Description
*Update* This script needs updating and is yet to be moved to GitHub. I’m working on moving this to Proactive Remediations in Microsoft Intune. Stay tuned. *Update*
The SCCM Client Health Monitor Script is a Powershell script which fixes common issues related to SCCM client health.
The script is currently capable of fixing following issues:
- SCCM client stuck in Provisioning Mode
- Corrupt Group Policy files (Registry.pol)
- BITS transfers with errors
- SCCM client service not running
- SCCM client service disabled
- No SCCM client installed
Further to fixing the mentioned issues, the script also supports sending an e-mail or a status to Microsoft Teams if any issues are found. All actions are logged to a local log file: SCCM-ClientHealthMonitor.log in the CCM\Logs folder.
Examples
.\SCCM-ClientHealthMonitor.ps1 -TestProvMode -TestGPOFiles
This will run tests and try to fix issues related to provisioning mode and corrupt group policy files.
.\SCCM-ClientHealthMonitor.ps1 -TestSCCMClient -InstallSCCMClient
This will test for a running ccmexec service and try to start the service if it’s not running. If the service doesn’t exists, the script will try to install the SCCM client.
.\SCCM-ClientHealthMonitor.ps1 -TestProvMode -TestGPOFiles -TestBITS -TestSCCMClient -InstallSCCMClient -EmailStatus -TeamsStatus
This will run the script with all available options.
The e-mail being sent with the -EmailStatus parameter looks like below example.
Microsoft Teams
The status messages being sent with the -TeamsStatus parameter will look like below examples.
- Note: This is done with help from the PSTeams module. Find a lot more details on the use here: https://github.com/EvotecIT/PSTeams.
Logging
The SCCM-ClientHealthMonitor.log file will look like below example when opened with CMtrace.
Requirements
- The script requires local administrative rights to run
- Modify the script. I have made a comment with # EDIT here the places that needs editing
- Modify the -EmailStatus part with your own details such as SMTP server, recipient etc.
- Modify the -TeamsStatus part with your own details such as URL for webhook, title, text etc.
- Modify the Install-SCCMClient function with MP and site code details
Running the Script
The best option to run the script, is to do so with a scheduled task.
- Running as SYSTEM
- Trigger: Running at log on of any user
- Action: Starting powershell.exe with argument: -ExecutionPolicy Bypass -File “\\ServerShare\SCCM-ClientHealthMonitor.ps1” -TestProvMode -TestGPOFiles -TestBITS -TestSCCMClient -InstallSCCMClient -EmailStatus -TeamsStatus
Version history
- 1.0 – Script created
- 2.0 – Added TestBITS, TestSCCMClient and InstallSCCMClient
- 3.0 – Added TeamsStatus, making the script able to send status notifications to Microsoft Teams
- 3.1 – Minor changes to $ComputerModel as well as added more commenting
Download
https://gallery.technet.microsoft.com/SCCM-Client-Health-Monitor-b1189130
Need Help?
I haven’t done the best commenting job in the script itself, so please let me know in the comment section down below if you need any assistance. 🙂
And of course, it goes without saying, but test this thoroughly before putting to use in production.
Also, if you are looking for more details on how to prepare Microsoft Teams for receiving notifications, please take a look at this great post by Michael Mardahl: https://www.scconfigmgr.com/2019/07/10/how-to-notify-a-microsoft-teams-channel-when-a-new-windows-device-has-enrolled-in-microsoft-intune/
I want to know if is possible to execute remotely?
These would be awesome as SCCM Configuration Items with Remediation.
Hi, how you want to execute a cb if Agent is down or broken?
Great script, testing now, thanks!
I’m kind of new to Power shell. When I pick part of it to test it say it wont load it because its not digitally signed. Is there a way around that?
Is that perhaps your execution policy? See https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-7
Hello,
I tested this script and it’s working as expected except it’s not downloading SCCM client if it is not installed.
I adjusted these para:
# EDIT here with your own CM details
$SCCMMP = “sccm.my.company.com”
$SiteCode = “LFC”
Adjusted the http port to 443:
$Install = Start-Process -FilePath $ccmsetup -PassThru -Wait -ArgumentList “/mp:$($SCCMMP) /source:http://$($SCCMMP)/CCM_Client CCMHTTPPORT=443 RESETKEYINFORMATION=TRUE SMSSITECODE=$($SiteCode) FSP=$($SCCMMP)”
The URL itself works on the browser except it throws a message saying “the page you are trying to access requires a valid client cert is required” which is expected.
$URL = “https://$($SCCMMP)/CCM_Client/ccmsetup.exe”
Any suggestions, help please?
Running SCCM 2010 with valid server and client certs.
Thank You
You are trying to speak http to a service which is listening on tcp port 443 for https. I’m assuming that after all this time you caught this – just posting to possibly help someone else out…
hi,
thanks for the awesome script!
we keep receiving “BITS transfer errors found. Remediation succeeded. Log is attached.” every single day for most of the time the same devices… are we missing something?
Do you have google chrome installed? I’m seeing that with google chrome updates. What I do is simply querying for bitstranfers job with get-bitstransfer -Allusers, and if any found, I report an error. This is not necessarily related to configmgr, but it can be an obstacle if a download job coming from configmgr is in error.
thanks. some may have a portable chrome but thats it and updates should be disabled. i will try to give a look a a few random devices and try to find out whats going on… maybe the script could add the bits result to the log file?
There’s a lot of room for improvement of that script. I haven’t done anything to it for a while. 🙂
Hi Martin,
Any update on this one?
The scrip is working on all parts for my environment except when it finds the SCCM Client is not installed, it’s not downloading it.
WARNING: This is bad! No SCCM client installed.
VERBOSE: InstallSCCMClient = True. Installing the SCCM client…
WARNING: An error occured while downloading the ccmsetup.exe.
WARNING: An error occured while starting the ccmsetup installation.
As per instructions, I did modified these parameters:
# EDIT here with your own CM details
$SCCMMP = “sccm.my.company.com”
$SiteCode = “LFC”
Because my environment is setup on https, I tried changing the port from 80 to 443 as well:
# Run the SCCM client installation
try {
$Install = Start-Process -FilePath $ccmsetup -PassThru -Wait -ArgumentList “/mp:$($SCCMMP) /source:http://$($SCCMMP)/CCM_Client CCMHTTPPORT=443 RESETKEYINFORMATION=TRUE SMSSITECODE=$($SiteCode) FSP=$($SCCMMP)”
The client has the cert. Accessing the link via web browser is no issue.
To add, I have IBCM setup – internal DNS name for SCCM.my.company.com and external MP.company.com
Any help you can provide please?
Hi – anywhere else I can get the script? Microsoft seems to have moved it 🙁
Please add a new download link “gallery.technet.microsoft.com” is now offline
cant find the Powershell Script Please Upload again
I will have to upload to GitHub asap. TechNet Gallery has been taken down.
thx for sharing iam waiting too
I cant find the file please send a link thx
I am also looking forward to it.
Thank you.
please upload the file again thx
Is it on GitHub? I am not seeing anything under client health.
I would also very much like to get my hands on this 🙂
Anyone know where we can download this from? Looks very promising and would love to put it into place in my environment.
any news add script to github ?
download found; http://web.archive.org/web/20200318070633/https://gallery.technet.microsoft.com/SCCM-Client-Health-Monitor-b1189130/file/224545/1/SCCM-ClientHealthMonitor3.1.ps1
Hello,
Any update when the script will be uploaded to Git?
Hi,
Our Exchange does not accept No anonymous
$AnonUsername = “anonymous”
$AnonPassword = ConvertTo-SecureString -String “anonymous” -AsPlainText -Force
$AnonCredentials = New-Object System.Management.Automation.PSCredential($AnonUsername,$AnonPassword)
$SMTPServer = “smtp.yoursmtp.com”
how can I put here the domain\username and password?
Hi Peter,
Could you please tell me how I can create an “Application Request” on the Portal with all the Application List?
Regards
Hi,
Our Exchange does not accept No anonymous
$AnonUsername = “anonymous”
$AnonPassword = ConvertTo-SecureString -String “anonymous” -AsPlainText -Force
$AnonCredentials = New-Object System.Management.Automation.PSCredential($AnonUsername,$AnonPassword)
$SMTPServer = “smtp.yoursmtp.com”
how can I put here the domain\username and password?
Hi,
Our Exchange does not accept No anonymous
$AnonUsername = “anonymous”
$AnonPassword = ConvertTo-SecureString -String “anonymous” -AsPlainText -Force
$AnonCredentials = New-Object System.Management.Automation.PSCredential($AnonUsername,$AnonPassword)
$SMTPServer = “smtp.yoursmtp.com”
how can I put here the domain\username and password?