Friday, 12 March 2021

Troubleshooting in MEM/Intune (p2).

 Accessing the local log files.

When a school or business adopts remote management and mobility something becomes immediately obvious -  it’s often no longer possible to access a local machine to troubleshoot an issue. 

The device could be at home, offline or just turned off.  The user may not have the elevated privileges to run diagnostics, have concerns about remote sessions or be unable to securely transfer clear text log files over the internet. Suddenly support is a different world.

The Intune (MEM) console has a range of reporting tools that can provide insights into failed operations and these are a great place to start but sometimes you need to get hold of the local logs to get the complete picture.

On the client side Microsoft provides some excellent tools that can collate information into easily readable files. The most useful of these is MDMDiagHtmlReport.html. This can be generated by visiting navigating to Settings - Accounts - Access work or school. Find the Connected to “Your Organisation” banner and click the Info button.

The Info dialog is divided into three sections. In the last section you have the option to produce an Advanced Diagnostic Report by clicking “Create Report”. 

This action builds the MDMDiagHtmlReport html file in the C:\users\public\documents\MDMDiagnostics directory which contains information on the devices status and the policy settings being applied.

Alternatively you can select the Export your management log file link that is listed below the Connected to “Your Organisation” banner. This option goes a little bit further and creates a cab file in the same directory that contains both the MDMDiagHtmlReport file and a host of other diagnostics files including dumps of key event logs.

However useful these resources are the problem still remains that they are stored on the users computer and are not directly accessible to the support team

However a new MEM feature currently in public preview changes all of that.

If you navigate to the Devices - Window section in the MEM console and select a device, expanding the ellipses (…) should reveal a new option -  Collect diagnostics.


Selecting it will present a dialog asking you whether to collect diagnostics from the device. A simple click on the YES button starts the process.

The results can be found in Monitor - Device Diagnostics on the same device pane (below).

Initially the status will show pending but once the device picks up the request you should see the status update to Complete with the option to Download. If the device is online the action takes about ten minutes.


The process creates a zip file which you might expect to contain a set of files but instead it presents a list of directories numbered 1-50.

Since the feature is still in preview these directories might be renamed to give a better idea of the contents but at the moment it’s a bit like opening your birthday presents. A number of the directories contain a single file which is nothing more than a log of the process that created the rest of the logs (logs of logs) but some are much more useful.

All this could change but at the moment some of the highlights are listed below.

Spoiler Alert:  the MDMDiagHtmlReport can be found in a cab file in directory 44.

 


  • Directory 1 -11

Dumps of registry entries (.reg).


  • Directory 12 -27

Logs files for the collection actions (logs of logs)


  • Directory 28 -37

Dumps of various Event logs. (.evt)


  • Directory 38:

A set of event traces data files relating to Autopilot. To view an etl  file open with PerfView.exe.


  • Directory 40

Contains mpsupportfiles, a cab file that contains various diagnostic logs and event dumps relating to Windows Defender.


  • Directory 41:

The wlan-report-latest html  report created by the ‘netsh wlan show wlanreport’ command that shows wireless session information and related stats. 

Apart from a wealth of information in the hardware interfaces it contains a dump of the output from 'ipconfig /all' and ‘netsh wlan show’ -  two of the most useful tools in the box.


  • Directory 43:

The energy-report.html output file created by  powercfg /batteryreport tool useful in troubleshooting laptop battery usage and health.


  • Directory 44:

Holds a single file  mdmlogs-xxxxxxxx.cab which contains the files created by the Export your management log file link including the important MDMDiagHtmlReport file.

Other files include:

DeviceHash_<devicename>.csv - contains the device hash.

Setupact.log - Information and log events from upgrade actions.

Intune Management Extension logs.

  • AgentExecutor.log
  • ClientHealth.log
  • IntuneManagementExtension-xxxx.log

Event logs from key MDM providers.


  • Directory 45:

Log file output from the msinfo32.exe tool which summarized the hardware and software profile of the device.


  • Directory 48:

Cbs.log : Component-Based Servicing Log. This file contains detailed information from the most recent Windows installed updates.



Hopefully the directory set will be updated to make navigation through the file a bit easier. However even in the preview phase this is a welcome addition to the troubleshooting toolkit.


Thursday, 11 March 2021

Troubleshooting in MEM/Intune (p1).

Basic Troubleshooting.

When IT admins are first presented with a problem it normally comes in a user centric form.

For instance;

William Gates can't access the finance package from his new laptop.

Probably 90% of all tickets are made up of users complaining that they can’t access a resource or something linked to their logon account is not working as they expected.

Unfortunately most management consoles (and MEM is no exception) are organised from an application or service centric viewpoint which can make it hard to get an overview from a users perspective. You can end up ping-ponging around the console opening up one service dialogs after another trying and get a handle on the issue but getting nowhere.

There is however, an excellent resource that should be the first port call for all help desk operatives - the well named but rarely visited Troubleshooting + support tool.



This might sound obvious but there is a tendency to drive straight into the detail without first gaining an general overview. The advantage of the Troubleshooting + support tool is that it organises information from the user perspective, summarising a wealth of information in an easy to read manner. Since most issues are caused by something stupid this can reveal the problem straight away. 

The top level dialog shows basic account information including whether the user has an Intune licence, a list of group memberships, application allocations, registered devices, application protection status and enrolment failures.


The drop down provides data on a number of other key areas such as compliance and configuration policies and enrolment restrictions and a number of other key areas.  Selecting the information takes you directly to the service configuration dialog page which is a real time saver.

A good approach would be to find a user that works and then use the summary features of the Troubleshooting tool to find the difference between the two user states.  It’s not going to work all the time but it's a recommended first step.

Part 2: Accessing the Local Log files.

Monday, 1 March 2021

Universal Print Revisited.

The print subsystem is one of the last hurdles that a school or business needs to overcome to remove the dependence on on-premise servers.

Ideally the collaborate workflow and document sharing mechanisms of platforms such as Microsoft 365 and Google Workspace will eventually replace the traditional method of transferring data using wood pulp but that may be a little way off yet.

In the interim, Microsoft has introduced  Universal Print, a system similar in architecture to the now defunct Google Could Print that allows Windows 10 users to print to a device anywhere on the network through a cloud based connector.

A number of excellent blogs and video resources have been created that explains how Universal Print works but it's worth repeating a couple of points.

Universal Print (UP) is still in development and is missing some key features. The most obvious being that native hardware support is missing from most printer ranges. In fact, at the time of posting I can only find one manufacturer Lexmark that supports UP through a firmware update.  The models are listed here.

Licencing for Universal Print is bundled as part of the Microsoft E3 licence. Schools looking to move to Modern Management should be adopting Microsoft E3 as standard. If your school subscribes to Office 365 with Enterprise Mobility + Security this is not enough to get Universal Print. For each user that accesses a printer you'll also need Windows 10 E3, E5, A3 or A5. The client also needs to be running Windows 10 version 1903 or later.

Universal Print doesn't currently support 'Follow-Me' or ID card management. You'll need a bolt-on service like Paper-Cut to provide that. This feature is pretty much top of the product roadmap as it's absence is a show-stopper for any type of enterprise deployment. 

Lastly, the mapping of printers through Intune (Endpoint Manager) is a little clunky. I'm pretty sure this is by design, Microsoft doesn't want you to be printing or mapping local drives in the future. However it can be done and this useful post shows how.

   Deploying Universal Print Printers With PowerShell & Intune

So work in progress. If you need a simple system that supports basic print functions without the inconvenience of a local print server Universal Print, even in the preview form might be for you.