Desktop Analytics is a cloud-based service that integrates with Configuration Manager (#MEMCM). Desktop Analytics provides insights and intelligence for you to make more informed decisions about the update readiness of your Windows clients. It combines data from your organization with data aggregated from millions of devices connected to Microsoft cloud services. For more information and how to setup desktop analytics, please read https://docs.microsoft.com/en-us/configmgr/desktop-analytics/set-up.
After setting up the desktop analytics, I went through some troubleshooting issues as the devices are not successful in the enrollment in the first place. The issues related to the proxy, network, services, etc.
In this blog post, I am going to list down the things that are important and help you to troubleshoot further to resolve the enrollment issues.
When you configure desktop analytics, the devices need to send diagnostic data to Microsoft. If your environment uses a proxy server, then make sure that a proxy doesn't block the diagnostic data because of authentication.
If your organization uses proxy server authentication for outbound traffic, use one or more of the following approaches given in the documentation https://docs.microsoft.com/en-us/configmgr/desktop-analytics/enable-data-sharing#proxy-server-authentication
Diagnostic data levels:
In the desktop analytics connection, you can also choose if the device can use user-authenticated proxy for outbound communication or not.
By default, this value is No. If needed in your environment, set to Yes.
Client side troubleshooting:
Desktop Analytics service has no agents to install on windows devices. Device enrollment requires configuring settings on the devices you want it to monitor. These settings control to which Desktop Analytics instance the device should send its data, and other configuration options.
When you enable the desktop analytics and configure/deploy it to collection, Configuration Manager creates a settings policy to configure devices in the Target Collection.
This policy includes the diagnostic data settings to enable devices to send data to Microsoft. By default, clients update policy every hour. After receiving the new settings, it can be several hours more before the data is available in Desktop Analytics.
This configuration baseline is hidden in the console and you cannot not find it in compliance settings.
You can see it as deployment on the target collection and in the monitoring space too.
To see the compliance status for this, you can either check the client logs or monitoring space.
On the client side, you can see it in the configuration manager applet in control panel, configurations tab with name: M365Asettings.
This configuration baseline setting will set some registry keys that help the client to communicate with desktop analytics and forward the telemetry data based on the configuration you did in configmgr DA.
Monitor the log SettingsAgent.log for Enforcement of specific applications, records orchestration of application group evaluation, and details of co-management policies.
There are few registry keys that will set to configuration ID.
Registry values to be set: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection
You can also monitor the logs to check if the client successfully configured for enrollment by looking at M365AHandler.log
Starting in ConfigMgr 1906, we can use DesktopAnalyticsLogsCollector.ps1 tool from the ConfigMgr install directory to help troubleshoot Desktop Analytics device enrollment issues.
It runs some basic troubleshooting steps and collects the relevant logs into a single working directory.
To run the script, you can launch powershell window as admin and run the script.
As you can see below, the service connected user experiences and telemetry is not running.
Following are the services to be running for Desktop Analytics:
Services:
Connected user experiences and Telemetry
Program compatibility assistance service
Diagnostic policy service
To help remediate issues such as app compatibility data (RunAppraiser failed), run the following commands from an elevated Windows PowerShell console on the affected client:
# stop associated services
Stop-Service -Name diagtrack #Connected User Experiences and Telemetry
Stop-Service -Name pcasvc #Program Compatibility Assistant Service
Stop-Service -Name dps #Diagnostic Policy Service
# regenerate diagnostic data cache
Remove-Item -Path $Env:WinDir\appcompat\programs\amcache.hve
Remove-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" -Name AmiHivePermissionsCorrect -Force
# set ASL logging level to output log files in %windir%\temp
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags" -Name LogFlags -Value 4 -PropertyType DWord -Force
# restart services
Start-Service -Name diagtrack
Start-Service -Name pcasvc
Start-Service -Name dps
There are lot of device properties for the desktop analytics device enrollment, please read https://docs.microsoft.com/en-us/configmgr/desktop-analytics/monitor-connection-health for troubleshooting.
There are also nice built-in connection health to monitor the status of desktop analytics enrollment issues.
Clicking on donuts help you to identify the list of devices with device properties.
Since there are built-in report for the desktop analytics, it is hard to always use console to monitor the connection health of the devices.
You can download the custom reports for Desktop Analytics from https://www.systemcenterdudes.com/memcm-sccm-desktop-analytics-reports/ and deployment reports from https://www.systemcenterdudes.com/memcm-sccm-desktop-analytics-reports/
I will keep updating this blog post whenever i come across any issues with DA.
If you have come across any issues during the device enrollment, please report them via comment section.
Continue reading:
Desktop Analytics connection health monitoring Monitor connection health
Desktop Analytics FAQS https://docs.microsoft.com/en-us/configmgr/desktop-analytics/faq
Desktop Analytics troubleshooting https://docs.microsoft.com/en-us/configmgr/desktop-analytics/troubleshooting
2 Comments
Hi we dont have system proxy on computers so i need to setup IP adress on our FIrewalls (we cant use hostname couse Cisco ASA can use only IP adress) is there some IP reange i need to enable ?
Hi,
If you are using proxy to connect to internet, you can follow this article to allow the list of urls for device (system account) at firewall/proxy to allow the communication https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/enable-data-sharing#proxy-server-authentication. This URL has list of all client connectivity endpoints etc.
Thanks,
Eswar