Core Infrastructure and Security Blog

4 MIN READ

Remotely capture ConfigMgr client logs for Troubleshooting

Microsoft

Oct 15, 2019

This is a short blog post about remotely capturing ConfigMgr client log files to a file share for troubleshooting purposes.

With the ever-increasing security, not all teams supporting endpoints necessarily have Admin access for troubleshooting. Part of which includes analyzing logs.

You may experience scenario where the device is not even on corporate network and you need to capture logs.

Solution

We can use the power of Run Scripts feature to capture logs remotely against a single machine or a collection of devices and dump it against a file share for analysis.

Prerequisites

To run PowerShell scripts, the client must be running PowerShell version 3.0 or later. However, if a script you run contains functionality from a later version of PowerShell, the client on which you run the script must be running that version of PowerShell.
Configuration Manager clients must be running the client from the 1706 release, or later in order to run scripts.
To use scripts, you must be a member of the appropriate Configuration Manager security role.
To import and author scripts - Your account must have Create permissions for SMS Scripts.
To approve or deny scripts - Your account must have Approve permissions for SMS Scripts.
To run scripts - Your account must have Run Script permissions for Collections.

Reference: https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-deploy-scripts

Here’s the sample script I have use for this purpose:

# Specify destination share

$dest = "\\<server>\Share"

# Specify the ConfigMgr log file location

$source = "c:\windows\ccm\logs"

# Capturing Machine Name

$hostname = hostname

# Capturing current date and time

$date = get-date -Format MM-dd-yy-hh-mm

# Creating a folder in the destination share location to match the Computer name followed by Date and Time.

mkdir $dest\$hostname-$date

# Copying files to the destination

Copy-Item -Path $Source\* -Destination $dest\$hostname-$date -Recurse

The sample script provided here is not supported under any Microsoft standard support program or service. All scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

Note: I have specified a local file share which means, only machines that can access this network share will be able to upload logs. You may create separate shares based on locations, alternatively you can also choose an Azure storage path for upload. Additionally, a network file share also requires firewall port exceptions.

Azure File Share

If you are interested in uploading the logs to Azure, for devices outside corporate network managed via CMG.

First, we create an Azure File Share.

Launch https://portal.azure.com
Create a new Storage Account or use an existing one.
Inside the desired Storage Account click Files under File Services
Click + File share to add one

Give a Name and specify size in GB for Quota and click Create

Click on the File Share and click Connect

Copy the Windows pre-populated PowerShell command

Update the Script

Using the same script reference for file share, we can add the Azure drive connection information.

# Paste the Azure File Share Drive Connection Info. Here

# End of Azure File Share Drive Connection Info.

# Specify destination share

$dest = "Z:\"

# Specify the ConfigMgr log file location

$source = "c:\windows\ccm\logs"

# Capturing Machine Name

$hostname = hostname

# Capturing current date and time

$date = get-date -Format MM-dd-yy-hh-mm

# Creating a folder in the destination share location to match the Computer name followed by Date and Time.

mkdir $dest\$hostname-$date

# Copying files to the destination

Copy-Item -Path $Source\* -Destination $dest\$hostname-$date -Recurse

# Remove mapped Z drive

Remove-PSDrive -Name Z -Force

Add Script to ConfigMgr

Launch ConfigMgr console > Software Library > Scripts

From the ribbon menu click Create Script

Provide a script name and paste the script. (Don’t forget to specify the destination share)

Click Next to finish the wizard.
Approve the Script for usage. (Check the Hierarchy Settings if Script authors require additional script approver.)

Run Script to capture logs

Now that our script is ready, we can execute this against a single device to validate. You may need to set the PowerShell execution Policy to Bypass if the scripts are not signed.

From the ConfigMgr console, go to Assets and Compliance > Devices
Choose your desired device and right click to choose Run Script

Select your script from the wizard and click Next

The captured log files should now be copied to the server share you specified in the script inside the folder matching the source computer name followed with date and time.