Workflow: Configuration Manager (SCCM) client continuity
Overview
Devices without a Configuration Manager (SCCM) client present or functioning properly represent significant compliance issues. In addition, detecting, troubleshooting, and remediating the root cause of broken clients can be a lengthy process for support agents. When the client goes dark, support agents are often unaware of the issue until a ticket is raised.
Trigger an automated workflow across any group of devices to perform a series of checks and self-heal actions to ensure the Configuration Manager (SCCM) client is present and compliant with the required configuration, policy, and services. If any issues are detected, the workflow automatically performs the necessary remediation. If these common issues cannot be resolved by the workflow, an ITSM ticket will be automatically created with the relevant information included to notify support.
This workflow automatically enables you to resolve and filter out common Configuration Manager (SCCM) issues and ensure compliance across the landscape. This saves significant time for any support team, enabling them to investigate and focus on more serious problems.
Changelog
V1.0.0.0 - Initial Release
V1.0.1.0 - The workflow has been updated to include a new end block in case all checks pass and no action needs to be taken. The documentation has been updated to include details about the "Install Configuration Manager SCCM client" remote action, which comes unsigned and must be signed before use.
Dependencies
In order to use this flow the following content needs to be installed into your Nexthink Infinity tenant using the Nexthink Library.
Remote actions
Get Configuration Manager SCCM client status
Repair WMI
Restore Configuration Manager SCCM client
Invoke Configuration Manager SCCM client policy actions
Install Configuration Manager SCCM client
For more details about remote actions in workflows see https://docs.nexthink.com/platform/latest/workflows-designer#id-(2023.8-05)Designer-RemoteActions .
Configuration
Remote action configuration
Please note: To be used in a workflow, the following remote actions must be configured with a manual trigger. It can be combined with other execution triggers if the remote action is also used outside of a workflow.
By default, remote actions are installed without the execute trigger enabled.
Install Configuration Manager SCCM client
This remote action comes unsigned and must be signed before use. Nexthink at this point in time is unable to provide a copy of the remote action "Install Configuration Manager SCCM client" signed with a digital signature. The aforementioned remote action is used to install content from a network share (on the customer environment), however as Nexthink is unable to verify the integrity of the installer at this point (as we are not in control of the customer content), the trustworthiness of the source cannot be guaranteed. Hence Nexthink is currently unable to provide a signed copy.
Configure the parameter location where the Configuration Manager client installer resides.
NOTE: This can either be locally on the device or on a share which allows all domain devices read access.Configuration example with installation from a shared folder:
The remote action's "InstallerPath" input parameter must be populated with the UNC path to the client installation file, which is often similar to this: "\\<Configuration Manager server name>\sms_<site code>\Client\CCMSetup.exe"Grant client devices permission to access the shared folder specified in the "InstallerPath" input parameter.
For the RA to function properly, we recommend that you specify the following parameters in the "Installation Parameters" input parameter: /mp:<Configuration Manager server name>/logon SMSSITECODE=<site code>
Service/API configuration
Connector credentials are required for the service/API call step - "Report this device via ITSM ticket".
Connector credentials must be manually configured based on your ITSM solution and its current configuration. For more information about setting up connector credentials in Nexthink, you can refer to this documentation page.
Trigger configuration for the workflow
This workflow has been designed primarily to run automatically using the schedule trigger however it can be useful to also enable the manual trigger to allow on-the-fly client remediations to be sent.
When configuring the scheduler we recommend the following settings as a baseline:
NQL:
devices during past 7d
| where operating_system.platform == Windows
and operating_system.name !in ["*server*"]Recurrence: Weekly - select at least one day.
Please note: Once all the prerequisites and workflow are installed and configured, you can use the built-in validation feature that runs every time you save the workflow.
Workflow Structure
This section describes the key steps in this workflow:
At the start of this workflow, there is a "Get Configuration Manager client status" thinklet configured to automate the retrieval of Configuration Manager (SCCM) status information using a remote action;
Based on the results of this analysis, the workflow determines whether the following issues need to be resolved with additional remote actions:
Restore the state of the WMI service if it is not running;
Install client software if it is missing;
Restore the state of a client service if it is not running.
Once these issues are identified and resolved, the workflow calls Configuration Manager policy refresh to get the latest policies, which may include updates, software deployments, and settings.
The workflow then checks the client software service status again and generates an ITSM ticket if the issue persists.
RELATED TOPICS