Troubleshooting MDT 2012 Monitoring


I mentioned a while back that I wanted to do a blog post talking about how to troubleshoot the new MDT 2012 monitoring feature for Lite Touch deployments, but first I had to actually describe it.  If you haven’t reviewed that post, you might want to check it out first at http://blogs.technet.com/b/mniehaus/archive/2012/03/09/mdt-2012-new-feature-monitoring.aspx.

So now let’s talk about troubleshooting.  First, let’s look at the server side.  You have to enable monitoring on a computer that has MDT 2012 installed.  When you use Deployment Workbench on that computer and check the box to enable monitoring, Workbench will first check to see if the specified monitoring host name is local:

image

It doesn’t really matter if you specify an IP address, a short host name, or a fully-qualified host name, as long as the clients can resolve whatever you specify.  If you specify a name that Workbench doesn’t think is local (because Workbench itself can’t resolve the name back to an IP address assigned to the current machine), it won’t try to install the monitoring component; instead, it will try to contact that server to see if monitoring is running on that computer.  If it is, great; if it isn’t, you’ll see an error message:

image

If you look closely at the error “tip” at the end of the “Monitoring host” line, you’ll see a message like “Unable to connect to the specified server and port”.  If you think you specified the local computer name and got that error, then Workbench couldn’t figure out that it was the local computer name (something that’s harder to do than you might think).  If you are specifying a different server and see this error, then it’s having problems communicating with that other server.

Tip #1:  Make sure the name you specify in Workbench can be resolved to the IP address of the current machine.

What does the checkbox do?

You’ve checked the checkbox and can’t see that anything happened.  So what was actually done?  Two things:

  1. A new “Microsoft Deployment Toolkit Monitor Service” service was installed on the computer and started.
  2. An additional entry was added to the [Default] section of CustomSettings.ini telling the clients how to contact the server, with an entry such as:

    EventService=http://mdt-server.mdt.local:9800

Tip #2:  Make sure the “Microsoft Deployment Toolkit Monitor Service” is installed and running.  If it’s not installed and it should be, you can uncheck the box, click apply, then check the box again and click apply to reinstall it.  If it’s installed but not running, try to start it.

Tip #3:  Make sure the entry was added to CustomSettings.ini by looking at the Rules tab.  Because of a peculiarity with the way Workbench works, if you make any changes to the Rules tab after you’ve clicked the “Enable monitoring” checkbox but before you’ve clicked OK, it’s possible that the changes made on the Rules tab overlay the EventService entry in CustomSettings.ini, but it’s easy enough to put it back manually.

What if the service doesn’t start?

The service has two dependencies:

  1. .NET 3.5 SP1 needs to be installed.  That shouldn’t be an issue, because you can’t install MDT 2012 without .NET 3.5 SP1.
  2. The ports you specified need to be available for use.  (Generally that’s not an issue either, as 9800 and 9801 aren’t commonly-used TCP ports.  But it is possible to have another application use them.  Fortunately, MDT will happily use other ports.)

So there’s no dependency on IIS or SQL Server.  The service uses .NET to host a web server as part of the service process, and it uses a SQL Compact database (basically a set of DLLs, which ship with MDT, that run in the service process) to store the monitoring information.  It’s designed to be easy to install and run.

Tip #4:  If you try to start the service and it won’t start, that most likely means the ports you chose were already in use.  (If you want to know what’s using the ports, use a tool like TCPView, available from http://technet.microsoft.com/en-us/sysinternals/bb897437.)  Pick different ports.

While it’s always possible that there could be some other reason the service fails, I haven’t seen any other causes.  But if you know the ports are not in use and the service still won’t start, capture a trace using DebugView (http://technet.microsoft.com/en-us/sysinternals/bb896647) to see if it provides any further clues.  If not, contact Microsoft Support for assistance.

Verifying the Monitoring Service

The monitoring service listens on the two ports that you specified.  The first of these ports (9800) is used by computers being deployed to send progress events.  The second (9801) is used by Workbench itself to query information about deployments being monitored.  To make sure these ports are accessible, we can manually connect to each one using Internet Explorer.

To verify the “event port” from the monitor server itself, you can use a URL such as:

http://localhost:9800/MDTMonitorEvent/

If that works, you should see a response like:

image

That’s a proper response in this case – the web service doesn’t expect to be called in this way (an HTTP GET request instead of an HTTP POST request), so it’s telling you the proper way to call the service.

To verify the “data port” from the monitor server itself, you can use a URL such as:

http://localhost:9801/MDTMonitorData/

image

This response (which is an ODATA feed in case you are curious) confirms that the data feed is working as expected.

But those are the easy queries – they are using “localhost”, which is almost never subject to firewall restrictions.  Next, you need to try these queries remotely, using the appropriate “remote” URLs:

http://mdt-server:9800/MDTMonitorEvent/

http://mdt-server:9801/MDTMonitorData/

If those work, great.  If they don’t, then you need to make sure that whatever firewall is running on the monitoring server allows the ports you specified (e.g. 9800 and 9801) to be accessed from remote hosts.

Tip #5:  Make sure you can access the monitor service ports both locally and remotely.  Adjust the firewall rules as necessary.

Note that there are other networking “challenges” that can get in the way, e.g. IPSec domain isolation.  In this configuration, computers that aren’t domain-joined, e.g. running from Windows PE, can’t talk to domain-joined computers because they aren’t using encrypted IPsec communication.  This type of configuration will never work – you would need to set up the monitoring service on a “boundary server” that has been configured to allow non-IPsec traffic on the configured ports.  So don’t assume that if a “remote” URL works from a domain-joined machine, it will also work from a workgroup machine (or Windows PE) – know how your network is configured.

From the Client Side

When the EventService task sequence variable is set (via the processing of CustomSettings.ini), each MDT script executed in the task sequence will send an event to the monitor service on the “event port” URL.  When this succeeds, you’ll see a message like this:

image

If a script is unable to send an event, you’ll see something different:

image

That’s a clear sign that something isn’t right.  Make sure the service is running, that the firewall ports are open, etc. – the same challenges we already reviewed.

Tip #6:  Check the client logs to make sure the clients are able to talk to the monitoring service.

Another way you might notice an issue:  If the monitor service isn’t running, the clients will still try to connect to it, eventually timing out.  This timeout process will cause a delay at the end of each step in the task sequence, so if you are watching the task sequence progress dialog, you’ll see steps that you never noticed before (because they usually run so fast) now taking a long time.

From Workbench

When you try to look at the monitoring data from Workbench, it calls a PowerShell cmdlet (Get-MDTMonitorData), then that PowerShell cmdlet makes the “data port” query to retrieve the details from the monitoring service.  If the service is working as expected, you can see the list of monitored machines in Workbench.  If the service isn’t working, you’ll see something like this instead:

image

Good advice, make sure the service is running Smile

Finally

Still having issues?  Post them as comments here, or send me an e-mail at mniehaus@microsoft.com and we’ll try to figure out what’s going on. 

Comments (18)

  1. Michael Niehaus says:

    It sounds like your servers may have an incorrect system-level proxy configuration or default route – an internet connection isn’t required. In fact, my test environment typically is completely isolated and monitoring works fine.

  2. Anonymous says:

    Michael,

    One quick question.  I have several deployment shares (Production, TestLab, Captures), on one server.  Do I need to change the ports so that it is monitored in the proper deployment share?

  3. Anonymous says:

    If you want to keep the monitoring separate, you would need to set up three different machines running monitoring.  Otherwise, you can point them all to the same server and see them all together.

    There's no way to run multiple monitoring services (on different ports) on the same machine.

  4. Anonymous says:

    When I first setup my MDT share and integrated DaRT, I believe the systems would automatically show up in the Monitoring window of the MDT Workbench once they fully booted the LiteTouch PE. (I have SkipWelcome set.)

    I was able to use the Monitoring feature to remotely connect to DaRT's remote control app by just clicking on the button within the monitoring properties of a machine.

    Then I could enter my credentials for the DeploymentShare and start my LiteTouch deployment remotely.

    Now when LiteTouch fully boots, the systems do not show in the Monitoring window until after I enter my DeploymentShare credentials. (Which basically means I cannot start a deployment fully remotely.)

    Is there a problem and if so how do I fix it, or am I just remembering incorrectly?

    Thanks for any help.

  5. paug says:

    I'm having trouble enabling monitoring. How is it done thanks

  6. ansonchen says:

    mdt 2012 can not be intelligent judgments dual hard drives

    Scene: My pc has two hard drives, a data disk, and a system disk.

    Failure: mdt can not distinguish between the data disk and system disk, the system will often installed to the data disk.

    We look forward to a solution.

    email:minianson@hotmail.com

  7. Bruun says:

    With a proxy enabled in IE the service will fail to start

  8. Andrew says:

    Have you ever come across all of the tests passing, and the client logs indicating they are posting events to the server but the events do not show up in the Application Log? MDT Monitoring picks the deployment and we can watch it progress but events are
    not posted to the App Log.

  9. luc.verkooijen@agfa.com says:

    Tip #7 : make sure you have an Internet connection on you MDT server otherwise you always get : "unable to access the monitoring data service at hhtp://xyz:9801/MDTMonitorData." Is there a workaround because our servers normaly don’t have an internet connection.

  10. DH says:

    It seems that Monitoring-Remote Desktop can’t recognize the computer name if the target device did not join the domain. I need to use the traditional method – Use mstsc, type the target device IP address, in order to make a remote desktop connection.

  11. Jesse Geron says:

    I had trouble with monitoring not working after upgrading from 2012 update 1 to MDT 2013. I simply unchecked the box for monitoring, clicked apply. Then went back in and checked the box for monitoring clicked apply, and everything was working again.

  12. Saeid says:

    believe it or not, none of these related to issue was causing the service not to start.
    I accidentally noticed windows update service was not running properly, and when I stopped and started it I then notice Deployment server started on it’s own.

  13. Sid says:

    this is what fixed the issue for me:
    Navigate to the HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControl
    1- In the Right Pane create the following Key (If not already created) 1.Value: DWORD (32-bit)
    2- Name: ServicesPipeTimeout
    3 -Value Data, Click Decimal and type 60000 (Not less than 60000)

  14. Greg B says:

    I’m having an issue when I run a deployment, nothing is showing under the ‘Monitoring’ tab in the Workbench.
    I can view http://myserver:9800/mdtmonitorevent/ fine from the server and the client that I just deployed.

    Any suggestions?

  15. showbox says:

    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?
    For more info on showbox please refer below sites:
    http://showboxandroids.com/showbox-apk/
    http://showboxappandroid.com/
    Latest version of Showbox App download for all android smart phones and tablets.
    http://movieboxappdownloads.com/ – It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    For showbox on iOS (iPhone/iPad), please read below articles:
    http://showboxappk.com/showbox-for-ipad-download/
    http://showboxappk.com/showbox-for-iphone/
    Showbox for PC articles:
    http://showboxandroids.com/showbox-for-pc/
    http://showboxappandroid.com/showbox-for-pc-download/
    http://showboxforpcs.com/
    There are countless for PC clients as it is essentially easy to understand, simple to introduce, gives continuous administration, effectively reasonable. it is accessible at completely free of expense i.e., there will be no establishment charges and after establishment
    it doesn’t charge cash for watching films and recordings. Not simply watching, it likewise offers alternative to download recordings and motion pictures. The accompanying are the strides that are to be taken after to introduce Showbox application on Android.
    The above all else thing to be done is, go to the Security Settings on your Android telephone, Scroll down and tap on ‘Obscure sources’.

  16. aw says:

    hai, I just want to tell you that I am just very new to blogs and seriously loved this website. More than likely I’m planning to bookmark your blog post .
    You amazingly come with really good posts. Thanks a lot for sharing your blog Microsoft.

    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Komunikasi
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Listrik
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Management%20Trainee
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Manajemen
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Marketing
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Mekanik
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Mesin
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Metro%20TV
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Negeri
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Online
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Online%20Terbaru
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Oto
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Otomotif
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Pegawai%20Negeri
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Pendidikan
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Penerbangan
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Perawat
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Perikanan
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Perkapalan
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Perpustakaan
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Persero
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Pertamina
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Pertanian
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Peternakan
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Polisi
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Polwan
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Pramugari
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Programmer
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Psikologi
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20PTN
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20PTS
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Reporter
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20S1
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20S2
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Sales
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Sastra
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Sekretaris
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Semua%20Jurusan
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Serang
    http://www.lokerjobindo.com/search/label/Lowongan%20Kerja%20Serpong

  17. Matt P says:

    Michael,

    We recently upgraded our MDT server to Update 2. After the update, monitoring is not longer working. The service is running and the settings in cs.ini are correct. The bdd.log on the client shows an error from the web service – “Unexpected response from web service: 400 Bad Request”

    The monitoring service was working perfectly before upgrading to Update 2. Have you seen this issue?

    I also posted this on technet. I got a few responses from people also having this issue with no solution. https://social.technet.microsoft.com/Forums/en-US/b960ffa7-c9c0-465b-b67d-1787ae2f0270/mdt-2013-update-2-monitoring-errors?forum=mdt

    Any help would be great. Thanks.

    -Matt

  18. Pawel says:

    Hi, I got an issue with MDT 2012 MDT U1 and SCCM 2007 R3,
    I’ve created dummy deployment share just for monitoring, I enabled monitoring with default ports,
    ports are free, I checked with TCP View, there is no additional entry in the ‘Rules’ tab, and service is not starting up. I tried different ports, NETBIOS name, FQDN, nothing works. Any ideas?