SCCM Client

Where can I find the various client components?

  • Cache: C:\Windows\ccmcache
  • Log Files: C:\Windows\CCM\Logs — Description of the different log files
  • Software Center: Start Menu\All Programs\Microsoft System Center 2012\Configuration Manager\Software Center
  • Control Panel Applet: Control Panel\System and Security\Configuration Manager
  • Get a copy of cmtrace (replacement for trace32):
    \\wolftech\engr\coedean\ou_admins\SCCM 2012 Console\cmtrace.exe

Client = Yes in the console means:

  1. Computer meets Pre-Reqs: In AD, has Cert, in DNS
  2. Agent installed and has performed first inventory
  3. Agent contacted Management Point
  4. Agent has done its first health check
  5. Collection has updated membership (Right Click)

Is a reboot required to install the client?

If it is not installed already, yes. One of the installation methods we are using includes a startup script, so rebooting any troublesome client should cause the SCCM 2012 agent install to progress immediately upon reboot.

Help! Computer X has “Client: No” in the console!

This could be for a number of reasons:

  • The dnshostname attribute is not resolvable in DNS. This means the client cannot autoenroll for a certificate that is required for SCCM to function.  This requirement is unchanged from 2007r3.
  • For some reason, the computer has not attempted the client upgrade from 2007r3->2012  (unplugged, lack of networking, hung/frozen at a bluescreen, etc)..
  • In the 2012 console, you can add a “Last Installation Error” column to help you diagnose installation issues.
  • C:\Windows\ccmsetup\*.log for setup related log files.

How do we fix failed installs?

The short list:

  • “SCCM Console -> Machine -> Right-Click -> Client Log Files” to access log files on remote box even if agent isn’t installed
  • “SCCM Console -> Machine -> Client Tools -> Uninstall SCCM Agent” and then Reboot to force a reinstall of the agent from the Group Policy

Certificate Still Required:

Similar to 2007r3, the client requires a cert in order to be able to talk to SCCM. And to get a cert, the client’s dnshostname attribute must be resolvable in DNS.  So if you have laptops not in DNS at all or computers with the wrong DNS suffix, they will not work with SCCM.

2012 Client won’t finish install:

The client upgrade process requires that certain values that we have assigned to the client via group policy in the past be removed.  If your machine has problems with group policy processing, you will have the client installed, but it won’t ever connect to the 2012 infrastructure, and thus show “Client: No” in the console.  This is exhibited on the machine as group policy processing errors that show up in the Application event log from the “Group Policy Registry” source with an event ID of 8194 (you will also see references to ‘NCS’, the old site code, in various logs located in c:\windows\ccm\logs).  This problem may be caused by other group policies that have registry preference settings that fail for some reason and may not be related in any way to SCCM.  The startup script that we have applied across the domain should fix this automatically the next time you reboot the computer, but if it doesn’t for some reason, you need to delete following registry keys from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client:

  • GPRequestedSiteAssignmentCode
  • GPSiteAssignmentRetryDuration(Hour)
  • GPSiteAssignmentRetryInterval(Min)

Server Push:

Server Push installs only work if the departmental admin has added the SCCM Site Server to the local admin group on client machines AND it has firewall access to those client machines.

There are some columns in the 2012 console that are populated with messages generated only by the server push installation method.  This is being used in conjunction with WoL to install clients that have missed both the GPO and SCCM package scheduled task upgrade times. Here are some pages that have SCCM-specific Error Codes that can be used with the “Last Installation Error” column or when looking in the C:\Windows\ccmsetup\ccmsetup.log file:

Here is the list of Error Codes from the “Last Installation Error” column.  Note that this is only used with Server Push installs!

  • 2 – The system cannot find the file specified.
  • 5 – Access denied.
  • 52 – You were not connected because a duplicate name exists on the network. Make sure there is not a duplicate name in DNS and that 2 machines don’t have the same IP in DNS.
  • 53 – Unable to locate – Likely just off.  If its on the network check – cannot connect to admin$ – Computer Browser not started – add File/print sharing to Exceptions in Firewall – turn file and print on.
  • 58 – The specified server cannot perform The requested operation
  • 64 – The specified network name is no longer available. Source: Windows
  • 67 – network name cannot be found.
  • 86 – network password is not correct? Machine Name <> resolved name.
  • 112 – Not enough disk space
  • 1003 – Cannot complete this function.
  • 1040 – Ending a Windows Installer transaction: <> Client Process Id: <>.  Likely that two ccmsetup.exe were launched, both are running, creating a race condition.  Use task manager to kill one of the running ccmsetup.exe processes and monitor the ccmsetup.log file to confirm the other setup process continues to successful completion.
  • 1053 – The service did not respond to the start or control request in a timely fashion.
    1068 – The dependency service or group failed to start
  • 1130 – Not enough server storage is available to process this command. Source: Windows
  • 1203 – The network path was either typed incorrectly, does not exist, or the network provider is not currently available. Please try retyping the path or contact your network administrator.
  • 1208 – An extended error has occurred. Source: Windows
  • 1326 – Logon failure: unknown user name or bad password. Source: Windows
  • 1385 – Logon failure: the user has not been granted the requested logon type at this computer. Source: Windows – The site server was not allowed to install the client. Likely a reboot will install the client via the startup script.
  • 1396 – Logon Failure: The target account name is incorrect. (NBTSTAT -a reverse lookup, duplicate IP address)
  • 1450 – Insufficient system resources exist to complete the requested service. Source: Windows
  • 1789 – The trust relationship between this workstation and the primary domain failed. Source: Windows – use “netdom /reset” to fix the trust relationship
  • WMI-related – and
    • 2147749889 – Generic WMI failure (Broken WMI)
    • 2147749890 – not found – Source: Windows Management (WMI)
    • 2147749904 – Invalid class – Source: Windows Management (WMI)
    • 2147749908 – Initialization failure – Source: Windows Management (WMI)
  • 2147942405 – Access is Denied (Firewall rule? / Antivirus?)
  • 2147942487 – The parameter is incorrect. Source: Windows
  • 2147944122 – The RPC server is unavailable. (DCOM is possibly miss-configured for security . )
  • 2147944225 – A security package specific error occurred. Source: Windows
  • 2148007941 – Server Execution Failed

Here is an explanation of the “Last Status” column.

  • Started – Server Push has been enabled for the client
  • Retry – Server Push has attempted to install the client once and will retry later
  • Complete – Server Push installed the client successfully

What are the SCCM client distribution methods?

  • GPO-based startup script
  • WDS centrally-provided domain join images have the client preinstalled in the image
  • SCC-based images install the client as part of the task sequence
  • Updates from 2012 -> 2012 SP1 and so forth with be handled by updating the install locations and by enabling the “Upgrade client automatically when new client updates are available” hierarchy setting.

What is the impact of a client upgrade failing?

The SCCM agent is about deploying things. If the agent doesn’t get upgraded for some reason, the computer will continue functioning until an IT person comes along to assist it.  If the agent uninstalls, but the 2012 SP1 agent fails to install, then the computer is essentially unmanaged by SCCM at that point and nothing happens (but this is very rare).  It is nearly impossible for a client upgrade failure to negatively impact the end user with the possible exception of not receiving new software.