MBAM Supported Computers Collection Issues after ConfigMgr 1606 Upgrade

I’ve been running on ConfigMgr 1602 since it was released and have had my environment integrated with Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 SP1 since day one.  It’s worked wonderfully up until I applied the ConfigMgr 1606 in-console update.

For those of you that are not familiar with MBAM and it’s integration with ConfigMgr, check out Eswar Koneti’s excellent guide:

http://eskonr.com/2015/09/how-to-install-mbam-2-5-sp1-and-integrate-with-sccm-configmgr-2012-r2-sp1/

Issue

After the ConfigMgr 1606 update (Site Upgrade, not clients), I noticed an issue with the MBAM Supported Computers collection (which gets created as part of the MBAM + ConfigMgr Integration).  There were only about 500 systems out of ~14,000 that were in the collection now!

Over the next few days, that count slowly (and I mean slowly) grew to about 1,500 clients.  The collection member count fluctuated a few hundred each day but never got above about 1,700 clients.

Troubleshooting

I looked at the usual suspects like the Collection Evaluator being slow, WMI classes on the clients, and verified that clients were actually submitting Hardware Inventory (they were).

Upon looking further, there was 1 SQL View that wasn’t fully populated.  v_GS_TPM (Win32_TPM in HW Classes) is available for inventory right out of the box.  However MBAM requires it to be extended to include 3 properties.

image

I checked the number of rows in this SQL view using the following SQL script:

Select *
From v_GS_TPM

This returned only about 600-700 rows out of nearly 15K!  Checking some of the other MBAM Views such as v_GS_MBAM_POLICY or v_GS_BITLOCKER_DETAILS resulted in the proper number of rows.

Solution

The solution I came up with was to simply force a Full Hardware Inventory Scan on every client.  Once the clients forced a full update, they started showing back up in the collection and were happy again.

Note: You’ll want to stagger this deployment so you don’t overload your site server(s)!

Here are the PowerShell commands I strung together (Credit to Kaido Järvemets @kaidja) and deployed out via Package/Program to all my clients:

$HardwareInventoryID = '{00000000-0000-0000-0000-000000000001}'
Get-WmiObject -Namespace 'Root\CCM\INVAGT' -Class 'InventoryActionStatus' -Filter "InventoryActionID='$HardwareInventoryID'" | Remove-WmiObject
Invoke-WmiMethod -Namespace root\CCM -Class SMS_Client -Name TriggerSchedule -ArgumentList "$HardwareInventoryID"

Root Cause

At the time this article was written I do not know the root cause but I have been talks with a PFE and members of the product group to track it down.  I hope that this post will help others out there until the root cause can be determined and a fix put in place.

Advertisements

Author: dhedges

I'm a Senior Client Systems Engineer specializing in OS Deployments and Automation using VBScript, PowerShell, MDT and SCCM. I enjoy working with technology and bending it to my will.

1 thought on “MBAM Supported Computers Collection Issues after ConfigMgr 1606 Upgrade”

  1. Thanks for confirming I’m not insane (in this regard).
    Have the same thing occurring in my 1606 environment. I haven’t been able to figure out a root cause either, so I look forward to any other articles you write on the subject.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s