Sometimes the most challenging part of the Configuration Manager 2007/SMS 2003 deployment phase can be ensuring that the client successfully reports to the site server. We occasionally see these issues here in support, typically either as cases for clients not reporting after the client installation, or maybe where it’s noticed that the client count is decreasing from the collection.
When we look at the SMS/SCCM console collection, there is an entry for the client status that indicates either Yes or No. Assuming everything is installed and configured properly, a client installed on a system should automatically report as Yes, but sometimes that does not turn out to be the case. The reason could be that the client has not yet reported to the SCCM\SMS server, or it was reporting previously but has now stopped. Managing the client in the collection is a continuous task and for a healthy environment the client should be continuously reporting to the SMS\SCCM server.
There are various reasons why a client may not be able to report to even if the SMS\SCCM agent is installed on a machine. A few of these reasons are discussed below:
The first thing to check is whether the client is on the network, and if it’s not on the network, does the system even exist? It’s possible that represents a stale record from AD.
Systems NOT on the network: If the system is not actually on the network, check if it is shutdown, and if so if it’s been shutdown for long time. If yes then first restart the system and then initiate the discovery cycle from the control panel agent properties action TAB.
Stale Entries: When you use AD discovery, the DDRs are created for the computers that reside in the AD container that we have requested to be queried by the discovery process. If that container has the stale records for the resources, then client records may be created for systems that don’t actually exist, thus they will never report.
There is a Maintenance task that will clear the inactive records but if the discovery process runs again and the AD container still has these entries then they will simply show up again.
Resolution: For the stale records you need to make sure that the AD container is cleared of these stale records and scavenging is done for the computers container in AD regularly. Once this is done you can either make use of the maintenance task or you can create a collection for the NON SMS CLIENTS and then do a delete special to the collection so that the entries will be removed permanently from the SMS\SCCM database. Then a discovery can be run which will bring back only the active systems in the collection.
Once the agent is available on the network and the client is installed, the client goes through the following actions as part of the reporting process:
- Client location services identify the site code and the MP it is supposed to connect to.
- The client connects to the Management Point and downloads the policies.
- Once the policies are downloaded it sends the heartbeat record to the server.
- Once the server receives this heartbeat record these are converted in to DDR and processed. This will set the client flag to 1 which will make the client status display as Yes in the console.
- On a regular basis the agent will send the heartbeat and if no heart beat or inventory shows up for a length of time then the client flag will be marked as 0 by the client flag maintenance task, setting the client status to No.
So only if this process is completed and it continues to happen will the client remain reporting to the server. This is why I said earlier that client management is a continuous task. There can be a variety of reasons why this process might fail, and I’ve outlined a couple of them below:
The Boundaries of the Agent are not specified in the site server
If the client is not assigned in the console or the client is unable to discover the site code, make sure that the AD site or the IP subnet is added in the boundary list. The server will only allow those clients within its boundary to download the polices, so if you have not specified the boundaries the client will not be authorized and the policies will not get downloaded. For boundary issues you can use this as a reference:
For the case of overlapping boundaries see http://blogs.technet.com/smsandmom/archive/2007/11/30/sms-2003-finding-overlapping-boundaries.aspx
In the client if you check the location services.log (log location: C:\Windows\System32\CCM\Logs), you can get the information of the site assigned to it as well as the MP it is reporting to. If it is not able to report properly, you need to make sure that the agent can communicate over the network to the site server successfully.
Unable to get the site code
If the client is not able to get the site code, you need to check first the boundaries as above, and also verify that the site information is published in the AD. You can check the last part of the sitecomp.log after you start the site component manager which will say that the components like the MP, SLP etc successfully published or updated. If you are unable to see that and you get access denied errors, make sure that the computer account has read\write permission to the system container in AD. Make sure the permission is flowing to the objects within and the objects below. If you are not publishing the information in AD then you need to make sure that the SLP is configured and working.
For more information you can check Post-installation phase in the link:
The client itself is not installed in the Agent
You can take a look at this article http://support.microsoft.com/kb/925282 which will give you a detailed explanation of how you can make sure that the client is installed and reporting successfully.
There is a name resolution issue in the Client.
Make sure that the client is able to communicate to the SMS\SCCM server using the FQDN as well as the NetBIOS name. Use Nslookup or ping to check the name resolution. If you can’t ping the server using the FQDN then you will have problems.
The client is behind a firewall
If clients are behind a firewall, it may be restricting it from contacting the SMS site server. Check if the necessary ports are opened. You can check http://support.microsoft.com/kb/826852 to understand the port requirements.
There are systems in the collection that have multiple GUIDs.
If you suspect your clients may have multiple GUIDs refer to https://technet.microsoft.com/en-us/library/cc917513.aspx for information on how to resolve the issue.
MP not working as a result of which the policies are not getting downloaded
You first need to check to see whether the MP is working. For that you will need to check the mpcontol .log (Log location: \SMS\logs in SMS and \program files\Microsoft Configuration Manager\logs in SCCM). If it is showing a 200 OK status code then that means the MP is working. For information on troubleshooting the MP you can use the Troubleshooting management point issues section at http://support.microsoft.com/kb/925282 or http://technet.microsoft.com/en-us/library/bb932118.aspx.
If the MP is working fine and the client is unable to contact and download polices, you will have an error on download in the policyagent.log file on the agent (Log location: C:\Windows\System32\CCM\Logs). Before checking this though, check if the locationservices.log has the correct MP information. If it doesn’t then check the resolution mentioned in the topic under Site Code and Boundaries above. If it does have the correct MP information, make sure that the BITS service is started on the client. You can try the following URLs to verify that this is working:
Client is unable to download policy
You may also have issues downloading policies if the client agent has WMI corruption. If you suspect this to be the cause of your issue, if it is a XP client then follow these steps:
1. Uninstall the SMS/SCCM client agent. Use the ccmclean /all (Available in the SMS tool kit) command for SMS and cmsetup /uninstall for SCCM.
2. Troubleshoot or rebuild WMI. For troubleshooting WMI you can reference:
3. Restart the system and install the agent.
Note: If the SMS\SCCM agent is installed on an exchange server or the DC, or any other application server, please contact Microsoft support to fix the WMI issue as rebuilding can create additional issues with other applications if not done correctly.
Server unable to process DDR
Once you find that the client is able to send the heartbeat data to the server, you next need to check on the server to see if these are getting processed successfully. Here are a few links relating to DDR processing errors:
Clients going to NO after it had reported
The first reason for this is that the heartbeat discovery is enabled and that the DDRs are not reaching the server. The second is that Clear Install Flag is running. The following link will give you more information on this task:
Hope that this information will be helpful - Happy troubleshooting,
Sudheesh Narayanaswamy | Support Engineer