Repairing SCCM Client WMI issues.

Occasionally clients will develop a problem with their WMI which impacts the operations of the SCCM client.  For example Application Deployment Evaluation Cycle will not respond or trigger the check / update.

The giveaway is a sea of red in the DcmWmiProvider.log with errors such as

Not found (Error: 80041002; Source: WMI)

At this point you can deduce that your WMI information is corrupted and needs to be rebuilt.

Another symptom is the inability of the SMS Agent Host (ccmexec) service to stop in a timely way.  It will try but then hang in a pending stop state.  This is annoying since this needs to be stopped before the Windows Management Instrumentation (Winmgmt) service can be stopped.

You may need to force the ccmexec service stop to proceed.

To do that,

sc queryex ccmexec

this output the process ID (PID) reference.  Force it down with

taskkill /f /PID <PidReference>

Personally I find it easier to manage the services in the services.msc applet.

Stop the Windows Management Instrumentation (Winmgmt) service.  This is not that easy to do because it will restart immediately.  It may need disabling for a short period while folder operation is done.

delete or rename the C:\Windows\System32\Wbem\Repository folder

Then restart the the Winmgmt service and the ccmexec service.

At this point you have caused chaos because, well, there's no WMI data at all ! :)

The SCCM Client will freak and run a repair operation to try and right itself while writing a log called repair-msi-<GUIDstring>.log It may get a 1603 error in which case it may retry until it gets a 0.  I've seen 1603 on the first attempt and 0 on the second.

After that the SCCM client tries to rebuild its world and get all its apps assignment polices - slowly.  On the machine this process occurred on it was about 3 hours with an end of day shutdown and a start of day boot up, and a forced restart on the ccmexec service.  Eventually normal service was resumed and the apps it was supposed to apply, did so.

SCCM Queries

This post is just a reminder on how to create Queries in SCCM.  AKA Queries for Dummies
Queries can be used to query the client inventory database and return results which match query parameters.
Status Message Queries, as the name suggests, query the status message logs to retrieve the occurrence of events with the SCCM system.

Often admins will query the database directly.  The Queries and Status Message Queries areas provide GUI interfaces for new queries and can show the generated Windows Management Instrumentation Query Language (WQL) code that is generated.

This item is about how to use the GUI interfaces to create a functioning query.

Queries

Right click under Monitoring/Overview/Queries and click Create Query

So far with the few queries I've created I have not needed to change the Object Type from System Resource.

Set a limiting collection if you have a particular set of objects in a collection to query

Enter a Name and Comments and click Edit Query Statement

Click Edit Query Statement and wait for the GUI interface to load.

Click the button with a yellow sun icon to add a class.

Click Select and them choose the Class and Attribute you are interested in.  For example try System Resource as the class and Name as the attribute

Do the same again but this time choose the Last Logon User Name attribute

Now you have two pieces of information that will be obtained.

Next you set the Criteria - click the Criteria tab

Click the yellow sun button to add a Criteria

In Criteria Properties select how the value will be set in the Criterion Type.  Will be fixed or will you get the query to prompt for a value?  For this example try prompt

Next Click System and select the Attribute Class as System Resource and Attribute as Name.

Back on the Criterion Properties set the operator.  For this example choose "is equal to"

Prompt will be set to <prompted value>

Click the OKs and run the query.  Enter a machine name and the query will return the last user logged on.

Sharp eyes among you may realise that this is similar (but the other way round) to one of the built in queries "Systems by Last Logged on User"

Now you've got a default query and a shiny new one all of your own!  From here you should be able to experiment and obtain the data you need.

Status Message Queries (SMQ)

Find these under Monitoring\System Status\Status Message Queries.  There are numerous built in ones but we want our own nice shiny ones !

Half the trick here is identifying what kind  of SMQ you are looking for.  One possible way of doing this is to mimic the operation that you want to query a status for, and then find the example of that SMQ by running the built in All Status Messages SMQ for the last hour.  Once you've identified the type of SMQ you're interested in it becomes easier to set the criteria of the query.

The main take away from this example is the technique of limiting the time window within which you want the query to run. e.g. you only want to know about a certain type of event that happened 7 days ago between 13:00 and 16:00.

Right click Status Message Queries and click Create Status Message Query

Click Edit Query and enter a Name and a comment

On the general tab use the yellow sun button to add any additional Class\Attributes.  By default there are three class \ attribute types of Status Messages <All> , Status Message Strings <All>, Status Message Properties <All>

Click the Criteria tab

Use the yellow sun button to add a criteria

Select Prmopted Value from the Criterion Type dropdown

Click Select and choose a Message Class and attribute.  For this example choose Status Messages \ Message ID

Leave the operator as "is equal to"  and Prompt will be automatically set to <prompted value>

The next two criteria enable you to choose the time windows you are interested in.

Add a criteria for a prompted value of Status Message\Created On.  Set the operator to "is greater than or equal to".   This causes a prompt for the earliest (the furthest back in time) date and time you are interested in.

Notice the criteria are automatically ANDed in the criteria window.

Next Add a criteria for a prompted value of Status Message\Created On.  Set the operator to "is less than or equal to".   This causes a prompt for the latest (the most recent in time) date and time you are interested in.

Click the OKs and Nexts and run the query by right clicking it and clicking Show Messages

You will get three items that you must enter data for:
The Message IS
The latest date/time
The earliest date/time

Click OK and check out the results!  Go query dude!  No really, go and learn how to query databases properly.  You know you should.  Maybe the Show Query Language button will give you some clues?