Forum Discussion

Chetan_SCCM's avatar
Chetan_SCCM
Copper Contributor
Nov 20, 2025

Applications deployed on device based collection are missing from devices.

Hey guys, In my SCCM environment we are facing an issue. Its a co-managed environment where apps are deployed via SCCM. All of a sudden the apps deployed on Device based collection are not reaching t...
MECM
SCCM
Simone_Termine's avatar
Simone_Termine
Brass Contributor
Dec 30, 2025

Hi Chetan_SCCM​
this symptom set (apps targeted to device collections not appearing, plus policy not arriving, plus installed apps suddenly reporting Non-Compliant/Error) usually means the policy + state message pipeline broke somewhere, not that every app “went bad” overnight.

A few quick questions first (these narrow it down fast):

  • Does this impact all devices or only a subset (e.g., a location/VPN/internet-only)?
  • Any recent change in the last week: ConfigMgr upgrade/hotfix, certificate renewal (HTTPS/eHTTP), MP/DP move, boundary/boundary group changes, or co-management workload switch?
  • Are user-based deployments still working, or are those also missing?

What I’d check, in order:

1) Confirm devices are still actually getting machine policy
On an affected client, run Machine Policy Retrieval & Evaluation and look at:

  • PolicyAgent.log/PolicyEvaluator.log (do you see new policies being requested/assigned?)
  • LocationServices.log (is the client finding a Management Point, correct site, correct boundary group?)

If the client can’t find/reach the MP, device-targeted deployments will “vanish” from Software Center and compliance will nosedive because the client can’t evaluate/report.

2) Verify Management Point health and IIS
On the site side:

  • Monitor the MP role status, and check MPControl.log (MP responding/healthy).
  • If you use HTTPS/eHTTP: check for TLS/cert issues and that clients trust the chain. A silent cert/TLS break often looks exactly like “policies stopped arriving”.

3) Validate the device collections are still evaluating properly
If collection membership stopped updating, devices won’t receive deployments anymore:

  • Make sure the affected devices are still members of the collections.
  • Check collection evaluation health (SMS_COLLECTION_EVALUATOR) and whether incremental updates are working.

4) If policy arrives but compliance is wrong, focus on app detection + state messages
On a client where the app is installed but reported Non-Compliant:

  • AppDiscovery.log (detection method returning “not detected”?)
  • AppIntentEval.log/AppEnforce.log
  • StateMessage.log (are state messages sending successfully?)

If every app’s compliance went bad at the same time, it’s often state messages not processing (server backlog) or client cannot send state (MP/MP auth).

5) Quick isolations that save time

  • From the console: Client Notification > Download Computer Policy and see if anything changes (and check BgbAgent.log on the client).
  • Test one affected device on a “known good” network/boundary (HQ) to rule out boundary/MP discovery issues.

If you tell me whether it’s all devices or only certain locations, and paste a few lines around the error from LocationServices.log + PolicyAgent.log on one impacted client, I can point to the most likely culprit (MP comms vs collection eval vs state message processing) pretty quickly.

Resources