SCCM CMG is a critical component of your SCCM infrastructure. SCCM Cloud Management Gateway(CMG) connectivity is vital for co-managed or internet client-managed devices.
You will learn tips about the SCCM CMG connection analyzer through this post. SCCM CMG Troubleshooting Tips.
[Related Post– Fix to CMG Client Communication Failure Error 0x87d0027e]
let’s check the SCCM CMG Cloud Management Gateway Implementation Guide. In the previous post, part 1 discussed SCCM Cloud Management Gateway (CMG) architecture and its co-management environment.
What is SCCM CMG Connection Analyzer (SCCM CMG Troubleshooting Tips)?
SCCM 1806 onwards, you have a new in-console utility called CMG connection analyzer. This utility is for real-time verification to help CMG-related troubleshooting.
The SCCM in-console utility checks the current status of the service and the communication channel through the CMG connection point to any management points that allow CMG traffic.
How to Launch CMG Connection Analyzer?
There are two prerequisites for the CMG connection analyzer. You should have an active cloud management gateway used by internet-based clients. And your SCCM site is onboarded to Azure services for cloud management. SCCM CMG Troubleshooting Tips.
SCCM CMG connection analyzer in-console utility is located in the ribbon menu of the SCCM console.
- Navigate to \Administration\Overview\Cloud Services\Cloud Management Gateway
- Select your CMG service name
- Click on the Connection analyzer in the ribbon
- Login to connection analyzer Azure AD user*. This Azure AD user should have appropriate access to Azure instances of CMG. This can be tested using a normal AAD user. Also, the SCCM console user should have appropriate RBAC access to check all connections on remote site servers.
- Make sure the connection “Signed in successfully.”
- Click on the start button to kick off the analysis.
* Azure AD user: This option simulates communication the same as a cloud-based user identity logged on to an Azure AD-joined Windows 10 device. Click Sign In to securely enter the credentials for this Azure AD user account (SCCM CMG Troubleshooting Tips).
Another option to log in to the CMG connection analyzer is with the Client certificate: use this option to simulate communication the same as an SCCM client with a client authentication certificate (PFX files).
[Related Post – Fix to CMG Client Communication Failure Error 0x87d0027e]
Video Tutorial – SCCM CMG Troubleshooting Tips
The video tutorial will help you understand the troubleshooting tips for the SCCM cloud management gateway.
- Log Analysis
- Azure Portal Analysis
- Login Connection Analyzer
- Start Connection Analyzer
Deep Dive – SCCM CMG Connection Analyzer
SCCM CMG connection analyzer tool helps you analyze end-to-end CMG communication scenarios in your environment. It checks remote site systems, CMG connection points, and Azure Services.
The following steps are the current checks of the SCCM CMG Connection Analyzer tool (SCCM CMG Troubleshooting Tips).
- SCCM CMG service is in ready state checks
- Connection check to the SCCM CMG service to see if it’s running
- SCCM CMG Configuration is up to date or not – Check whether configuration settings of the CMG service are up to date
- SCCM CMG Connection Point/s connection status checks
- MP/SUP Site system roles check to confirm SCCM CMG options are enabled on-site system configurations
- Check the MP communication to test the CMG channel for MP
Deep Dive – SCCM CMG Logs
Log files related to Cloud Management Gateway are given below. You can check the details in the log files to troubleshoot more information. ACMCMG01 is my SCCM CMG and CDP service name.
- CMG-acmcmg01-ProxyService_IN_0-CMGContentService.log = SCCM Cloud DP log
- CMG-acmcmg01-ProxyService_IN_0-CMGService.log = SCCM CMG Log
CloudMgr.log is where you can check the service states of the SCCM CMG. One example of ServiceState 2 is given below. This service state is when I stopped the Azure VM for CMG services. SCCM CMG Troubleshooting Tips.
UpdateServiceInfo: Service 16777218 to ServiceState 2 ServiceInfoStateDetail 2009 ERROR: Exception occured during monitoring of service 5351e58bea6d46e3b148ee2d : Exception Microsoft.ConfigurationManager.AzureManagement.FailedToCommunicateToServiceException: Failed to contact Azure service. ---> System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://management.core.windows.net/dda5f69a-5a3b-4ecc-b354-db1223d95633/services/hostedservices that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: The remote name could not be resolved: 'management.core.windows.net'~~ at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)~~ at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)~~ --- End of inner exception stack trace ---~~~~Server stack trace: ~~ at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)~~ at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)~~ at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteSend(IAsyncResult result)~~ at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.SendWebRequest()~~ at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.BeginSendRequest(Message message, TimeSpan timeout)~~ at System.ServiceModel.Channels.RequestChannel.BeginRequest(Message message, TimeSpan timeout, AsyncCallback callback, Object state)~~ at System.ServiceModel.Dispatcher.RequestChannelBinder.BeginRequest(Message message, TimeSpan timeout, AsyncCallback callback, Object state)~~ at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.StartSend(Boolean completedSynchronously)~~ at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.FinishEnsureOpen(IAsyncResult result, Boolean completedSynchronously)~~ at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.StartEnsureOpen(Boolean completedSynchronously)~~ at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.StartEnsureInteractiveInit()~~ at System.ServiceModel.Channels.ServiceChannel.BeginCall(String action, Boolean oneway, ProxyOperationRuntime operation, Object ins, TimeSpan timeout, AsyncCallback callback, Object asyncState)~~ at System.ServiceModel.Channels.ServiceChannelProxy.InvokeBeginService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)~~ at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)~~~~Exception rethrown at : ~~ at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)~~ at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData ServiceState 2 - Failed to contact Azure service - Storage account not found for service
[Related Post – Fix to CMG Client Communication Failure Error 0x87d0027e]
Microsoft Docs – SCCM CMG Connection Analyzer – here
Blog – CMG connection Analyzer Tool from Nick https://nhogarth.net/2018/06/01/sccm-tp-1805-cmg-connection-analyzer/
Blog – CMG Troubleshooting –Ronny https://ronnydejong.com/2018/07/20/troubleshooting-cloud-management-gateway-quick-effectively-w-cmg-connector-analyzer/
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.