ConfigMgr Client Health

ConfigMgr Client Health is a PowerShell script that increased our patch compliance from 85% to 99%. It detects and fixes known errors in Windows and the Configuration Manager Client, and enforces required services to run and start as Automatic.

 
 
 
 
 
4.9 Star
(37)
24,471 times
Add to favorites
System Center
8/11/2018
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Error Connecting to SQLDatabase ClientHealth
    1 Posts | Last post May 10, 2019
    • Hi All...
      
      I'm running into a unique error... In my environment, I have a PARENT and CHILD domain within my SCCM environment. When I run the PS1 script from the Parent domain, the script runs fine and I have no issues. When I run the script from the CHILD domain I'm getting this error at the top of the script:
      
      Test-SQLConnection : Error connecting to SQLDatabase ClientHealth on SQL Server Server.ParentDomain.tld
      At \\<server>.<parentdomain>.<tld>\configmgrclienthealth\configmgrclienthealth.ps1:2923 char:43
      +     if (($SQLLogging -like 'true') -and ((Test-SQLConnection) -eq $fa ...
      +                                           ~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
          + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Test-SQLConnection
      
      
      I'm guessing that the issue is a permission issue, but I'm unsure how to resolve it. I've given CHILDDOMAIN\Domain Computers datareader and datawriter permissions to the ClientHealth DB, but that doesn't seem to be fixing the issue. 
      
      Any help is greatly appreciated. 
  • method not allowed 405
    3 Posts | Last post May 04, 2019
    • Hi Thanks for a great script.
      Im getting the following error:
      Error Invoking RestMethod PUT on URI http://xxxxx/ConfigMgrClientHealth/Clients/xxxx. Failed to update database using webservice. Exception: the remote server returned an error: (405) method not allowed.
      
      Tried (as mention in a previos post) adding this to my web.config:
       <modules runAllManagedModulesForAllRequests="false">
          <remove name="WebDAVModule" />
        </modules>
      But im still getting the error.
      
    • Hi,
      
      I have the same issue, did you ever manage to resolve this problem?
      
      Thanks,
      Martin.
    • Try modifying the web.config to the following:
      
      <?xml version="1.0" encoding="utf-8"?>
      <configuration>
            <system.webServer>
              <modules>
                  <remove name="WebDAVModule" />
              </modules>
              <handlers>
                  <remove name="aspNetCore" />
                  <remove name="WebDAV" />
                  <!-- I removed the following handlers too, but these
                       can probably be ignored for most installations -->
                  <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
                  <remove name="OPTIONSVerbHandler" />
                  <remove name="TRACEVerbHandler" />
      
                  <add name="aspNetCore" 
                       path="*" 
                       verb="*" 
                       modules="AspNetCoreModule" 
                       resourceType="Unspecified" />
              </handlers>
              <aspNetCore processPath="dotnet" arguments=".\ConfigMgrClientHealthWebservice.dll" 
      
      stdoutLogEnabled="false" stdoutLogFile=".\logs\stdout" />
          </system.webServer>
      </configuration>
      <!--ProjectGuid: 4f4156fd-6191-4743-bf01-3702bb44f92b-->
  • Installed updates detection for installer patches
    1 Posts | Last post May 02, 2019
    • Hello
      
      I am testing out this script which seems to be very useful, however can not get the installed updates portion to detect Office updates and or non WUSA updates? (Windows installer patch)
  • Webservice still need to add Security?
    1 Posts | Last post April 30, 2019
    • Hi.
      I use the webservice to Update the ClientHealth database, do i still need to add security rights for the domain computers on the ClientHealth database?. If not i get the following error. Error connecting to SQLDatabase ClientHealth on SQL Server CM01.test.lab
      
      BR
  • Internal server error 500 on 20% of computers
    3 Posts | Last post April 23, 2019
    • I recently deployed your script to about 220 devices in AD, but when I run the report it only returns 176 entries in the database.  I'm using the webservice.  on those 20% I get "Error Invoking RestMethod POST on URI https://webserviceserver/ConfigMgrClientHealth/Clients. Failed to update database using webservice. Exception: The remote server returned an error: (500) Internal Server Error."  All different OS versions, all different Powershell.  Is there a webservice log somewhere with more info to try and track this down?  It's working successfully on 2008 R2 servers with PS 3.0 even.  I see those in the report, all the way up to 2016 with 5.1.  I haven't been able to find a commonality in these 20%.  Help!
    • I should add that the script successfully runs on all 220, as I have regular logging making it to the share, so I can see that those 20% are running the script successfully, they're just not able to post the results via the webservice to the database.
    • I suspect you may find its to do with inserting null values into the database. i had issues with the last logged on user being nul on some machines and they failed. 
  • Application Pool test error
    8 Posts | Last post April 03, 2019
    • Hi, Anders. I'm working through the install documentation for the webservice and am at the part where I restart the application pool, then navigate to [servername]/ConfigMgrClientHealth.
      
      But instead of getting the result shown in your documentation, I'm getting the message "500 - Internal server error". 
      
      Thought I saw info on this web page--https://www.andersrodland.com/configmgr-client-health/--about how to fix it, but now I can't find that bit. Thought someone had recommended giving the service account some additional roles, but not sure. Can you or someone advise?
      
      Thanks!
    • Is it this comment you're looking for?
      
      https://www.andersrodland.com/configmgr-client-health/#comment-4058926699
    • Hi Rolf. That looks like the page where I originally saw the info in question (it's titled "ConfigMgr Client Health"), but now that page doesn't have any comments at the end, if that in fact is the page I'm remembering. I've checked in multiple browsers, but they all show me the same thing. Perhaps comments were disabled?
    • You must somehow be blocking Disqus. This is the comment the url is pointing to:
      
      "Nick Ortiz • 7 days ago
      I believe I found a solution to this. I had to give the account I created the webservice with the 'db_accessadmin' role as well as 'db_datareader' & 'db_datawriter'. Everything started working after I did that."
    • Thanks for adding the text of that comment, Rolf. Apparently we did in fact start blocking Disqus comments for whatever reason. 
      I added the specified roles to the webservice login, but I'm still getting HTTP Error 500.19 - Internal Server Error.
      
      From the web page:
      
      
      Most likely causes:
      •The worker process is unable to read the applicationhost.config or web.config file.
      •There is malformed XML in the applicationhost.config or web.config file.
      •The server cannot access the applicationhost.config or web.config file because of incorrect NTFS permissions.
      
      
      
      Things you can try:
      •Look in the event logs for information about why the configuration files are not readable.
      •Make sure the user identity specified for the application pool, or the authenticated user, has the required permissions to access the web.config file.
      
      
      I haven't found any info in the event logs that appears helpful and am at a loss as to what to try next. Does anyone have any ideas?
      Thank you.
        
    • Hi - we have the same issue as you. Ive tried switching to an account that has both full admin rights to the IIS server and dbo rights on the sql database. Ive verified the account can access the database by running sql management studio as it. I cant see anything 'malformed' in the web.config file, it looks fine.
      
      Did you ever resolve this?
    • We have not resolved this yet. Currently running the script without the web service since we could not get that to work.
    • Hey guys,
      I ran into this issue and found that you have to install the 2.0.9 Windows Hosting Bundle as mentioned in the pre-requesites of the webservice.  I had a newer version already installed but apparently 2.0.9 specifically needed to be installed.
      
      https://dotnet.microsoft.com/download/thank-you/dotnet-runtime-2.0.9-windows-hosting-bundle-installer
  • Error in Script
    1 Posts | Last post April 01, 2019
    • Hi!
      
      Line 3120 should be:
      if (($SQLLogging -like 'true') -and (($Webservice -eq $null) -or ($Webservice -eq ""))) {
      otherwise will be error connecting to SQL Server even if not used.
      
      Regards,
      Serg.
      
  • Function Test-DNSConfiguration : More than one netAdapter
    1 Posts | Last post March 22, 2019
    • Hello! Into Test-DNSConfigure:
      
      I get this result:
      PS > $AvtiveAdapters = (get-netadapter | Where-Object {$_.Status -like "Up"}).Name
      PS > $AvtiveAdapters
      Ethernet
      VMware Network Adapter VMnet8
      VMware Network Adapter VMnet1
      PS > Get-DnsClientServerAddress | Where-Object {$_.InterfaceAlias -Like $AvtiveAdapters}
      PS > Get-DnsClientServerAddress
      
      InterfaceAlias               Interface Address ServerAddresses
                                   Index     Family
      --------------               --------- ------- ---------------
      Ethernet                            17 IPv4    {[IP_DNS_SERVER1], [IP_DNS_SERVER2]}
      Ethernet                            17 IPv6    {}
      [...]
      VMware Network Adapter V...1         8 IPv4    {}
      VMware Network Adapter V...1         8 IPv6    {fec0:0:0:ffff::1, [...]
      VMware Network Adapter V...8        10 IPv4    {}
      VMware Network Adapter V...8        10 IPv6    {fec0:0:0:ffff::1, [...]
      [...]
      
      So because I have VMware Workstation installed, this command doesn't work:
      PS > Get-DnsClientServerAddress | Where-Object {$_.InterfaceAlias -Like $AvtiveAdapters}
      
      I do not know the best way to handle this but instead of :
      $AvtiveAdapters = (get-netadapter | Where-Object {$_.Status -like "Up"}).Name
      I Have included an condition to get only "ConnectorPresent":
      $AvtiveAdapters = (get-netadapter | Where-Object {$_.Status -like "Up" -and $_.ConnectorPresent -eq "True"}).Name
      
      Now i'm getting only my "Ethernet" and it works! (I'm on Windows 10 v1809)
      
      Have a nice day!
      Sam
  • How to filter SQL results
    1 Posts | Last post March 19, 2019
    • This is one of the sample SQL queries provided by Anders. This particular one returns all computers, ordered by latest client health script execution time:
      SELECT * FROM dbo.Clients ORDER BY Timestamp DESC
      
      Does anyone know how to filter that so I only see workstations? The server team at my company was experimenting with the client health script, and so I also see servers listed in my results, which I don't want to see.
      
      I was thinking I need to somehow filter the results of the operatingSystem column to show me only results like "Windows 7 Enterprise" and "Windows 10 Enterprise", but I don't know SQL well enough to modify the query.
      
      Thanks!
  • Triggering Windows Installer
    1 Posts | Last post March 18, 2019
    • Are you querying Win32_Product anywhere?  I am noticing that ClientHealth is triggering Windows Installer reconfigured on ALL Windows Installer products.
      
      
      More information on the issue with querying Win32_Product:  (This is still an issue even in Win10.)
      https://gregramsey.net/2012/02/20/win32_product-is-evil/
      
      Any help/info appreciated.  Definitely appreciate the script.
      
      
      
1 - 10 of 154 Items