The Microsoft Endpoint Manager - Client Health pack allows you to track, detect and remediate devices whose Configuration Manager client has reported health or communication problems between the client and the server-side infrastructure.
The two dashboards are primarily fed data from four remote actions that can be scheduled to run regularly.
L1/2 Support teams can access these dashboards to drill down quickly and understand the health status of non-compliant devices. They will also see where client installations are required or perform deeper investigations into those devices not responding to their management point or unable to receive deployment-related content.
Use this pack to run a healthy and compliant MEMCM/SCCM environment and prevent unnecessary support overheads.
V18.104.22.168 - Initial Release
The pack comprises four Remote Actions, three investigations, and some metrics that relate to the dashboards.
No configuration is required for the metrics or dashboards, with one exception:
The Operational Health dashboard has a section entitled “Network connectivity quality”. The three widgets in this section will show any clients that are having difficulty communicating with their assigned Management Point. Device communications falling below 80% are shown, and these should be investigated.
The Management Points are defined in the included category ConfigMgr Client Health - Operate - BackEnd Systems. This category contains keywords for four geographical regions. For each region relevant to your organization, the server details for each of your Management Points should be entered.
There are two types of remote action, data gathering, and remediation. All the remote actions should be scheduled to run at a time decided by the IT department. The data gathering remote actions will supply the current status of the devices as targeted by the investigations. In contrast, the remediation remote actions will attempt to repair any issues discovered, such as stopped services or even try an agent repair.
Library Pack Setup Detailed Steps
The investigations and remote actions require some configuration to get the most accurate data and enable the remediation to occur.
MS ConfigMgr - Client Health - All devices
This investigation is used within the Get SCCM Client Status and Get MEMCM Agent Health remote actions. The investigation returns all devices within the estate based on the defined criteria within the investigation.
MS ConfigMgr - Client Health - Client and services status
This investigation is used within the Restore SCCM Client remote action. The investigation checks that any service that makes up the Configuration Manager on the device is not in a ‘Stopped’ or ‘StopPending’ status. If it is, the Restore SCCM Client remote action will attempt to start the affected service.
MS ConfigMgr - Client Health - Auto SCCM client repair
This investigation is used within the Invoke SCCM Client Auto-repair remote action. The investigation checks if the agent status is stopped even after the Restore SCCM Client remote action attempted to start it again. If it is still stopped, then a repair of the agent will be initiated.
Remote Actions - data gathering
Get SCCM Client Status
This remote action can be run either ad-hoc or on a schedule as defined by the IT department. The remote action uses the MS ConfigMgr - Client Health - All devices investigation to interrogate the devices defined within the investigation. Details of the remote action can be found here: https://www.nexthink.com/library/microsoft-endpoint-manager-configuration-manager-remote-actions/#get-sccm-client-status
Get MEMCM Agent Health
This remote action can be run either ad-hoc or on a schedule as defined by the IT department. The remote action uses the MS ConfigMgr - Client Health - All devices investigation to interrogate the devices defined within the investigation.
Last execution time
The date and time of when the remote action was last executed
Whether the execution of the remote action had completed or is waiting for the device
Whether the execution of the remote action was a success, failed, or has no status ( - )
Execution status details
Whether the PowerShell script had completed and exited successfully
Client Assigned to Site
Indicates whether the device has a site assigned to it. True, false or has no status ( - )
Client Cache Size
The size of the cache that is assigned to the configuration manager client. The default is 5Gb.
Days Since Last Received Deployment
Displays how many since the agent received content from the management point
Days Since Management Point Last Update Successfully
Indicates that the client has successfully contacted the management point (this happens regularly)
Checks the consistency of the WMI repository. True is returned if the repository has no issues.
Remote Actions - remediation
Restore SCCM Client
This remote action can be run either ad-hoc or on a schedule as defined by the IT department. The remote action uses the MS ConfigMgr - Client Health - Client and services status investigation, which checks for any service that makes up the Configuration Manager environment on the device is not in a ‘Stopped’ or ‘StopPending’ status. If it is, the Restore SCCM Client remote action will attempt to start the affected service.
Invoke SCCM Client Auto-repair
This remote action can be run either ad-hoc or on a schedule as defined by the IT department. The remote action uses the MS ConfigMgr - Client Health - Auto SCCM client repair investigation, which checks if the agent status is stopped even after an attempt by the Restore SCCM Client remote action to start it again. If it is still stopped, then a repair of the agent will be initiated.
Invoke MEMCM Client Policy Actions
This remote action should be run whenever a device or devices have fallen out of scope with regards to its assigned policies and is used to trigger the execution of the desired MEMCM execution policy on the device. More information regarding the remote action and its configuration can be found here. https://www.nexthink.com/library/microsoft-endpoint-manager-remote-actions/#invoke-memcm-client-policy-actions .
Usage / FAQ
How do I know if all my devices have the Configuration Manager installed?
From the Operational Health dashboard, check that the Devices without a client are showing 0. Anything else indicates devices with a missing client and should be investigated via the dashboard details or drilling down via the Nexthink Finder.
How often should I run the remote actions?
The data gathering remote actions, Get SCCM Client Status and Get MEMCM Agent Health, should be run daily but preferably twice a day. This is to make sure that any new updates or possible issues can be reported promptly.
The remediation remote actions, Restore SCCM Client and Invoke SCCM Client Auto-repair, are recommended to be run at the end of the day when the user is no longer logged on to the pc. A schedule can be set up within the remote action to trigger an operation out of hours and target those devices that have reported issues with the Configuration Manager client.
I do not want the remote actions to run automatically. Can I switch this function off?
Yes, edit the remote action and untick the box labeled “Automatically run the remote action on the following devices…” (example below):