The Client Health page shows information from two Integrated Product Packs provided with the Tachyon Platform:

These Integrated Product Packs are represented on the Client Health page by two sets of panels that can be explored in the Rules and Devices pages in Guaranteed State 1.5.

On this page:

Introduction to Guaranteed State concepts 

Guaranteed State allows you to easily check and enforce device state. Device state can represent just about anything you'd like to be set in a certain way for a collection of devices. Once you have imported an Integrated Product Pack you can configure and deploy policies to manage various device attributes, for example:

  • Registry keys

  • Services

  • Config Manager metrics such as client cache usage

  • Disk free space

  • WMI namespaces and classes.

Before using Guaranteed State you need to configure permissions and upload some policies (with their rules, triggers and preconditions). Please refer to Installing the Nomad app and 1E Content Distribution.

Policies are provided in feature-related Integrated Product Packs, which are required to support various features of Nomad:


Client Health

The state of devices where Guaranteed State policies have been deployed is represented in this form.

The user has the ability to drill down into the percentage of failures for each group of device states. For example, where the meaning of device states and their precedence is as follows:

StateDescription
UnknownThe device has yet to receive, evaluate or report back on its compliance state for at least one rule.
Error

The device has failed to evaluate at least one deployed rule.

For example a device may report 97% of deployed rules as Not Applicable, but since 3% of the deployed rules reported as Error this means the whole Device State is marked as Error.

Not Applicable

At least one rule deployed to the device is not applicable.

For example, this would occur if a Windows specific rule was deployed to a non-Windows device.

Non-compliant

At least one rule deployed to the device failed compliance checks.

For example in the example above 86% of policy rules are compliant for the high-lighted device, but since 8% of the rules are Non-compliant the state of the whole device is marked as Non-compliant.

CompliantThe device passed compliance checks for every deployed policy rule.

The drill down navigates to the Devices report filtered on the selected Device State such as Noncompliant.

The Device State panel is shown on the Guaranteed State Overview page.

Refer to Guaranteed State 1.5 - Guaranteed State Overview page for details about other Guaranteed State Dashboard charts.



Device State

Device State detail

MEMCM Client Health Policy

Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.

The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.

The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:

  • Ensure the correct version of the CM client is installed and running and assigned to the correct site
  • Ensure the CM client is not stuck in provisioning mode
  • Ensure that heartbeat discovery, inventory and state messages are being sent regularly
  • Ensures the CM client cache is set to the correct size
  • Ensure the CM client log settings are correct
  • Ensure the BITS service exists, configured to start up automatically  and is running
  • Ensure the Windows Time service exists with correct startup settings
  • Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running 
  • Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent 
  • Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source

This policy is intended for deployment to Windows devices only.

MEMCM Client Health Policy


MEMCM Client Health Rule Status example

A user has the ability to drill down into a segment, for example, to examine exactly which policy rules reported failures across all the devices for which it was deployed.

In our example, a member of the Nomad Administrator role wants to investigate why Policy Rule Status is showing as Non-compliant for 14.5% of the 16 assigned rules.

By clicking on the Non-compliant segment they open the Guaranteed State app on the Rules page which displays the associated rules, in this case these are:

You can reference a table showing every policy included in the MEMCM Client Health Integrated Product Pack at Guaranteed State 1.5 - MEMCM Client Health Integrated Product Pack.




MEMCM Policy Rule Status noncompliant

In the Compliance column the Nomad Administrator sees there are no compliant computers for the Configuration Manager Client rules. From this point they can click on the Compliance color bar for the Configuration Manager Client Logging Rule Name, and expose the individual devices affected.

Policy Rule Status noncompliant Devices with rule MEMCM Client Client Logging

To assist troubleshooting the Nomad Administrator can click on a device name to see its Device View. This is the same view you can see in the Devices Page - Nomad Configuration in the Nomad app, but here it is focused on the Polices tab as the focus is in the Guaranteed State app, filtered on the Configuration Manager Client Health policy.

Clicking the Device Status navigates to the Devices page in the Guaranteed State app filtered based on the chart segment clicked on. From the filtered Devices page, you can then explore an individual Device View as shown in the picture opposite.



1ETRNW101 Device View

Nomad Client Health Policy

Nomad is included as part of the 1E Client, and as part of that integration, we offer a Nomad client health compliance policy in Guaranteed State. This verifies common Nomad requirements such as ACP registration, disk availability, firewall exceptions, crash notifications and cache monitoring.

The Nomad client health policy replaces the client health tile in the Nomad dashboard plus additional remediation steps:

  • Keeps content distribution services up and running on Nomad clients, so that users are secure and productive
  • Ensures Alternative Content Provider (ACP) registration configuration is set
  • Maintains optimal disk availability and monitors cache size for storage capacity planning
  • Enforces Firewall exceptions.

This policy is intended for deployment to Windows devices only.


Nomad Client Health Policy

Nomad Client Health Rule Status example

A user has the ability to drill down into a segment, for example, to examine exactly which policy rules reported failures across all the devices for which it was deployed.

In our example, a member of the Nomad Administrator role wants to investigate why Policy Rule Status is showing as Not Applicable for 14.3% of the 10 assigned rules.

By clicking on the Not Applicable segment they open the Guaranteed State app on the Rules page which displays the associated rules, in this case these are:

You can reference a table showing every policy included in the Nomad Client Health Integrated Product Pack at Guaranteed State 1.5 - Nomad Client Health Integrated Product Pack.

Nomad Client Health Rule Policy Rule Status noncompliant

In the Compliance column the Nomad Administrator sees there are no compliant computers for the two Check Nomad rules. From this point they can click on the Compliance colour bar for the Check Nomad can generate LSZ files on ConfigMgr distribution points Rule Name, and expose the individual devices affected.

Client Health Policy Rule  detail

Client Health Policy Rule affected devices

To assist troubleshooting the Nomad Administrator can click on a device name to see its Device View. This is the same view you can see in the Devices Page - Nomad Configuration in the Nomad app, but here it is focused on the Polices tab as the focus is in the Guaranteed State app filtered on the Nomad Client Health policy.

Clicking the Device Status navigates to the Devices page in the Guaranteed State app filtered based on the chart segment clicked on. From the filtered Devices page, you can then explore an individual Device View as shown in the picture opposite.

1ETRNW101 Device View - Client Health

Integrated Product Packs overview

Integrated Product Packs are Zip files containing Guaranteed State policies, but can also contain instructions (as an alternative to classic Product Packs which can only contain instructions). 

You can upload these Zip files into Tachyon using the Tachyon Product Pack deployment tool, please refer to  Guaranteed State 1.5 - Uploading Integrated Product Packs for details.

FolderSub-folderFiles
Fragments

Checkxml files, each containing the definition of a check fragment
Fixxml files, each containing the definition of a fix fragment
Preconditionxml files, each containing the definition of a precondition fragment
InstructionSets<Instruction Set Name>xml files, each containing the definition of an instruction
Policiesxml files, each containing the definition of a policy (a list of rules)
Rulesxml files, each containing the definition of a rule (a list of fragments, triggers, and their parameter values) 
TriggerTemplatesxml files, each containing the definition of a trigger template and its available parameters
manifest.xml

xml file containing name, description and version details that are only used for display by the Product Pack Deployment tool

The presence of this file indicates the zip file is an Integrated Product Pack.

<policy>.icoicon file that is referenced in the manifest.xml (Not currently used).

1E provide a number of ready-made policies which are described in the Guaranteed State 1.5 - Integrated Product Packs pages:

These pages include lists of instructions, policies, rules, fragments (preconditions, checks and fixes) and trigger templates. The lists have links to more detailed information about each pack in the Guaranteed State 1.5 - Integrated Product Packs reference.

You can also create your own policies using rules, fragments and triggers from other Integrated Product Packs, for example, the Tachyon Core Integrated Product Pack.