Useful maintenance collections in SCCM – System Center Configuration Manager

By | 26.06.2017

Duplicate hostnames

Sometimes System Center Configuration Manager  (SCCM) doesn’t manage to merge resources together when you create a resource for OSD. When it’s finished setting up, SCCM adds it through the configured discovery methods, which rarely ends in two resources with the same name. You can create a collection with this query to find those resources:

select R.ResourceID, R.ResourceType, R.Name, R.SMSUniqueIdentifier, R.ResourceDomainORWorkgroup, R.Client
from SMS_R_System as r full join SMS_R_System as s1 on s1.ResourceId = r.ResourceId full join SMS_R_System as s2 on s2.Name = s1.Name
where s1.Name = s2.Name and s1.ResourceId != s2.ResourceId

If duplicate resources are picked up by this collection, I verify the agent is working fine, I check the creation date and MAC addresses of both resources and if they’ve been there for a couple of days, I just delete the one not showing an active agent.

Software Update Point (SUP) – Monitor if WSUS server is configured in the registry

Especially after migrations, where a WSUS was configured by GPO, it happens that the SCCM agent can’t configure the SUP as WSUS server in the registry. In the WUAHandler.log you find the error “Group policy settings were overwritten by a higher authority (Domain Controller)”. In that case, deleting C:\Windows\System32\GroupPolicy\Machine\registry.pol followed by a restart of  the SCCM agent usually solves this issue. But there might be other issues which needs to take care of, if these keys are missing.

The compliance setting might look like this:

CI WSUS registry

Here you have to enter the URL of your SUP:

CI WSUS registry

SCUP settings not configured in registry

A similar collection can check if SCUP registry keys are missing. In case you are using SCUP, you should have configured the Windows Update Service to accept trusted publisher certificates. Otherwise the Windows Update Agent can’t install signed 3rd party updates, for example for Adobe Flash Player.
Clients missing those keys might have a general problem applying GPOs.

CI SCUP registry

CI SCUP registry

Clients without agent

To identify clients without an installed SCCM agent:

select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System where SMS_R_System.Client is null or SMS_R_System.Client = “0”

Clients with agent version not up to date

To identify clients having trouble updating to the latest SCCM agent version:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != “5.00.8498.1008”

Inactive clients

It’s worth having a look on the inactive clients. The agent can fail, either in normal operation or during an update installation. Those clients show up as inactive because the SCCM agent isn’t working anymore. At the moment I am using a semi automated task to identify those clients. I create a txt file with the hostnames of all inactive clients and run a Powershell to check if one of it is online. As soon as I’ve updated the Powershell to get the clients directly from SCCM, I will update the post.

Collection query:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_CH_ClientSummary on SMS_G_System_CH_ClientSummary.ResourceId = SMS_R_System.ResourceId where SMS_G_System_CH_ClientSummary.ClientActiveStatus = 0


Usually you will get clients which simply were offline. When you check ccmexec.log, you might find broken SCCM agents as well.

Leave a Reply