ConfigMgr 2012: Ccmeval.exe causing client corruption

I’ve discovered, on more than one occasion, that the ConfigMgr 2012 client’s ccmeval.exe, which is intended to resolve client health related issues, actually breaks the ConfigMgr client. This has happened on a Windows 8 RTM client, and I’m fairly certain that it affects Windows Server 2012 as well. You might be aware that Windows 8 and Windows Server 2012 are unsupported client operating systems with ConfigMgr 2012 RTM, but will be officially supported in Configuration Manager 2012 Service Pack 1 (SP1).

Issue


By default, when the ConfigMgr 2012 client is installed, a Scheduled Task is registered under the \Microsoft\Configuration Manager called “Configuration Manager Health Evaluation.” The command line that is called is simply ccmeval.exe, with no command line arguments. The task will run approximately around midnight (12:19 AM on my test client) every night.

After the ccmeval.exe task runs, the Configuration Manager client agent gets corrupted to the point of being entirely non-functional. If you open the Control Panel applet, you will see an entirely blank screen under all of the tabs: General, Components, Actions, etc. The “SMS Agent Host” (ccmexec) service is unregistered, meaning that the client agent’s Windows NT service doesn’t even exist! Assuming that you’ve left the client install directory at the default, visit %WINDIR%\ccm\logs and check out ccmeval.log. You’ll see a bunch of messages like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
==========[ ccmeval started in process 1188 ]==========
Loading manifest file: C:\Windows\CCM\CcmEval.xml
Successfully loaded ccmeval manifest file.
Begin evaluating client health rules.
Successfully retrieved all client health checks.
Evaluating health check rule {4AB7D77D-3BB0-4EAB-BEFD-7C0F7DA10296} : Verify WMI service exists.
Evaluating health check rule {518C0699-03F8-4F38-85C4-4D319EAEFC05} : Verify/Remediate WMI service startup type.
Evaluating health check rule {7F4B6E15-2221-455B-9615-93C379E470D5} : Verify/Remediate WMI service status.
Evaluating health check rule {A81778B5-9A1E-4A52-9C6E-6939CEFAA118} : WMI Repository Integrity Test.
Evaluating health check rule {14E6774A-1795-4E09-B17D-B6F36A124205} : WMI Repository Read/Write Test.
Failed to delete class 'CIM_ClassDeletion' (80041002)
Failed to delete class 'CIM_ClassCreation' (80041002)
Failed to delete class 'CIM_ClassModification' (80041002)
Failed to delete class 'CIM_ClassIndication' (80041002)
Failed to delete class 'CIM_InstCreation' (80041002)
Failed to delete class 'CIM_InstModification' (80041002)
Failed to delete class 'CIM_InstDeletion' (80041002)
Failed to delete class 'CIM_InstIndication' (80041002)
Failed to delete class 'CIM_Indication' (80041002)
Failed to delete class 'MSFT_ExtendedStatus' (80041002)
Failed to delete class 'MSFT_WmiError' (80041002)
Failed to delete class 'CIM_Error' (80041002)
Fail to delete namespace (root\cimv2\ccm2) (0x80041002)
Checking WMI repository for feature General failed
WMI check failed
Stopped the service 'ccmexec' successfully
Stopped dependent services for service 'winmgmt' successfully
Stopped the service 'winmgmt' successfully
Attempting to launch repository repair.
Attempting to remediate client or client prerequisite installation.
Client or client prerequisite installation remediation failed.
Please check ccmsetup-ccmeval.log for further information.
Internal error happens in ccmsetup, FSP state ID: 307, topic type: 800, state parameters:
Result: Remediation Failed, ResultCode: 52429107, ResultType: 201, ResultDetail:

Wait, what? Why did the WMI check fail? I’ve got a perfectly healthy Windows 8 client running! Why are you even trying to remediate in the first place? I’ve got the feeling that some adjustments to the health checks will be necessary for Windows 8, in the ConfigMgr 2012 SP1 client.

Next, what happens is that the ccmeval program moves on to evaluate the health of a variety of other services / configurations.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Evaluating health check rule {5CC6C949-5001-4765-84B4-DD4FDC1E6940} : Verify BITS exists.
Evaluating health check rule {C6E29CF5-F9B2-450B-AE61-C4B256A75023} : Verify/Remediate BITS startup type.
Evaluating health check rule {CF4EFD8F-9A1E-4A89-BB35-7021D51767DB} : Verify/Remediate client and client prerequisites installation.
Evaluating health check rule {8883C683-04C8-4228-BB76-2EDD666BA781} : Verify SMS Agent Host service exists.
Evaluating health check rule {13F46523-5B82-417d-A363-A644E80CAD76} : Verify/Remediate SMS Agent Host service startup type.
Evaluating health check rule {70BECB51-44A1-4b46-8A23-6EA3D345B677} : Verify/Remediate SMS Agent Host service status.
Attempting to change service status for service 'CcmExec' to 'Running'.
Successfully changed service status for service 'CcmExec' to 'Running'.
Result: Remediation Succeeded, ResultCode: 0, ResultType: 0, ResultDetail:
Evaluating health check rule {C35E790D-4C05-40A8-BB46-A68578966D19} : WMI Event Sink Test.
WMI auto-recover happened at 20121121191603.051857-000
Evaluating health check rule {D9D0245D-0617-4C2F-8837-84A397AC5B22} : Verify/Remediate Microsoft Policy Platform service startup type.
Evaluating health check rule {09886543-BE8B-431F-BC00-7D917632E22C} : Verify/Remediate Antimalware service startup type.
Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail:
Evaluating health check rule {5B50566C-363E-4F1C-8A7D-6F2D2A51B142} : Verify/Remediate Antimalware service status.
Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail:
Evaluating health check rule {6BC824B4-BD8C-4779-BB10-ABDBCD5AFAEB} : Verify/Remediate Network Inspection service startup type.
Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail:
Evaluating health check rule {D6CB32EA-423D-44CB-9C58-97CE55D2148E} : Verify/Remediate Windows Update service startup type.
Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail:
Evaluating health check rule {D3E01C5F-CE42-4022-B51D-680ADFA1CCD4} : Verify/Remediate Windows Update service status.
Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail:
Evaluating health check rule {9040BA8C-580D-4FCA-8846-BBD5F5BB1597} : Verify/Remediate Configuration Manager Remote Control service startup type.
Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail:
Evaluating health check rule {9DCD49EF-E021-46FF-A777-49210B558527} : Verify/Remediate Configuration Manager Remote Control service status.
Result: Not Applicable, ResultCode: 0, ResultType: 0, ResultDetail:
Evaluating health check rule {7B9F8FF6-EDF7-42CA-A67F-073A2E161C19} : Verify/Remediate SQL CE database is healthy.
Successfully evaluated all client health rules.
Fail to get integer from registry
Fail to get MPFailCount from registry, restart counting from 0
MP check continuously failed for 1 times but didn't exceed the threshold 3
Send previous report if needed.
Previous report was successfully sent, no need to resend.
Report is changed, need to send it this time.
Begin to send client health status report
Failed to get site code from WMI
Failed to send client health status as a state message. Attempting to send status to the FSP.
Failed to send client health status as an FSP message.

Great, so you incorrectly performed a “repair” on the client, ended up ruining my ConfigMgr client install, and can’t even send a message to the Fallback Status Point (FSP). Why? Why? Why?

Let’s go have a look at the ccmsetup-ccmeval.log, which is new in ConfigMgr 2012. It resides in the ccmsetup folder (default: c:\windows\ccmsetup). Apparently what happens in this file, is that ccmsetup.exe is launched twice, and ends up not actually reinstalling the client, leaving it in an entirely broken state.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
==========[ ccmsetup started in process 2656 ]==========
CcmSetup version: 5.0.7711.0000
Running on OS (6.2.9200). Service Pack (0.0). SuiteMask = 256. Product Type = 1
Ccmsetup command line: C:\Windows\ccmsetup\ccmsetup.exe /remediate:all
Loaded command line: C:\Windows\ccmsetup\ccmsetup.exe  "/source:\\sccmserver\SMS_LAB\Client"
SslState value: 224
CCMHTTPPORT:    80
CCMHTTPSPORT:    443
CCMHTTPSSTATE:    224
CCMHTTPSCERTNAME:    
FSP:    
CCMFIRSTCERT:    1
Client is set to use HTTPS when available. The current state is 480.
CCMCERTID:    SMS;AD94AEE0EFCD0F0CD8E35BA116D282BA05FE7AA6
Ccmsetup run in remediation mode. Adding MPs from the client as backup.
Searching MP from client
Did not find any MP from the client.
No MP or source location has been explicitly specified.  Trying to discover a valid content location...
Looking for MPs from AD...
No valid source or MP locations could be identified to download content from. Ccmsetup.exe cannot continue.
Invalid ccmsetup command line:
A Fallback Status Point has not been specified.  Message with STATEID='100' will not be sent.
A Fallback Status Point has not been specified.  Message with STATEID='307' will not be sent.
CcmSetup failed with error code 0x80004005
==========[ ccmsetup started in process 1412 ]==========
CcmSetup version: 5.0.7711.0000
Running on OS (6.2.9200). Service Pack (0.0). SuiteMask = 256. Product Type = 1
Ccmsetup command line: C:\Windows\ccmsetup\ccmsetup.exe /evaluate:all
Loaded command line: C:\Windows\ccmsetup\ccmsetup.exe  "/source:\\sccmserver\SMS_LAB\Client"
SslState value: 224
CCMHTTPPORT:    80
CCMHTTPSPORT:    443
CCMHTTPSSTATE:    224
CCMHTTPSCERTNAME:    
FSP:    
CCMFIRSTCERT:    1
Client is set to use HTTPS when available. The current state is 480.
CCMCERTID:    SMS;AD94AEE0EFCD0F0CD8E35BA116D282BA05FE7AA6
Config file:      
Retry time:       10 minute(s)
MSI log file:     C:\Windows\ccmsetup\client.msi.log
MSI properties:    CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="224" CCMFIRSTCERT="1" CCMCERTID="SMS;AD94AEE0EFCD0F0CD8E35BA116D282BA05FE7AA6"
Source List:
MPs:
                  None
Ccmsetup will run as an evaluation.
Found a local ccmsetup.cab. A new one will not be downloaded.
C:\Windows\ccmsetup\ccmsetup.cab is Microsoft trusted.
Successfully extracted manifest file C:\Windows\ccmsetup\ccmsetup.xml from file C:\Windows\ccmsetup\ccmsetup.cab.
Loading manifest file: C:\Windows\ccmsetup\ccmsetup.xml
Successfully loaded ccmsetup manifest file.
Item 'i386/vcredist_x86.exe' is applicable. Add to the list.
Item 'x64/vcredist_x64.exe' is applicable. Add to the list.
Item 'i386/vc50727_x86.exe' is not applicable.
Item 'x64/vc50727_x64.exe' is applicable. Add to the list.
Item 'i386/WindowsUpdateAgent30-x86.exe' is not applicable.
Item 'x64/WindowsUpdateAgent30-x64.exe' is applicable. Add to the list.
Item 'i386/msxml6.msi' is not applicable.
Item 'x64/msxml6_x64.msi' is applicable. Add to the list.
Item 'i386/msrdcoob_x86.exe' is not applicable.
Item 'x64/msrdcoob_amd64.exe' is not applicable.
Item 'pkgmgr.exe' is not applicable.
Item 'dism.exe' is applicable. Add to the list.
Item 'wimgapi.msi' is not applicable.
Item 'i386/MicrosoftPolicyPlatformSetup.msi' is not applicable.
Item 'x64/MicrosoftPolicyPlatformSetup.msi' is applicable. Add to the list.
Item 'i386/WindowsFirewallConfigurationProvider.msi' is not applicable.
Item 'x64/WindowsFirewallConfigurationProvider.msi' is applicable. Add to the list.
Item 'i386/Silverlight.exe' is applicable. Add to the list.
Item 'i386/wic_x86_enu.exe' is not applicable.
Item 'x64/wic_x64_enu.exe' is not applicable.
Item 'i386/dotNetFx40_Client_x86_x64.exe' is applicable. Add to the list.
Item 'SCEPInstall.exe' is applicable. Add to the list.
Item 'i386/client.msi' is not applicable.
Item 'x64/client.msi' is applicable. Add to the list.
Discovering whether item 'i386/vcredist_x86.exe' exists.
Detected item 'i386/vcredist_x86.exe'
Discovering whether item 'x64/vcredist_x64.exe' exists.
Detected item 'x64/vcredist_x64.exe'
Discovering whether item 'x64/vc50727_x64.exe' exists.
Upgrade code '{A8D19029-8E5C-4E22-8011-48070F9E796E}': product = '{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}', installed = 1, version = 8.0.61000
Checking '{A8D19029-8E5C-4E22-8011-48070F9E796E}' version '8.0.61000' expecting >= '8.0.61000'.
Detected item 'x64/vc50727_x64.exe'
Discovering whether item 'x64/WindowsUpdateAgent30-x64.exe' exists.
Checking file 'C:\Windows\system32\wuapi.dll' version '7.8.9200.16449' expecting >= '7.4.7600.226'.
Detected item 'x64/WindowsUpdateAgent30-x64.exe'
Discovering whether item 'x64/msxml6_x64.msi' exists.
Checking file 'C:\Windows\system32\msxml6.dll' version '6.30.9200.16384' expecting >= '6.10.1129.0'.
Detected item 'x64/msxml6_x64.msi'
Discovering whether item 'dism.exe' exists.
File 'C:\Windows\system32\msrdc.dll' exists. Discovery passed
Detected item 'dism.exe'
Discovering whether item 'x64/MicrosoftPolicyPlatformSetup.msi' exists.
Upgrade code '{19B9818B-7432-49E9-BC02-B126025EE235}': product = '{376CBB7C-A86E-400D-8702-ABA2EFDE35D7}', installed = 1, version = 1.2.3520.0
Checking '{19B9818B-7432-49E9-BC02-B126025EE235}' version '1.2.3520.0' expecting >= '1.2.3520.0'.
Detected item 'x64/MicrosoftPolicyPlatformSetup.msi'
Discovering whether item 'x64/WindowsFirewallConfigurationProvider.msi' exists.
File 'C:\Windows\ccmsetup\WindowsFirewallConfigurationProvider.msi' exists. Discovery passed
Detected item 'x64/WindowsFirewallConfigurationProvider.msi'
Discovering whether item 'i386/Silverlight.exe' exists.
32-bit Hive selected
Detected item 'i386/Silverlight.exe'
Discovering whether item 'i386/dotNetFx40_Client_x86_x64.exe' exists.
Discovering whether item 'i386/dotNetFx40_Client_x86_x64.exe' exists.
Discovering whether item 'i386/dotNetFx40_Client_x86_x64.exe' exists.
Detected item 'i386/dotNetFx40_Client_x86_x64.exe'
Discovering whether item 'SCEPInstall.exe' exists.
Checking file 'C:\Windows\ccmsetup\SCEPInstall.exe' version '2.2.0903.0000' expecting >= '2.2.903.0'.
Detected item 'SCEPInstall.exe'
Discovering whether item 'x64/client.msi' exists.
Item x64/client.msi has not been installed yet. Put to pending install list.
CcmSetup is exiting with return code 0

The only way I know how to remediate this issue right now is to re-run ccmsetup.exe directly, which will simply reinstall the client.

There are two (three) ways that you can avoid having this problem occur though.

Deny the Local System access to ccmeval.exe

  • Navigate to %windir%\ccm
  • Right-click ccmeval.exe
  • Edit the Access Control List (ACL)
  • Take ownership of the file
  • Remove all access control entries (ACE) from the file
  • Disable Automatic Remediation (existing clients)

  • Navigate to the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\CCM\CcmEval
  • Change the registry value NotifyOnly to value true
  • Disable Automatic Remediation (new clients)

  • When you install the ConfigMgr client, append the /NotifyOnly argument to ccmsetup.exe
  • I hope this helps you, if you come across this same behavior on Windows 8 or Server 2012 clients!

    • http://twitter.com/pcgeek86/status/271353011513745408/ Trevor Sullivan (@pcgeek86)

      #ConfigMgr 2012 ccmeval.exe causing client corruption on #Windows8 http://t.co/zYQbwwdZ #sysctr #sccm #ConfigMgr2012 #win8

    • http://twitter.com/anoopmannur/status/271559093431463936/ @anoopmannur

      Rt @pcgeek86: #ConfigMgr 2012 ccmeval.exe causing client corruption on #Windows8 http://t.co/KEBZ1c0F #sysctr #sccm #ConfigMgr2012 #win8

    • Madluka

      Thanks for the registry key, however the CCMSETUP.LOG shows that it the /NotifyOnly switch is invalid and will be ignored.

      • http://trevorsullivan.net pcgeek86

        Weird, that came straight from the Technet documentation!

        Cheers,
        Trevor Sullivan

    • Christian Stückrath

      thank you very much for this article. That just saved me from rebuilding my SC infrastructure (have my SC Databases on a managed 2012 Server, so every night it killed the WMI and the MP with it)

    • Guest

      In the event someone else finds this blog entry troubleshooting SCCM 2012 Client issues on Windows 7, like I did, here’s a relevant KB:http://support.microsoft.com/kb/2796086

      The Windows Management Framework 3.0 patch released with the December patches causes SCCM 2012 clients to break in this specified fashion.  Sorry it’s not directly related to Win8, but still, that’s what I ended up finding.  It could be that WMF 3 is already present on Win8.

    • Ramkumar

      Sir,

      I am unable to run ccmEval.exe on my pc because i cant even find it under my registry. I have already restarted SMS Agent host, still nothing.
      I cant even find under registry. Pls help to fix it. Ramu