SCCM Client Health Monitor Script

Description

*Update* This script needs updating and is yet to be moved to GitHub. I’m working on moving this to Proactive Remediations in Microsoft Intune. Stay tuned. *Update*

The SCCM Client Health Monitor Script is a Powershell script which fixes common issues related to SCCM client health.

The script is currently capable of fixing following issues:

  • SCCM client stuck in Provisioning Mode
  • Corrupt Group Policy files (Registry.pol)
  • BITS transfers with errors
  • SCCM client service not running
    • SCCM client service disabled
  • No SCCM client installed

Further to fixing the mentioned issues, the script also supports sending an e-mail or a status to Microsoft Teams if any issues are found. All actions are logged to a local log file: SCCM-ClientHealthMonitor.log in the CCM\Logs folder.

Examples

.\SCCM-ClientHealthMonitor.ps1 -TestProvMode -TestGPOFiles

This will run tests and try to fix issues related to provisioning mode and corrupt group policy files.

.\SCCM-ClientHealthMonitor.ps1 -TestSCCMClient -InstallSCCMClient

This will test for a running ccmexec service and try to start the service if it’s not running. If the service doesn’t exists, the script will try to install the SCCM client.

.\SCCM-ClientHealthMonitor.ps1 -TestProvMode -TestGPOFiles -TestBITS -TestSCCMClient -InstallSCCMClient -EmailStatus -TeamsStatus

This will run the script with all available options.

E-mail

The e-mail being sent with the -EmailStatus parameter looks like below example.

Microsoft Teams

The status messages being sent with the -TeamsStatus parameter will look like below examples.

Logging

The SCCM-ClientHealthMonitor.log file will look like below example when opened with CMtrace.

Requirements

  • The script requires local administrative rights to run
  • Modify the script. I have made a comment with # EDIT here the places that needs editing
    • Modify the -EmailStatus part with your own details such as SMTP server, recipient etc.
    • Modify the -TeamsStatus part with your own details such as URL for webhook, title, text etc.
    • Modify the Install-SCCMClient function with MP and site code details

Running the Script

The best option to run the script, is to do so with a scheduled task.

  • Running as SYSTEM
  • Trigger: Running at log on of any user
  • Action: Starting powershell.exe with argument: -ExecutionPolicy Bypass -File “\\ServerShare\SCCM-ClientHealthMonitor.ps1” -TestProvMode -TestGPOFiles -TestBITS -TestSCCMClient -InstallSCCMClient -EmailStatus -TeamsStatus

Version history

  • 1.0 – Script created
  • 2.0 – Added TestBITS, TestSCCMClient and InstallSCCMClient
  • 3.0 – Added TeamsStatus, making the script able to send status notifications to Microsoft Teams
  • 3.1 – Minor changes to $ComputerModel as well as added more commenting

Download

https://gallery.technet.microsoft.com/SCCM-Client-Health-Monitor-b1189130

Need Help?

I haven’t done the best commenting job in the script itself, so please let me know in the comment section down below if you need any assistance. 🙂

And of course, it goes without saying, but test this thoroughly before putting to use in production.

Also, if you are looking for more details on how to prepare Microsoft Teams for receiving notifications, please take a look at this great post by Michael Mardahl: https://www.scconfigmgr.com/2019/07/10/how-to-notify-a-microsoft-teams-channel-when-a-new-windows-device-has-enrolled-in-microsoft-intune/

31 thoughts on “SCCM Client Health Monitor Script”

  1. I’m kind of new to Power shell. When I pick part of it to test it say it wont load it because its not digitally signed. Is there a way around that?

    Reply
  2. Hello,
    I tested this script and it’s working as expected except it’s not downloading SCCM client if it is not installed.

    I adjusted these para:
    # EDIT here with your own CM details
    $SCCMMP = “sccm.my.company.com”
    $SiteCode = “LFC”

    Adjusted the http port to 443:
    $Install = Start-Process -FilePath $ccmsetup -PassThru -Wait -ArgumentList “/mp:$($SCCMMP) /source:http://$($SCCMMP)/CCM_Client CCMHTTPPORT=443 RESETKEYINFORMATION=TRUE SMSSITECODE=$($SiteCode) FSP=$($SCCMMP)”

    The URL itself works on the browser except it throws a message saying “the page you are trying to access requires a valid client cert is required” which is expected.
    $URL = “https://$($SCCMMP)/CCM_Client/ccmsetup.exe”

    Any suggestions, help please?
    Running SCCM 2010 with valid server and client certs.

    Thank You

    Reply
    • You are trying to speak http to a service which is listening on tcp port 443 for https. I’m assuming that after all this time you caught this – just posting to possibly help someone else out…

      Reply
  3. hi,

    thanks for the awesome script!

    we keep receiving “BITS transfer errors found. Remediation succeeded. Log is attached.” every single day for most of the time the same devices… are we missing something?

    Reply
    • Do you have google chrome installed? I’m seeing that with google chrome updates. What I do is simply querying for bitstranfers job with get-bitstransfer -Allusers, and if any found, I report an error. This is not necessarily related to configmgr, but it can be an obstacle if a download job coming from configmgr is in error.

      Reply
      • thanks. some may have a portable chrome but thats it and updates should be disabled. i will try to give a look a a few random devices and try to find out whats going on… maybe the script could add the bits result to the log file?

        Reply
  4. Hi Martin,
    Any update on this one?

    The scrip is working on all parts for my environment except when it finds the SCCM Client is not installed, it’s not downloading it.

    WARNING: This is bad! No SCCM client installed.
    VERBOSE: InstallSCCMClient = True. Installing the SCCM client…
    WARNING: An error occured while downloading the ccmsetup.exe.
    WARNING: An error occured while starting the ccmsetup installation.

    As per instructions, I did modified these parameters:
    # EDIT here with your own CM details
    $SCCMMP = “sccm.my.company.com”
    $SiteCode = “LFC”

    Because my environment is setup on https, I tried changing the port from 80 to 443 as well:
    # Run the SCCM client installation
    try {
    $Install = Start-Process -FilePath $ccmsetup -PassThru -Wait -ArgumentList “/mp:$($SCCMMP) /source:http://$($SCCMMP)/CCM_Client CCMHTTPPORT=443 RESETKEYINFORMATION=TRUE SMSSITECODE=$($SiteCode) FSP=$($SCCMMP)”

    The client has the cert. Accessing the link via web browser is no issue.

    To add, I have IBCM setup – internal DNS name for SCCM.my.company.com and external MP.company.com

    Any help you can provide please?

    Reply
  5. Anyone know where we can download this from? Looks very promising and would love to put it into place in my environment.

    Reply
  6. Hi,

    Our Exchange does not accept No anonymous

    $AnonUsername = “anonymous”
    $AnonPassword = ConvertTo-SecureString -String “anonymous” -AsPlainText -Force
    $AnonCredentials = New-Object System.Management.Automation.PSCredential($AnonUsername,$AnonPassword)
    $SMTPServer = “smtp.yoursmtp.com”

    how can I put here the domain\username and password?

    Reply
  7. Hi,

    Our Exchange does not accept No anonymous

    $AnonUsername = “anonymous”
    $AnonPassword = ConvertTo-SecureString -String “anonymous” -AsPlainText -Force
    $AnonCredentials = New-Object System.Management.Automation.PSCredential($AnonUsername,$AnonPassword)
    $SMTPServer = “smtp.yoursmtp.com”

    how can I put here the domain\username and password?

    Reply
  8. Hi,

    Our Exchange does not accept No anonymous

    $AnonUsername = “anonymous”
    $AnonPassword = ConvertTo-SecureString -String “anonymous” -AsPlainText -Force
    $AnonCredentials = New-Object System.Management.Automation.PSCredential($AnonUsername,$AnonPassword)
    $SMTPServer = “smtp.yoursmtp.com”

    how can I put here the domain\username and password?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.