Let’s SCCM Server Infrastructure monitoring script without SCOM. We have a post about SCOM monitoring of SCCM infrastructure. Hopefully, this automation script from Karthikeyan can help ConfigMgr admins to automate some of the monitoring tasks.
“Have you ever wished you could peer inside the mind of one of the greatest SCCM bloggers in the world and find out exactly what makes them tick?” Yeah! Right 😊😊. Updated the script on 29th July 2021.
So in this blog, we will be talking about various SCCM components troubleshooting methods already used and documented by our experts to make our day 2-day operations a lot easier. You all have done the unthinkable.
SCCM Server Infrastructure Monitoring Script without SCOM
Now you will be thinking that you have already spent plenty of time reading those articles/blogs, so why should you waste more time on the same things again but Hey, Hear me out, We will not be discussing those error codes, resolutions, root cause, and workarounds once again.
Still, we will try to pick a few of them and find a method to automate them by any means necessary. So, let’s find out more details below about SCCM Server Infrastructure Monitoring without SCOM OpsMgr.
Note:- Brain behind this scrip is Author:- A, Karthikeyan
So without any further delay, let’s see what we got in our hands.
Note:- These instructions are intended for ConfigMgr Team in the normal execution of infrastructure management.
Core Infrastructure Check – All in one.
The main reason to pick the “All in one” check at the very beginning, because we all try to complete this check before entering the change request freeze window, and at that moment, all we can think of is we should not leave any stone untouched.
So this script is essential for all those SCCM Administrators who always think that what if I missed any component and it’s going to create chaos. Don’t worry. Be happy.
Copy the script from the bottom of this post and execute it either on your CAS or Primary site, whichever you have the highest in your hierarchy. The script generates the output into an HTML format and with the status in different colors, making it easy to spot. Once execution completes, the output will look like below:
The output will be saved to the same directory where you have saved this script at the execution time. Now you can see in the above screenshot how detailed check it’s performing. There is no untouched part we need to worry about.
To verify if the script works or not, we purposefully broke the backup and executed it. The script highlighted that the backup failed. Screenshot below:
Status in red and with the type if it’s Site Backup or DB backup which got failed. Hold on. We are not done yet. You can schedule a task to execute it and forget about it. There is more. You don’t have to jump to your server every time to check the status. It’s capable of sending the HTML file to your e-mail so you can read the current status.
Below are few points which we need to keep in mind before setting up our SCCM Infrastructure.
ConfigMgr Administration Best Practices
Let’s check the list of administration best practices. Hope you have got all the information on SCCM server Infrastructure Monitoring without SCOM OpsMgr.
- Use AD Sites to define ConfigMgr boundaries to avoid overlapping.
- Automate maintenance tasks and create custom maintenance tasks.
- Create OUs for ConfigMgr Servers.
- Use AD Groups and Accounts for managing the ConfigMgr environment.
- Keep administrative rights to a minimum level of Access.
- Create a plan for role-based administration and apply only the rights necessary to perform job function.
- Use NTFS on all client and server partitions.
- Assign the least permissions possible.
- Do not install site servers on Domain Controllers.
- Do not install other services that use the local system account.
- Use GPO and ConfigMgr Client Push Method to install client agent on computers.
- Add only required users to ConfigMgr admins group, or created alternate groups and use role-based access control for permissions.
- Create ConfigMgr AD OU containers for service IDs, Application Management ID’s, Management groups and Servers.
- Lock down the ConfigMgr Infrastructure using Domain Groups and Accounts.
- Configure SUP on every primary and secondary site server.
- Enable SMTP access on Top ConfigMgr server to send a custom SSRS Reports.
- Only deploy the ConfigMgr client to computers that are trusted.
- Do not use a domain admin account as the client push installation account.
- SQL Server must be configured to use Windows Authentication.
- Remove or Disable the Guest account from the ConfigMgr SQL Database.
Disclaimer – The information provided on site is for general informational purposes only. All information on the site is provided in good faith. However, we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the website.
Let’s find the script below produced by Karthikeyan. Please go through the script and make the necessary changes before trying it out. Update 28th July 2021 – How to use the script.
- Copy the Script and execute. (If any errors at the initial level of execution then let me know)
- It will create a default config file for you at the same path where you have saved this actual script.
- Modify the config.xml to match to your server names etc. Look for SCCMCentralDBName, SCCMCentralDBServerName.
- More details in the comments below.
Note:-As soon as you execute the script it will ask to create a default configuration file to the same location where you have saved this script. Screenshot below:
Now you have a ConfigXML file. Open the ConfigXML file with Notepad and please modify the values according to your infrastructure. A script required Admin rights on all SCCM Servers and read access required on the database to fetch the component error details. Screenshot below:
Download the Script from GitHub – https://github.com/AnoopCNair/ConfigMgr-Infra-Monitoring