Step by Step SCCM Client Remediation
This is most useful blog for SCCM
client remediation. I will try to explain all possible point to be looked.
These are steps we can use while
remediating client on any machine manually.
- Check to ensure WMI connectivity
Use Windows Management
Instrumentation Tester:
The Windows Management
Instrumentation Tester dialog box is displayed when you click Start,
click Run, and then type wbemtest.exe in the Open: field.
This dialog box provides access to all WBEMTest functions.
You should get screenshot below:
Try to connect to the namespace like
show in the below screenshot.
In the Namespace field, enter
the path. On newer versions of Windows this defaults to root\cimv2 which is
where all of the Win32 classes reside and what most people use. But if you know
the path to another namespace, like root\SecurityCenter2 go ahead and use it.
The default is the local computer which if that is the case all you need to do
is click the Connect button.
For remote computers, prepend
the computer name in the namespace path like this: \\server01\root\cimv2.
WMI will use your current credentials. But you can specify alternate
credentials for remote computers. Enter a username in the format
domain\username. Or if connecting to a workgroup machine use the form
computername\username. Enter the password and click Connect. You can leave
everything else alone. Although for the most secure connection you can set
Authentication Level to Packet Privacy.
At this point, if there are any
errors connecting to the remote computer, you will get an error message like
the RPC server is unavailable or Access is denied. These two error will be like in below screenshot.
Access denied should be self-explanatory. The credentials you use must have administrator rights.
If the server is not available, it may not be online or there is most likely some sort of firewall issue. If you get an error like this with WBEMTest, no PowerShell or VBScript that is trying to connect to the computer will work. Use WBEMTest to verify connectivity and credentials.
Check the status of the firewall by using following command:
>telnet <servername> <portnumber> if access is there then it will show it as open or closed if blocked then it will give you some other result.
- Check the running and startup state of identified services, if running then fine if not then setup as mentioned below:
| Service Name | State | Start Mode |
| BITS | Running | Auto |
| winmgmt | Running | Auto |
| wuauserv | Running | Auto |
| rpcSs | Running |
Auto
|
- Checks for the Admin$ share and enables admin shares if they are disabled in the registry
HKLM\System\CurrentControlSet\Services\LanmanServer\Parameter
if AutoShareSever value is not 1 then change it to 1 and type should be REG_DWORD or you can delete this registry entry.
Go to run and trigger the following command:
net stop server
net start server
This will resolve the AdminShare issue.
- Check for identified registry values
- Set registry values if they do not exist or do not match
- Adds a specified account to the local administrators group
- Check for an installation of the client agent
- Check the version of client agent
- Check to ensure the ConfigMgr agent is set to Automatic startup and is running
- Install the client agent if it is not installed or if the version is old
- Check the client agent’s cache size and resets it if needed
- Check the client agent’s site assignment and reinstalls the client agent if not assigned (which implies some type of client corruption)
If all of above mention is not working then uninstall the SCCM Agent completely and delete all component related to SCCM Agent like folder, registry and try fresh install.
-Aarif Hussain
This comment has been removed by the author.
ReplyDeleteGood information 👍
ReplyDeleteThanks Anitha P Saju!!
DeleteGood information 👍
ReplyDeleteGood information Bhai
ReplyDeleteThanks!!
Delete