Generate & gather Windows 10 MDM client logs and diagnostics

Published 12-27-2019 03:48 PM 8,042 Views
Microsoft

By Matt Shadbolt (@ConfigMgrDogs) | Senior Program Manager, Intune, Microsoft Endpoint Manager

 

When troubleshooting Windows 10 MDM in Microsoft Endpoint Manager, there's a handful of client logs and diagnostic information that are super helpful for the vast majority of situations.


Often, we'll go back-and-forth between support and our customers asking for pieces one-by-one. To make it a little easier for all involved, I've written a very simple PowerShell script that will gather a bunch of helpful info in one go.


It will generate a new MDMDiag report, dump PolicyManager from registry, export some event logs, and pull a bunch of DeviceManagement details including things like OS SKU and version information. It wraps all of this up into a ZIP file making it easy to dig a little deeper, or just send to us.

 

 

 

 

 

#
# run me as a local admin, please 
#

$regKeys = 'HKLM\Software\Microsoft\PolicyManager'
$tempFolder = 'c:\temp\MEMLogs'
$regOutput = 'c:\temp\MEMLogs\PolicyManager.reg'
$timestamp = get-date -f yyyy-MM-dd-HHmmss

# temp folder
If(!$(Get-Item $tempFolder)) {mkdir $tempFolder }

# reg file
$regKeys | % {$i++ 
& reg export $_ "$tempFolder\$i.reg"}
Get-Content "$tempFolder\*.reg" | ? {$_ -ne 'Windows Registry Editor Version 5.00'} | Add-Content $regOutput
Remove-Item "$tempFolder\*.reg" -Exclude "PolicyManager.reg"

# DM info
Get-ChildItem -Path HKLM:SOFTWARE\Microsoft\Enrollments -Recurse | where{$_.Property -like "*UPN*"} | Out-File "$tempFolder\MDMRegistration.txt"
Get-ChildItem -Path HKLM:SOFTWARE\Microsoft\Enrollments -Recurse | where{$_.Property -like "*EntDMID*"} | Out-File -Append "$tempFolder\MDMRegistration.txt"

# event logs 
Copy-Item -Path "$env:SystemRoot\System32\Winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" -Destination $tempFolder
Copy-Item -Path "$env:SystemRoot\System32\Winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Operational.evtx" -Destination $tempFolder

# computer info
Get-ComputerInfo | Out-File "$tempFolder\$env:COMPUTERNAME.txt"

# MDMDiag 
Start-Process MdmDiagnosticsTool.exe -Wait -ArgumentList "-out $tempFolder\MDMDiag.html" -NoNewWindow

# compress & cleanup
Get-Item -Path $tempFolder\*.* -Exclude "*.zip" | Compress-Archive -DestinationPath "$tempFolder\MEMLogs_$timestamp.zip"

Remove-Item -Path $tempFolder\*.* -Exclude "*.zip" 

 

 

 

 

 

 

It's certainly not anything ground breaking, but I hope you find it a little helpful while trying to troubleshoot Windows client issues. If there's anything else you often gather for troubleshooting, let me know and I'll add it to the script. 

 

 

3 Comments
Microsoft

It's easier to just run "MDMDiagnosticsTool.exe -area DeviceManagement -cab c:\mdmlogs.cab" or "MDMDiagnosticsTool.exe -area DeviceManagement -zip c:\mdmlogs.zip" as the resulting file includes everything you specified and then some.  You can also use "MDMDiagnosticsTool.exe -area Autopilot -cab c:\autopilot.cab" or "MDMDiagnosticsTool.exe -area Autopilot-zip c:\autopilot.zip" to get both MDM and Autopilot logs at the same time.

Senior Member

I think this demonstrates very well that there's some improvements that could be made to the troubleshooting tools available to a client managed by Intune.

 

Any first line technician can remember "gpresult /R" to get a basic list of what policies are applied and "gpupdate" to check for new.

 

With Intune, there's equivalent tools, but they require a bit more effort and knowledge to use. That's fine for higher tier technicians, but not so great for the entry level Helpdesk types.

New Contributor

I had a go with 

mdmdiagnosticstool -out c:\temp\MDM

 

I was hoping to find the gpresult equivalent but it doesn't seem to show that

  • Is there a recommended guide/doc to interpret each section of the tools output?
  • How can a show the actual policy setting and if it applied to the device e.g.
    • I have an Intune ADMX policy to that should add URLs to Trusted sites list and I want to see those site URLs in the MDM report
    • I have configured BitLocker settings with Intune config policies and want to see what should be applied on my device in the report

 

Version history
Last update:
‎Dec 30 2019 03:59 PM
Updated by: