SCCM Endpoints not getting compliant and showing inactive

Rahul Sapke 161 Reputation points
2024-05-31T08:42:24.1333333+00:00

In my company I am operating one Primary site server with several different roles.

Lately I have seen one strange issue where multiple endpoints not getting compliant. Tried to resinstall the SCCM client for easy fix but that too not working like earlier. Some machines needed reboot to show SCCM client as Active in the console.

Since many machines are there not sure what could be the easy fix because its difficult to search and analyse individual machine logs.

Please advise.

Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,004 questions
Microsoft Configuration Manager
0 comments
Accepted answer
  1. Simon Ren-MSFT 31,681 Reputation points Microsoft Vendor
    2024-06-03T08:46:09.03+00:00

    Hi @Rahul Sapke ,

    Thank you for posting in Microsoft Q&A forum.

    1,Client status of Inactive are indicative of the system either being offline or simply unable to communicate with the MP. As these clients are up and running, please check the LocationServices.log on the problematic clients to see if there is any useful information about the communication failure.

    2,Please help make sure that there is no firewall or anti-virus to stop the communication between the client and the MPs. Use the following URL to verify that a client can access the management point and the management point certificate information:

    http(s)://<ServerName>/sms_mp/.sms_aut?mplist

    http(s)://<ServerName>/sms_mp/.sms_aut?mpcert

    Where <ServerName> is the NetBIOS/FQDN for the management point computer.

    Some official articles about antivirus exclusions and firewall port settings for your reference:

    Recommended antivirus exclusions for Configuration Manager site servers, site systems, and clients

    Windows Firewall and port settings for clients in Configuration Manager

    3, Here’s some more explanations for client status and heartbeat discovery for your reference:

    To mark the client Active / Inactive based upon Discovery data, is based upon setting specified under Monitoring > Client Status > Client Activity. Right click the “Client Activity” and select “Client Status Settings”. Hence your client will become inactive if they are not able to send request back to SCCM Server through:

    • Client Policy Request
    • Heartbeat discovery
    • Hardware discovery
    • Hardware Inventory
    • Software Inventory

    If client is unable to send status message based upon above 5 settings, then it will be marked as inactive.

    Thanks for your time. Have a nice day!

    Best regards,

    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anushka 320 Reputation points
    2024-05-31T09:06:01.1633333+00:00

    Hello Friend, I hope you are doing good,

    When facing issues with multiple endpoints not getting compliant in SCCM (System Center Configuration Manager), it's essential to approach troubleshooting systematically. Here are some steps you can take to diagnose and potentially resolve the issue:

    1. Check SCCM Component Status: Review the component status in the SCCM console to see if any components are reporting errors or warnings. This can provide insights into potential issues with SCCM infrastructure components.
    2. Review Client Logs: Review the client logs on affected endpoints to identify any errors or issues reported by the SCCM client. The most relevant logs for troubleshooting client-related issues are ccmexec.log, ClientIDManagerStartup.log, and LocationServices.log.
    3. Verify Client Installation: Ensure that the SCCM client is installed correctly on all affected endpoints. You can use tools like SCCM client center or PowerShell scripts to remotely check the client installation status.
    4. Check Client Communication: Verify that endpoints can communicate with the SCCM server and receive policy updates. Check network connectivity, firewall settings, and DNS resolution to ensure endpoints can communicate with the SCCM server.
    5. Review Group Policies: Check Group Policies applied to endpoints to ensure they are not blocking SCCM client communication or policy enforcement.
    6. Client Health Evaluation: Use SCCM's built-in client health evaluation feature to identify and remediate common client health issues automatically.
    7. Client Remediation: Initiate client remediation actions from the SCCM console to force client actions like application installation, policy update, or software update scan.
    8. Evaluate Software Update Compliance: Ensure that software updates are deployed correctly and endpoints are scanning for and applying updates as expected. Review software update deployment status and compliance reports in the SCCM console.
    9. Consider Third-Party Tools: Consider using third-party SCCM troubleshooting tools or scripts to automate the troubleshooting process and gather additional insights into client health and compliance issues.
    10. Engage Microsoft Support: If the issue persists and you're unable to identify or resolve the root cause, consider engaging Microsoft Support for further assistance. Provide them with detailed information about the issue, including SCCM logs, client logs, and any relevant configuration details.

    By following these steps, you should be able to diagnose and potentially resolve the issue with multiple endpoints not getting compliant in SCCM. Remember to document your troubleshooting steps and findings for future reference. Hope this helps. Have a good day!!!!

    1 person found this answer helpful.