Step by Step SCCM Client Remediation

 



 

This is most useful blog for SCCM client remediation. I will try to explain all possible point to be looked.

These are steps we can use while remediating client on any machine manually.

  • Check to ensure WMI connectivity

Use Windows Management Instrumentation Tester:

The Windows Management Instrumentation Tester dialog box is displayed when you click Start, click Run, and then type wbemtest.exe in the Open: field. This dialog box provides access to all WBEMTest functions.

You should get screenshot below:

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEio2vYY6hO-p7IrT6_u-KQUnpdfNgxU_mSb0l3lAVKqeGOrWhQVpz5Nd3iYAmLeJoDvjEaDJcR2u3i5O4-E53O6YYmZEl2ZdHfShmUDeRexbcgwETtfLgVGRph-AO-InkWN84-zOBneIuJw/s1600/WBEMTest-Windows-Management-Instrumentation-Tester.png




Try to connect to the namespace like show in the below screenshot.

 

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnHXatG5pU-k-hdt2FJUfEArd_M3zc1jjq31w6CVNm0ldd21C-VJIlSE4_rVscpnbBqoL2IsN3svYilm13Xyq67i7S2HH_KMe1EMuDNW8e68tRHDhaSiz6peYNe7f1iZoF9Yacx0Ig5Gmx/s1600/WBEMTest-Connect-to-a-remote-computer.png

In the Namespace field, enter the path. On newer versions of Windows this defaults to root\cimv2 which is where all of the Win32 classes reside and what most people use. But if you know the path to another namespace, like root\SecurityCenter2 go ahead and use it. The default is the local computer which if that is the case all you need to do is click the Connect button.

For remote computers, prepend the computer name in the namespace path like this: \\server01\root\cimv2. WMI will use your current credentials. But you can specify alternate credentials for remote computers. Enter a username in the format domain\username. Or if connecting to a workgroup machine use the form computername\username. Enter the password and click Connect. You can leave everything else alone. Although for the most secure connection you can set Authentication Level to Packet Privacy.



At this point, if there are any errors connecting to the remote computer, you will get an error message like the RPC server is unavailable or Access is denied. These two error will be like in below screenshot.




Access denied should be self-explanatory. The credentials you use must have administrator rights.
If the server is not available, it may not be online or there is most likely some sort of firewall issue. If you get an error like this with WBEMTest, no PowerShell or VBScript that is trying to connect to the computer will work.  Use WBEMTest to verify connectivity and credentials.
Check the status of the firewall by using following command:
>telnet <servername> <portnumber> if access is there then it will show it as open or closed if blocked then it will give you some other result.

  • Check the running and startup state of identified services, if running then fine if not then setup as mentioned below:


 Service Name State Start Mode
 BITS Running Auto
 winmgmt Running Auto
 wuauserv Running Auto
 rpcSs Running
 Auto





  • Checks for the Admin$ share and enables admin shares if they are disabled in the registry

HKLM\System\CurrentControlSet\Services\LanmanServer\Parameter

if AutoShareSever value is not 1 then change it to 1 and type should be REG_DWORD or you can delete this registry entry.

Go to run and trigger the following command:

net stop server
net start server

This will resolve the AdminShare issue.

  • Check for identified registry values

  • Set registry values if they do not exist or do not match
  • Adds a specified account to the local administrators group
  • Check for an installation of the client agent
  • Check the version of client agent
  • Check to ensure the ConfigMgr agent is set to Automatic startup and is running
  • Install the client agent if it is not installed or if the version is old
  • Check the client agent’s cache size and resets it if needed
  • Check the client agent’s site assignment and reinstalls the client agent if not assigned (which implies some type of client corruption)
If all of above mention is not working then uninstall the SCCM Agent completely and delete all component related to SCCM Agent like folder, registry and try fresh install.

Special thanks to Jason Sandys, Jeffery Hicks!


Important Links:
https://4sysops.com/

-Aarif Hussain

Comments

Post a Comment

Popular posts from this blog

Error code 26352 while installing application

I was trying to install prerequisite of a web-based application, and getting error 26352. Verbose logging were showing it a certificate issue. I have imported required certificate but still installation was aborted with error code 26352. As a workaround when I looked into the certificate store. I found several certificates were present in the store with same name. Once I removed all, again imported the required ones it works fine. Please comment for other ideas or this blog helped. - Aarif 
Read more

Symantec Endpoint Protection Agent upgrade using SCCM

I have worked on a upgrade of Symantec Endpoint Protection Agent on 60000 devices including server and workstations. The upgrade was having several challenges and issues but here are some scripts that will help in upgrading with ease. -------------------------------------------------------------------------------------------------------------------- Installation Script ( Verbose Logging Enabled) : This script can be use to install SEP agent (if SEP is provided by the SEPMC) silently. '-------------------------------Start of Script----------------------------------------- '------------Install 32 bit Symantec Endpoint Protection12.1.5337.5000 ------------------ On error resume next dim fso, wshll, Dir, Path, key, installdir, uname, ttime, loc, sloc, Exepath, cmdline, cm, SCPath Set fso = createobject("Scripting.Filesystemobject") Set wshll = createobject("wscript.shell") PRODATA = wshll.expandenvironmentstrings("%ProgramData%"
Read more