Let’s see how to Fix DCM Compliance Rules Error 0x87d00320 with Configuration Manager. Learn how to reate or build the Desired Configuration Management (DCM).
When created a configuration item and targeted it using configuration baseline the rule fails to run and evaluate. Fails with error ” 0x87d00320 The script host has not been installed yet. “
Compliance baseline with Powershell script was failing to evaluate.
Since there was a registry key (HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\Path) which points to the C:\windows\System32\WindowsPowershell\v1.0\Powershell.exe’ was missing on the clients (Both Server 2008 and 2012).
I tried to manually create them and tried to evaluate the baseline and found the baseline evaluation was successful.
- Issues was happening on both VMs and Physical machines.
- We have tried rebooting the client but the issue persists.
- We created a baseline with only one Configuration Item but the issue remained.
- We looked at the client logs and found the below error.
Let see how to identify the trouble “Compliance Rules Error 0x87d00320” via SCCM Logs DcmWmiProvider.log.
ScriptProvider::ReadDiscoveryInformation - ScriptType:0 ScriptProvider The needed Powershell script host is not installed. ScriptProvider 7044 (0x1B84) Failed in discovering instance. The script host has not been installed yet. (Error: 87D00320; Source: CCM) ScriptProvider 7044 (0x1B84) Failed to do HandleExecQueryAsync(). The script host has not been installed yet. (Error: 87D00320; Source: CCM) ScriptProvider 7044 (0x1B84) Failed to process CScriptProvider::GExecQueryAsync. The script host has not been installed yet. (Error: 87D00320; Source: CCM) ScriptProvider 7044 (0x1B84)
Solution – Compliance Rules Error 0x87d00320
We have verified and confirmed that the Powershell execution policy was set to ‘Bypass’ in the client settings>Computer Agent.
- Also, we have confirmed that the Powershell was set to Remote signed on the local machine through the GPO.
- We have also checked and confirmed that the Powershell 2.0 was already enabled.
[X] Windows PowerShell PowerShellRoot Installed [X] Windows PowerShell 4.0 PowerShell Installed [X] Windows PowerShell 2.0 Engine PowerShell-V2 Installed [ ] Windows PowerShell Desired State Configuration. DSC-Service Available [X] Windows PowerShell ISE PowerShell-ISE Installed [ ] Windows PowerShell Web Access WindowsPowerShellWeb... Available
- We tried adding the below registry manually and rebooted the client and checked but it didn’t help.
- reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell /v EnableScripts /t REG_DWORD /d 1 /f
- reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\PowerShell /v ExecutionPolicy /d RemoteSigned /f
- Created a new client setting with Computer agent the PowerShell execution policy was set to ‘Bypass’ and deployed to few clients for testing, but it didn’t help.
- Checked the settings using ‘Policy spy’ and confirmed that the value was set to 1
- I have tried to reproduce the issue in my lab using the same script and the issue was not occurring.
- Invoke-WmiMethod -Namespace “ROOT\ccm\ClientSDK” -Class CCM_ClientUtilities -Name DetermineIfRebootPending | select-object -ExpandProperty “RebootPending”
- Move the client to another OU without any GPO inherited and check the results.
- We have updated that we have already tested it by disabling most of the GPOs except few which is needed.
- Suggested to take a Procmon while reproducing the issue.
- Reviewed procmon and found the below entry.
- wmiprvse.exe 1104 RegQueryValue HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\Path NAME NOT FOUND C:\WINDOWS\system32\wbem\wmiprvse.exe Length: 44 NT AUTHORITY\SYSTEM
- I have checked in my lab and could see the above registry key, hence compared it with non-working machines and found the Registry key was missing.
- We have tried to manually create the registry value and tried to evaluate the baseline and found the baseline evaluation was successful.