is likely missing. |
MEMCMLogsDirectory The full path to the MEMCM client logs directory (%Environment% variables accepted) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-ClientCommunication |
PreCondition |
Check the CM client has sent data back within the last %Days% days This checks to see if hardware inventory, software inventory, DDRs or IDMIFs have been sent anytime in the past %Days% days. |
Days Look for client messages sent back in this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-ClientProvisioningMode |
PreCondition |
Check if the CM ClientProvisioningMode is set to %TrueFalse% |
TrueFalse True represents client provisioning ON, False represents client provisioning OFF |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-DataDiscoveryRecordSent |
PreCondition |
Check the CM client has sent a DDR (Data Discovery Record) within the last %Days% days |
Days Look for DDRs sent back in this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-FileCollectionSent |
PreCondition |
Check the CM client has performed a file collection within the last %Days% days |
Days Look for file collection sent back in this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-GlobalLogginConfiguration |
PreCondition |
Check the CM client logging is configured with %Loglevel%, %MaxSize%, %MaxHistoryFiles% and %DebugLogging% settingsconfiguration %LogLevel% %MaxSize% %MaxHistoryFiles% %DebugLogging% |
LogLevel The logging level Valid Values: Verbose, Normal, None MaxSize The maximum size (in Bytes) that the MEMCM logs may grow before rolling over MaxHistoryFiles The number of incremented log files to accumulate before deleting DebugLogging True means debug logging should be on, False means it should be off |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-HardwareInventorySent |
PreCondition |
Check the CM client has sent hardware inventory within the last %Days% days |
Days Look for hardware inventory data sent back in this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-IDMIFCollectionSent |
PreCondition |
Check the CM client has performed an IDMIF collection within the last %Days% days |
Days Look for IDMIFs sent back within this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-MachinePolicyValid |
PreCondition |
Check the CM client has checked for machine policy within the last %Days% days |
Days Look for machine policy validated within this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-SoftwareInventorySent |
PreCondition |
Check the CM client has sent software inventory within the last %Days% days. |
Days Look for software inventory data sent back within this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-StatusMessagesSent |
PreCondition |
Check the CM client has sent status messages within the last %Days% days. |
Days Look for status messages sent back within this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-MEMCM-UserPolicyValid |
PreCondition |
Check the CM client has checked for user policy within the last %Days% days |
Days Look for user policy validated within this number of days |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-Process-Exists |
PreCondition |
Check the %Executable% process exists (is running) |
Executable The name of the executable that should be running |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-Service-Exists |
PreCondition |
Check the %ServiceName% service exists |
ServiceName Shortname of the service |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-Software-Exists |
PreCondition |
Check for the existence of %Publisher% %Product% with version %VersionDesiredResult% than %VersionToCompare% Checks if the specified Publisher and Product is installed and that the version is lower, same or higher than the target (VersionToCompare |
Publisher Check for this publisher name Product Check for this product name VersionToCompare The software product version to use as the comparison DEFAULT: 0 VersionDesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare Valid values:
DEFAULT: SameOrHigher |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-WindowsUpdate-ConnectionOK |
PreCondition |
Check that the Windows Update connection is OK |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-WindowsUpdate-Source |
PreCondition |
Check that the connection to the %Source% Windows Update source is OK |
Source The windows update source (% wildcard accepted) Valid Values:
DEFAULT: % |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-WindowsUpdate-SourceId |
PreCondition |
Check that a Windows Update connection is OK for %SourceId% |
SourceId The identity of the source of updates. E.g. for a ' |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-Wmi-ClassColumnVersion |
PreCondition |
Check if the value of the WMI attribute defined by %Namespace%, %Class%, %ColumnName% (and optional %WhereClause%) is a version number (e.g. 7.2.5.612) that is lower, higher or the same (defined by %DesiredResult%) as %VersionToCompare% |
Namespace The WMI namespace to check existence (ROOT\cimv2 for example) ClassThe WMI class that should exist in specified namespace (ignored if %) WhereClause The WHERE clause to use when querying this class (use {none} for no filter) ColumnName The column name from querying the class which holds a version string VersionToCompare The software product version to use as the comparison DEFAULT: 0 DesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare Valid values:
DEFAULT: SameOrHigher |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-Wmi-ClassExists |
PreCondition |
Check for the existence of WMI %Class% in %NameSpace% |
Namespace The WMI namespace to check existence (ROOT\cimv2 for example) ClassThe WMI class that should exist in specified namespace (ignored if %) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-Wmi-ClassQuery |
PreCondition |
Check for any data returned from specified WMI %Class% and %Namespace% using (optional) %WhereClause% and %ColumnList% |
Namespace The WMI namespace to check existence (ROOT\cimv2 for example, ignored if %) ClassThe WMI class that should exist in specified namespace (ignored if %) WhereClause The WHERE clause to use when querying this class (use {none} for no filter) ColumnList A list of columns to select from the WMI class (use {all} for all columns) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-Wmi-NamespaceExists |
PreCondition |
Check for the existence of WMI %Namespace% |
Namespace The WMI namespace to check existence (ROOT\cimv2 for example) |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
1E-GuaranteedState-Precondition-Wmi-RepositoryConsistent |
PreCondition |
Check that the WMI repository is consistent Runs winmgmt.exe /verifyrepository and fails if 'is not consistent' appears in the returned result |
|
Trigger templates
The following table shows the trigger templates included in the Nomad Client Health Integrated Product Pack.
The Parameters column in the following table shows the ranges and default values for the parameters. The default values are used when you create custom rules using these templates, unless you select alternative values.
Name |
Readable Payload and summary |
Parameters |
---|---|---|
TriggerTemplate-FileChange |
On change of file "<fileName>" When a file changes (Windows only) |
File Name
|
TriggerTemplate-IntervalHours |
Every <intervalHours> hours Periodic (hours) |
Interval Hours
|
TriggerTemplate-IntervalMinutes |
Every <intervalMinutes> minutes Periodic (minutes) |
Interval Minutes
|
TriggerTemplate-IntervalSeconds |
Every <intervalSeconds> seconds Periodic (seconds) |
Interval Seconds
|
TriggerTemplate-ProcessCrash |
On crash of process "<executable>" When a process crashes (Windows only) Monitors the Windows Application Event Log for event 1000. Executable is case insensitive but is required to be the whole filename without the folder path, such as unreliableapp.exe A partial string such as unreliableapp will not trigger on a crash of unreliableapp.exe. |
Executable
|
TriggerTemplate-ProcessLaunch |
On launch of process "<executable>" When a process starts (Windows only) Monitors the Windows Security Event Log for event 4688. |
Executable
|
TriggerTemplate-ServiceStatusChange |
On change of running state of the "<serviceName>" service When the state of the named Windows service changes You can determine the short name of a service using the PowerShell cmdlet
This will return NlaSvc in the above example. It is this short name you specify in the <ServiceName> parameter. |
Service Name
|
TriggerTemplate-WindowsEventLog |
On Windows"<channel>"; event log entry matching "<query>" (debounce for <debounce> seconds) When an event log entry is created (Windows only) A channel is an event sink, example standard channel names are Application or Security. To determine the available event channels execute the following PowerShell command:
Or to view the event channels on a remote computer:
Similarly to view event log entries for a given channel either use Event Viewer or from PowerShell for example:
Or:
A query is used to filter the event log messages for a given channel. Examples can be found at https://docs.microsoft.com/en-us/windows/win32/wes/consuming-events. For example to query all OneNote application crashes error log messages: *[System[(Level=2) and (EventID=1000)]] and *[EventData[Data='onenote.exe']] Debounce is a settling period to ensure that in the case of multiple events, only a single event is registered within the space of a given time period. |
Channel
Query
Debounce Time Seconds
|
TriggerTemplate-WindowsRegistryChange |
On change of registry values in "<hive>\<subkey>" (include subkeys=<includeSubkeys>) When the value of a Windows registry key changes. |
Hive, which must be one of:
Subkey: free text string, default empty. Include Sub Keys : 1/0 default 0. |