There’s a brilliant, free community management pack for monitoring Microsoft’s System Center Configuration Manager (SCCM) – now known as Microsoft Endpoint Configuration Manager (MECM).
Note: We’ll keep referring to this management pack (MP) as the SCCM MP instead of the MECM MP because that’s the most well-known name in the community at the moment.
You can download the SCCM MP here: https://www.protectorg.com/blog/free-community-sccm-management-pack
Although you may have seen an overview of the SCCM MP’s features in a SCOMathon Coffee Break before, we wanted to do a deep dive with the creator himself – Dujon Walsham.
Let’s dive in!
An SCCM MP, created by Microsoft, already existed before Dujon created this one. It was great for discovering the architecture of SCCM and the roles in it so you could layer monitoring on top. However, the previous version was created 10 years ago for SCCM 2012 R2, was fairly basic, and is no longer supported. It simply forwarded the SCCM alerts to SCOM and used rule-based alerts, so they didn’t automatically close once the issue was fixed. Plus, there wasn’t much information with the alerts to help you identify what might need fixing. (In fact, the MP has just been made unavailable by Microsoft.)
Dujon has set out to fix the primary issues with the old MP.
Best of all, the new SCCM MP is up to date and is still being developed further as feature suggestions come in so it’s compatible with SCOM 2019 and 2022.
The MP has comprehensive monitoring with a dedicated event log, log file parsing, and SDK/PS/WMI integration. This new event log, the Endpoint Manager Log, allows the MP to interrogate SCCM and create new event logs. You now get history and date retention on some SCCM events, and you can even pause log files for clients and servers too.
In addition, the alerts are also now more meaningful with descriptions that point you in the right direction of what may be triggering the alert.
You will also get monitoring in the new MP to analyse the SCCM Site version you are using and confirm its end-of-life date. This is helpful to see whether your environment is still in support.
There’s also new monitoring that lets you analyze the ADK version you are running to see if it matches the SCCM environment you are using. It also checks if the ADK version matches the WinPE version. This will help you keep on top of versioning so you don’t run into issues.
You can see a screenshot here of what the version monitoring looks like in the SCCM MP where the ADK and WinPE versions don’t match. The alert description in the bottom right shows the details.
Finally, you also get console versioning monitoring in the new SCCM MP. This analyses the console version you are using and will confirm if the version being used is correct for the SCCM environment you are running. This will be kept up to date as new versions are available.
Here you can see a screenshot showing alerts for best practice, site failover configuration in SCCM, and that a new version of SCCM has been detected.
You can see if the health of an area is in good condition using the SCCM MP. A monitor detects whether the HTTPS status is active or not using log files – detecting and comparing the last failed message and last successful message – to give you information on the health of an area.
This is the same process for the software update point server. When you run any sort of patching, particularly if it uses automatic deployment rules, you want to know if the software update point synchronization has run successfully. A monitor also runs through the log file to see whether the software update point synchronization actually ran.
Plus, the endpoint distribution point has rules running based on whether packages have been distributed successfully or not. Issues show up in task sequences if they haven’t been distributed properly. There is richer information in this new endpoint MP than in the old version, so you can also see more details, like whether a distribution point is Internet Only or if it’s SCCM PXE enabled. Here’s an example of the helpful details you can get on the health monitors.
You can also see more of the configuration in the roles (see below) with the SCCM MP.
The MP also creates event logs, a centralized point where you can see logs of any issues that happen in SCCM. These logs get passed through SCOM so you can see what’s an issue in SCCM without leaving SCOM.
Here’s an example of the log files you might be able to see.
And here’s what an event log would look like that displays an issue in SCCM.
If you want to find out more about the endpoint manager MP, get the high-level overview in this webinar:
Or follow along with this demo in the deep-dive SCOMathon webinar on the SCCM MP here from 21:08:
Download the SCCM MP (free endpoint community manager MP) by filling out the form at the bottom of this page:https://www.protectorg.com/blog/free-community-sccm-management-pack