Post-Installation Health Check
The Microsoft Intune admin center shows basic tunnel server status, but when I’m SSH’d into a server troubleshooting, I need answers faster.
This health check script shows everything in seconds. I run it right after installation to verify everything works, and whenever I’m troubleshooting to see what’s broken.
GitHub Repository:
What it checks:
-
Service and container status (mst-cli health + Docker/Podman container validation)
-
Configuration files and sync status from logs
-
Certificate expiration (warns if under 30 days)
-
Recent errors in logs (last 30 minutes of mstunnel-agent, mstunnel_monitor, ocserv)
-
Server configuration (routes, DNS, ports from admin-settings.json)
- Listening ports
Usage
# Download and run directly
curl -fsSL https://raw.githubusercontent.com/imabdk/Microsoft-Tunnel-Gateway/refs/heads/master/mst-health.sh | sudo bash
# Download
curl -fsSL https://raw.githubusercontent.com/imabdk/Microsoft-Tunnel-Gateway/refs/heads/master/mst-health.sh -o mst-health.sh
# Run
sudo bash mst-health.sh
Why not just use the Intune admin center?
- The admin center is great for monitoring across all servers
- But when you’re SSH’d into a server troubleshooting, you need answers now
- The script gives you everything in one view: services, config, cert, logs, ports
- It also shows things the admin center doesn’t: recent log errors with context, config sync status, active VPN connections
A few things worth noting
- Container health validation actually checks if containers are healthy, not just running
- Config sync status shows the last successful config application from Intune
- Issue summary lists exactly what failed
- Active VPN connection count at the end for context
