Home
%3CLINGO-SUB%20id%3D%22lingo-sub-1082152%22%20slang%3D%22en-US%22%3ERe%3A%20Generate%20%26amp%3B%20gather%20Windows%2010%20MDM%20client%20logs%20and%20diagnostics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1082152%22%20slang%3D%22en-US%22%3E%3CP%3EIt's%20easier%20to%20just%20run%20%22MDMDiagnosticsTool.exe%20-area%20DeviceManagement%20-cab%20c%3A%5Cmdmlogs.cab%22%20or%20%22MDMDiagnosticsTool.exe%20-area%20DeviceManagement%20-zip%20c%3A%5Cmdmlogs.zip%22%20as%20the%20resulting%20file%20includes%20everything%20you%20specified%20and%20then%20some.%26nbsp%3B%20You%20can%20also%20use%20%22MDMDiagnosticsTool.exe%20-area%20Autopilot%20-cab%20c%3A%5Cautopilot.cab%22%20or%20%22MDMDiagnosticsTool.exe%20-area%20Autopilot-zip%20c%3A%5Cautopilot.zip%22%20to%20get%20both%20MDM%20and%20Autopilot%20logs%20at%20the%20same%20time.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1082355%22%20slang%3D%22en-US%22%3ERe%3A%20Generate%20%26amp%3B%20gather%20Windows%2010%20MDM%20client%20logs%20and%20diagnostics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1082355%22%20slang%3D%22en-US%22%3E%3CP%3EI%20think%20this%20demonstrates%20very%20well%20that%20there's%20some%20improvements%20that%20could%20be%20made%20to%20the%20troubleshooting%20tools%20available%20to%20a%20client%20managed%20by%20Intune.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20first%20line%20technician%20can%20remember%20%22gpresult%20%2FR%22%20to%20get%20a%20basic%20list%20of%20what%20policies%20are%20applied%20and%20%22gpupdate%22%20to%20check%20for%20new.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20Intune%2C%20there's%20equivalent%20tools%2C%20but%20they%20require%20a%20bit%20more%20effort%20and%20knowledge%20to%20use.%20That's%20fine%20for%20higher%20tier%20technicians%2C%20but%20not%20so%20great%20for%20the%20entry%20level%20Helpdesk%20types.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1082142%22%20slang%3D%22en-US%22%3EGenerate%20%26amp%3B%20gather%20Windows%2010%20MDM%20client%20logs%20and%20diagnostics%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1082142%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3E%3CFONT%3EBy%20Matt%20Shadbolt%20(%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2FConfigMgrDogs%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%40ConfigMgrDogs%3C%2FA%3E)%20%7C%20Senior%20Program%20Manager%2C%20Intune%2C%20Microsoft%20Endpoint%20Manager%3C%2FFONT%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhen%20troubleshooting%20Windows%2010%20MDM%20in%20Microsoft%20Endpoint%20Manager%2C%20there's%20a%20handful%20of%20client%20logs%20and%20diagnostic%20information%20that%20are%20super%20helpful%20for%20the%20vast%20majority%20of%20situations.%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EOften%2C%20we'll%20go%20back-and-forth%20between%20support%20and%20our%20customers%20asking%20for%20pieces%20one-by-one.%20To%20make%20it%20a%20little%20easier%20for%20all%20involved%2C%20I've%20written%20a%20very%20simple%20PowerShell%20script%20that%20will%20gather%20a%20bunch%20of%20helpful%20info%20in%20one%20go.%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EIt%20will%20generate%20a%20new%20MDMDiag%20report%2C%20dump%20PolicyManager%20from%20registry%2C%20export%20some%20event%20logs%2C%20and%20pull%20a%20bunch%20of%20DeviceManagement%20details%20including%20things%20like%20OS%20SKU%20and%20version%20information.%20It%20wraps%20all%20of%20this%20up%20into%20a%20ZIP%20file%20making%20it%20easy%20to%20dig%20a%20little%20deeper%2C%20or%20just%20send%20to%20us.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CPRE%20class%3D%22lia-code-sample%20language-markup%22%3E%3CCODE%3E%23%0A%23%20run%20me%20as%20a%20local%20admin%2C%20please%20%0A%23%0A%0A%24regKeys%20%3D%20'HKLM%5CSoftware%5CMicrosoft%5CPolicyManager'%0A%24tempFolder%20%3D%20'c%3A%5Ctemp%5CMEMLogs'%0A%24regOutput%20%3D%20'c%3A%5Ctemp%5CMEMLogs%5CPolicyManager.reg'%0A%24timestamp%20%3D%20get-date%20-f%20yyyy-MM-dd-HHmmss%0A%0A%23%20temp%20folder%0AIf(!%24(Get-Item%20%24tempFolder))%20%7Bmkdir%20%24tempFolder%20%7D%0A%0A%23%20reg%20file%0A%24regKeys%20%7C%20%25%20%7B%24i%2B%2B%20%0A%26amp%3B%20reg%20export%20%24_%20%22%24tempFolder%5C%24i.reg%22%7D%0AGet-Content%20%22%24tempFolder%5C*.reg%22%20%7C%20%3F%20%7B%24_%20-ne%20'Windows%20Registry%20Editor%20Version%205.00'%7D%20%7C%20Add-Content%20%24regOutput%0ARemove-Item%20%22%24tempFolder%5C*.reg%22%20-Exclude%20%22PolicyManager.reg%22%0A%0A%23%20DM%20info%0AGet-ChildItem%20-Path%20HKLM%3ASOFTWARE%5CMicrosoft%5CEnrollments%20-Recurse%20%7C%20where%7B%24_.Property%20-like%20%22*UPN*%22%7D%20%7C%20Out-File%20%22%24tempFolder%5CMDMRegistration.txt%22%0AGet-ChildItem%20-Path%20HKLM%3ASOFTWARE%5CMicrosoft%5CEnrollments%20-Recurse%20%7C%20where%7B%24_.Property%20-like%20%22*EntDMID*%22%7D%20%7C%20Out-File%20-Append%20%22%24tempFolder%5CMDMRegistration.txt%22%0A%0A%23%20event%20logs%20%0ACopy-Item%20-Path%20%22%24env%3ASystemRoot%5CSystem32%5CWinevt%5CLogs%5CMicrosoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%254Admin.evtx%22%20-Destination%20%24tempFolder%0ACopy-Item%20-Path%20%22%24env%3ASystemRoot%5CSystem32%5CWinevt%5CLogs%5CMicrosoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%254Operational.evtx%22%20-Destination%20%24tempFolder%0A%0A%23%20computer%20info%0AGet-ComputerInfo%20%7C%20Out-File%20%22%24tempFolder%5C%24env%3ACOMPUTERNAME.txt%22%0A%0A%23%20MDMDiag%20%0AStart-Process%20MdmDiagnosticsTool.exe%20-Wait%20-ArgumentList%20%22-out%20%24tempFolder%5CMDMDiag.html%22%20-NoNewWindow%0A%0A%23%20compress%20%26amp%3B%20cleanup%0AGet-Item%20-Path%20%24tempFolder%5C*.*%20-Exclude%20%22*.zip%22%20%7C%20Compress-Archive%20-DestinationPath%20%22%24tempFolder%5CMEMLogs_%24timestamp.zip%22%0A%0ARemove-Item%20-Path%20%24tempFolder%5C*.*%20-Exclude%20%22*.zip%22%20%3C%2FCODE%3E%3C%2FPRE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt's%20certainly%20not%20anything%20ground%20breaking%2C%20but%20I%20hope%20you%20find%20it%20a%20little%20helpful%20while%20trying%20to%20troubleshoot%20Windows%20client%20issues.%20If%20there's%20anything%20else%20you%20often%20gather%20for%20troubleshooting%2C%20let%20me%20know%20and%20I'll%20add%20it%20to%20the%20script.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1082142%22%20slang%3D%22en-US%22%3E%3CP%3ESimple%20PowerShell%20script%20to%20generate%20and%20collect%20Intune%20client%20logs%20and%20diagnostics.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1082142%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMDM%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETroubleshoot%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

By Matt Shadbolt (@ConfigMgrDogs) | Senior Program Manager, Intune, Microsoft Endpoint Manager

 

When troubleshooting Windows 10 MDM in Microsoft Endpoint Manager, there's a handful of client logs and diagnostic information that are super helpful for the vast majority of situations.


Often, we'll go back-and-forth between support and our customers asking for pieces one-by-one. To make it a little easier for all involved, I've written a very simple PowerShell script that will gather a bunch of helpful info in one go.


It will generate a new MDMDiag report, dump PolicyManager from registry, export some event logs, and pull a bunch of DeviceManagement details including things like OS SKU and version information. It wraps all of this up into a ZIP file making it easy to dig a little deeper, or just send to us.

 

 

 

 

 

#
# run me as a local admin, please 
#

$regKeys = 'HKLM\Software\Microsoft\PolicyManager'
$tempFolder = 'c:\temp\MEMLogs'
$regOutput = 'c:\temp\MEMLogs\PolicyManager.reg'
$timestamp = get-date -f yyyy-MM-dd-HHmmss

# temp folder
If(!$(Get-Item $tempFolder)) {mkdir $tempFolder }

# reg file
$regKeys | % {$i++ 
& reg export $_ "$tempFolder\$i.reg"}
Get-Content "$tempFolder\*.reg" | ? {$_ -ne 'Windows Registry Editor Version 5.00'} | Add-Content $regOutput
Remove-Item "$tempFolder\*.reg" -Exclude "PolicyManager.reg"

# DM info
Get-ChildItem -Path HKLM:SOFTWARE\Microsoft\Enrollments -Recurse | where{$_.Property -like "*UPN*"} | Out-File "$tempFolder\MDMRegistration.txt"
Get-ChildItem -Path HKLM:SOFTWARE\Microsoft\Enrollments -Recurse | where{$_.Property -like "*EntDMID*"} | Out-File -Append "$tempFolder\MDMRegistration.txt"

# event logs 
Copy-Item -Path "$env:SystemRoot\System32\Winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" -Destination $tempFolder
Copy-Item -Path "$env:SystemRoot\System32\Winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Operational.evtx" -Destination $tempFolder

# computer info
Get-ComputerInfo | Out-File "$tempFolder\$env:COMPUTERNAME.txt"

# MDMDiag 
Start-Process MdmDiagnosticsTool.exe -Wait -ArgumentList "-out $tempFolder\MDMDiag.html" -NoNewWindow

# compress & cleanup
Get-Item -Path $tempFolder\*.* -Exclude "*.zip" | Compress-Archive -DestinationPath "$tempFolder\MEMLogs_$timestamp.zip"

Remove-Item -Path $tempFolder\*.* -Exclude "*.zip" 

 

 

 

 

 

 

It's certainly not anything ground breaking, but I hope you find it a little helpful while trying to troubleshoot Windows client issues. If there's anything else you often gather for troubleshooting, let me know and I'll add it to the script. 

 

 

2 Comments
Microsoft

It's easier to just run "MDMDiagnosticsTool.exe -area DeviceManagement -cab c:\mdmlogs.cab" or "MDMDiagnosticsTool.exe -area DeviceManagement -zip c:\mdmlogs.zip" as the resulting file includes everything you specified and then some.  You can also use "MDMDiagnosticsTool.exe -area Autopilot -cab c:\autopilot.cab" or "MDMDiagnosticsTool.exe -area Autopilot-zip c:\autopilot.zip" to get both MDM and Autopilot logs at the same time.

Senior Member

I think this demonstrates very well that there's some improvements that could be made to the troubleshooting tools available to a client managed by Intune.

 

Any first line technician can remember "gpresult /R" to get a basic list of what policies are applied and "gpupdate" to check for new.

 

With Intune, there's equivalent tools, but they require a bit more effort and knowledge to use. That's fine for higher tier technicians, but not so great for the entry level Helpdesk types.