ConfigMgr Client Health

ConfigMgr Client Health is a PowerShell script that increased our patch compliance from 85% to 99%. It detects and fixes known errors in Windows and the Configuration Manager Client, and enforces required services to run and start as Automatic.

4.9 Star
25,537 times
Add to favorites
System Center
E-mail Twitter Digg Facebook
Sign in to ask a question

  • extra bracket in the string
    2 Posts | Last post Fri 12:16 AM
    •     if (($SQLLogging -like 'true') -and (($Webservice -eq $null)) -or ($Webservice -eq ""))
    • it should be:
      if (($SQLLogging -like 'true') -and (($Webservice -eq $null) -or ($Webservice -eq "")))
  • Internal server error 500 on 20% of computers
    4 Posts | Last post August 14, 2019
    • I recently deployed your script to about 220 devices in AD, but when I run the report it only returns 176 entries in the database.  I'm using the webservice.  on those 20% I get "Error Invoking RestMethod POST on URI https://webserviceserver/ConfigMgrClientHealth/Clients. Failed to update database using webservice. Exception: The remote server returned an error: (500) Internal Server Error."  All different OS versions, all different Powershell.  Is there a webservice log somewhere with more info to try and track this down?  It's working successfully on 2008 R2 servers with PS 3.0 even.  I see those in the report, all the way up to 2016 with 5.1.  I haven't been able to find a commonality in these 20%.  Help!
    • I should add that the script successfully runs on all 220, as I have regular logging making it to the share, so I can see that those 20% are running the script successfully, they're just not able to post the results via the webservice to the database.
    • I suspect you may find its to do with inserting null values into the database. i had issues with the last logged on user being nul on some machines and they failed. 
    • I know this is an old post, but I ran into the same error trying to run this on a Server 2019 box, I found on line 289 when trying to search for missing updates, it was missing an entry for Server 2019, soo added the below line on line 290:
                  "*Server 2019*" { $OSName = "Windows Server 2019 " + $OSArchitecture }
  • HTTP Error 500.19
    1 Posts | Last post August 13, 2019
    • Hi.
      I keep receiving this message
      THe requested page cannot be accessed because the related configuration data for the page is invalid
  • Bug: Update-SQL
    1 Posts | Last post August 09, 2019
    • Hi,
      I think I've found a bug which may cause the Update-SQL function to run even thought SQL has been set to disabled in the config.
      On line 3120:
      if (($SQLLogging -like 'true') -and (($Webservice -eq $null)) -or ($Webservice -eq "")) {
      Should be:
      if (($SQLLogging -like 'true') -and (($Webservice -eq $null) -or ($Webservice -eq ""))) {
  • Webservice fails
    7 Posts | Last post August 09, 2019
    • I've been getting an error when clients try to reach out to the web service to update the database:
      Failed to update database using webservice. Exception: The remote server returned an error: (500) Internal Server Error.
      I've tried to remove the webservice , .net core installs, and application pool. I redid it and i'm still getting the same error. Anyone have an answer to this issue?
    • Hello,
      same issue for us.
      Some clients can update the database through the webservice.
      Some clients cannot and get an error "Failed to update database using webservice. Exception: The remote server returned an error: (500) Internal Server Error."
      I suspect one of the data to upload to be in an incompatible format for the webservice.
    • Hello,
      same issue for us.
      Any Solution? 
    • Hey,
      i think i found the Problem .. by the "Problemclients" is in the Local-log the "Lastloggedonuser" Empty ... so i run the Command from the Script on one of the Clients and get this:
      "Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\" 
      ShowTabletKeyboard       : 0
      IdleTime                 : 4764266
      SelectedUserSID          : S-1-5-21-3261002472-250002374-3722958904-171606
      IsFirstLogonAfterSignOut : 0
      PSPath                   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentic
      PSParentPath             : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentic
      PSChildName              : LogonUI
      PSDrive                  : HKLM
      PSProvider               : Microsoft.PowerShell.Core\Registry
      ShowTabletKeyboard       : 0
      IdleTime                 : 3147266
      LastLoggedOnUser         : DOMAIN\USERID
      LastLoggedOnDisplayName  : LASTNAME, NAME
      SelectedUserSID          : S-1-5-21-1386311155-1793750988-1237804090-253304
      LastLoggedOnProvider     : {60B78E88-EAD8-445C-9CFD-0B87F74EA6CD}
      NetworkStatusType        : 1
      LastLoggedOnSAMUser      : DOMAIN\USERID
      LastLoggedOnUserSID      : S-1-5-21-1386311155-1793750988-1237804090-253304
      IsFirstLogonAfterSignOut : 0
      PSPath                   : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\
      PSParentPath             : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication
      PSChildName              : LogonUI
      PSDrive                  : HKLM
      PSProvider               : Microsoft.PowerShell.Core\Registry
    • I just played a littlebit more with it.. so i think the Problem is that via GPO is disabled to save the lastloggonuser for Securtiy (maybe other a Deployment Guy not a Client Guy xD ).
      For me is the lastloggonuser not important so, i fixit by changing it to "currentuser". 
      Line: 2291 
      LastLoggedOnUser = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\').LastLoggedOnUser;
      LastLoggedOnUser = $env:username
      Line: 2657
      $LastLoggedOnUser = (Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\').LastLoggedOnUser
      $LastLoggedOnUser = $env:username
      in the Locallog will still stand as Text "lastloggedonuser:" .. but this must be also changeable. And i Change the Report via Reportbuilder to "Current...".
      With this change i got 100% of my testclients in the Report, before i have only 18 /25.
    • I tried the registry trick and that didn't work in my environment. FYI I have a large environment. Tried updating via sql after having issues with the Webservice and got: Update-SQL : Error updating SQL with the following query: . Error: Exception calling "Fill" with "1" argument(s): "An error was raised during trigger execution. The batch has been aborted and the user transaction, if any, has been rolled back"
      So I spoke with our DBA and he looked into the issue. The issue is the Identifier in the table dbo.Clients_Hist has a limit (int which has a limit of 2,147,483,647). (sorry I'm not a sql expert but trying to translate what he told me). So there are a few things he suggested. One was to change the int to bigint which has a limit of 9,223,372,036,854,775,807 but then at one point or another I would run into this issue again. I asked if we could just clear that table because I really don't care about the history too much. So we ran "truncate table dbo.clients_hist" on ClientHealth DB and it cleared the counts and then I was able to update the SQL table manually and by using the webservice. So my next plan is to schedule a task to periodically truncate the table. Hope this helps 
    • Hey Reys,
      there is no "dbo.Clients_hist" Table by Default in the Script 0.8.1 where you got this from? I created the DB by the "CreateDatabase.sql" (from the Download ZIP-File) and there is no History or Something like that. Everytime a Client runs that Script it will overright just his one line in "dbo.Clients", i have in the moment 35Clients as Testclients with the Script and the Database is ~ 4MB. if I calculated correctly are 5000 Clients 2,5 MB in the Database, Database it self is ~ 3,8MB without clients so you should have ~ 6MB for 5k Cients.
      Im Searching in the moment to get a History in the DB for 14Days but im also not a SQL / Development Guy :)
  • webservice, configmgrclient.ps1 missing?
    4 Posts | Last post August 09, 2019
    • Hi,
      Thanks Anders for the amazing script.
      To configure the web-service we need to run configmgrclient.ps1 script with -webservice parameter as per instruction in pdf file under webservice folder but I do not find the configmgrclient.ps1 file in .zip folder. The client will try to hit the webservice with url:
      https://servername/configmgrclienthealth/client and failing with error as there is no address/path as 'client' after /configmgrclienthealth.
      please let me know in case i am missing something.
    • Hi,
      do have set up the IIS-Webserver as in "ConfigMgr Client Health Webservice 1.0 - Installation and Configuration.pdf" described?
      The "configmgrclient.ps1" is directly located in the Mainfolder of the ZIP, and is the file that must executed by the Client via Tasks as System-User.
      Thats a example how the Action in the Task can be:
      PowerShell.exe -ExecutionPolicy Bypass -Noninteractive -File "\\Share\ConfigMgrClientHealth.ps1" -Config "\\Share\config_demo.xml" -Webservice "http://Server/ConfigMgrClientHealth"
      All Computeraccounts needs read Access to the PS1 and XML so maybe use the "sysvol" of the Domain.
    • Hi @tehmilcho,
      Thanks for reply.
      Yes, the rest of the configuration is done as mentioned in webservice pdf file, but to run a powershell script(configmgrclient.ps1) I don't find the script in any folder, i have checked all the folders and tried to re-download the zip file on other device as well.
      The main script-configmgrclienthealth.ps1 is running fine on standalone machine with SQL/webserivice error.
    • Hey,
      now i know what you mine..
      "Execute ConfigMgrClient.ps1 with the -Webservice parameter to verify the script updates the database using the webservice. If successful, the last line will output “Updating SQL database with results using webservice” " 
      Thats a wrong Spelling .. he wants that you Run:
      PowerShell.exe -ExecutionPolicy Bypass -Noninteractive -File "\\Share\ConfigMgrClientHealth.ps1" -Config "\\Share\config_demo.xml" -Webservice "http://Server/ConfigMgrClientHealth"
      When you do this in a Powershell you will see in the last line if the Update wars okay or not okay.
      i got for "https://servername/configmgrclienthealth/client" also "not found" if i try this via Browser.. but my Clients can post it without Problems. 
  • Windows 10 Update 1903 seems to have issue
    1 Posts | Last post August 08, 2019
    • The latest version of the script, 0.8.1, seems to be getting stuck on v1903 of Windows 10. Have you seen any issues with this?
  • DNS Check FAILED
    1 Posts | Last post July 29, 2019
    • Hi Anders,
      I get the following failure while checking DNS.
      Select-Object : Property "IPAddress" cannot be found.
      At C:\ProgramData\ConfigMgrClientHealth\ConfigMgrClientHealth.ps1:747 char:129
      + ...  -First 1) -Type A -DnsOnly | Select-Object -ExpandProperty IPAddress
      +                                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (Microsoft.DnsCl...s.DnsRecord_PTR:PSObject) [Select-Object], PSArgumentException
          + FullyQualifiedErrorId : ExpandPropertyNotFound,Microsoft.PowerShell.Commands.SelectObjectCommand
  • Console extension installation
    4 Posts | Last post July 25, 2019
    • Hi Anders,
      Thank you so much for the wonderful tool. I have been able to resolve most of the issues with Client communication and patch compliance.
      I have installed the console extension and it says that installation successful. However when i try to run the extension from console for a server, it gives following error. I would appreciate if you can point me to the right direction as this extension will be greatly helpful to remotely run the script on a server/collection.
      ERROR: The system cannot find the file specified.
          + CategoryInfo          : NotSpecified: (ERROR: The syst...file specified.:String) [], RemoteException
          + FullyQualifiedErrorId : NativeCommandError
          + PSComputerName        : <ClientName>
      NotSpecified: (:) [], RemoteException
      ConfigMgr Client Health failed to start: <ClientName>
    • Can someone please help me to setup the console extension. I have gone through the setup process as per readme file but getting error after the install, if i run that tool for some server then getting the error as mentioned.
    • Hi Anders,
      Even I am getting the same error as described in GarryAU's post above. Can you please help?
    • Hi Garry and Siddharth - I've had the exact problem and this is to do with the scheduled task. The console extension just calls the scheduled task on the local machine. Make sure the machine you are trying to run the script on has a task created in its 'Task scheduler' console. Good Luck!
  • Third Party Reboot App
    1 Posts | Last post July 22, 2019
    • Would be nice to have separate parameters of the reboot tool for
      PendingReboot and MaxRebootDays.
      This way I can use two different RTF files with different content for end users explaining better the difference why another reboot might be needed again.
1 - 10 of 166 Items