SCEP Dash Board does not return the data for ‘ConfigMgr Client Not Installed’ for the ConfigMgr clients when checked against the collections.


Hi Team,

I worked on a case where When we click on 'System Center 2012 R2 Endpoint Protection Status'->'Configuration Manager client not installed'->the view that opens does not give accurate information.

We have some clients which are listed as not Installed with the Clients, but when clicked on the same we do not see any information of those clients.

FEP1

We see that the Client Not Installed Count here is 8 but when clicked on the view it does not return any records.

- We know the view it checks on the Page to list the Client in the 'Configuration Manager client not installed' pane. It is 'vSMS_EndpointProtectionHealthStatus'.

- We also know what query runs on the background to give the view of the clients -

 
select distinct 
r.ADLastLogonTime,r.ADSiteName,r.AMTFullVersion,r.AMTStatus,r.ClientActiveStatus,r.ClientCertType,r.ClientCheckPass,r.ClientEdition,
r.ClientRemediationSuccess,r.ClientType,r.ClientVersion,r.DeviceAccessState,r.DeviceOS,r.DeviceOwner,r.DeviceType,r.Domain,r.EAS_DeviceID,
r.EP_AntispywareEnabled,r.EP_AntispywareSignatureUpdateDateTime,r.EP_AntispywareSignatureVersion,r.EP_AntivirusEnabled,
r.EP_AntivirusSignatureUpdateDateTime,r.EP_AntivirusSignatureVersion,r.EP_ClientVersion,r.EP_DeploymentDescription,
r.EP_DeploymentErrorCode,r.EP_DeploymentState,r.EP_Enabled,r.EP_EngineVersion,r.EP_InfectionStatus,r.EP_LastFullScanDateTimeEnd
,r.EP_LastFullScanDateTimeStart,r.EP_LastInfectionTime,r.EP_LastQuickScanDateTimeEnd,r.EP_LastQuickScanDateTimeStart,r.EP_LastThreatName,r.EP_PendingFullScan
,r.EP_PendingManualSteps,r.EP_PendingOfflineScan,r.EP_PendingReboot,r.EP_PolicyApplicationDescription,r.EP_PolicyApplicationErrorCode,
r.EP_PolicyApplicationState,r.EP_ProductStatus,r.ExchangeOrganization,r.ExchangeServer,r.IsActive,r.IsAlwaysInternet,r.IsAOACCapable,r.IsApproved,
r.IsBlocked,r.IsClient,r.IsInternetEnabled,r.IsObsolete,r.IsVirtualMachine,r.LastActiveTime,r.LastClientCheckTime,r.LastDDR,r.LastHardwareScan
,r.CP_LastInstallationError,r.LastMPServerName,r.LastPolicyRequest,r.LastSoftwareScan,r.LastStatusMessage,r.LastSuccessSyncTimeUTC,
r.CP_LatestProcessingAttempt,r.Name,r.PhoneNumber,r.PolicyApplicationStatus,r.MachineID,r.ArchitectureKey,r.RetireStatus,
r.SiteCode,r.SMSID,r.CP_Status,r.SuppressAutoProvision,r.Unknown,r.UserDomainName,r.UserName,r.WipeStatus 
 
from vSMS_CombinedDeviceResources AS r INNER JOIN 
v_FullCollectionMembership AS c ON r.MachineID = c.ResourceID INNER 
JOIN
vSMS_G_System_EndpointProtectionStatus AS x ON r.MachineID = 
x.ResourceID 
where (((c.ClientType = 1 AND r.ClientType = 1) AND 
c.CollectionID = N'KNX00022') AND x.NotClient = 1)

 

- The view 'vSMS_EndpointProtectionHealthStatus' returns the result from the Column 'OverallNotClientCount'

- Worked a bit on the SQL and got the logic too it calculates.

The query it runs when drilled Pulls in from different views -

vSMS_G_System_EndpointProtectionStatus - This contains a field called 'NotClient' and we do have the Client here marked as not client.

-Moved ahead v_FullCollectionMembership returns those clients but when combined with a condition 'ClientType = 1' does not.

- So the discovered records are having a different Client type.

Ran the query -

 
select * from v_FullCollectionMembership where CollectionID 
='KNX00022' and resourceid in 
(select resourceid from 
vSMS_G_System_EndpointProtectionStatus where NotClient=1 )

Found from here that the ClientType for these NoClient=1 machines was NULL. And that now explains the reason why no records are returned.

Ran The query -

select * from v_FullCollectionMembership where CollectionID 
='KNX00022' and ClientType is NULL

Returns the exact number of rows which do not turn up.

-Drilled down the view 'v_FullCollectionMembership' to check from where this information is stored. The table is system_disc.

The below query returns the records -

select * from System_DISC where ItemKey in (select resourceid 
from v_FullCollectionMembership where CollectionID ='KNX00022' and ClientType is 
NULL)

- Reproduced the same in the LAB. This is a BUG.

There are two options here for correction here-

1. To modify the view to exclude the condition 'c.ClientType = 1'

2. To Modify the System_Disc table to change the NULL values to 1.

Going by the risk analysis it is better to modify the discovery record. But it may change for rediscovery.

Ran the below -

update System_DISC set Client_Type0 = 1 where ItemKey in 
(select resourceid from v_FullCollectionMembership where CollectionID 
='KNX00022' and ClientType is NULL)

Checked the console and we see the Not Client values now when drilled down.

Feeback filed - ID : 874343

https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/874343/css-configmgr-2012-r2-the-system-center-2012-r2-endpoint-protection-status-configuration-manager-client-not-installed-the-view-that-opens-does-not-returns-any-records#tabs

Hope it helps!

Umair Khan

Support Escalation Engineer | Microsoft System Center Configuration Manager 

Disclaimer: This posting is provided "AS IS" with no warranties and confers no rights.

Comments (2)

  1. I have accepted this as a BUG 🙂 We have not requested RFH as is it not Critical.

  2. Krishna Sharma says:

    Hey thanks for such a nice blog Umair.. I remember this issue however i am not sure if this has been accepted as a "BUG" or not.. 🙂

Skip to main content