Friday, June 28, 2019

ConfigMgr Clients are no longer receiving User Deployments

Removing the Application Catalog Role within ConfigMgr was not as straight forward as i was hoping !

Like many SCCM admins historically the Application Catalog Web service Point and Website point were installed in order to deploy applications to Users.  
However, this feature is now depreciated and User deployments can be deployed without this role as the client will query a management point instead for all deployments (user and device).

I decided that this role should be removed as we were on 1810 Hotfix2 and colleagues had stated the transition was near seamless (see below regarding a reported BUG and quick fix to modify any Client setting).

The procedure to remove the App Catalog role is straight forward:
1. Remove references to App Catalog website within Client Settings.
2. Remove the Roles within the SCCM console.

In our case the removal of the website within Client Settings and the system roles was straight forward however, we saw in a few cases Clients are no longer receiving User Deployments and I thought I would write this blog to share my experience and how to detect systems in a similar state.

Lets gather the logs!

Using endpoint Url: https://AppCatalogSERVER:443/CMApplicationCatalog, Windows authentication (Microsoft.SoftwareCenter.Client.Data.ACDataSource+<>c at <RefreshLocalSettingsAsync>b__13_0)
The client is looking for User deployments using the AppCatalog server website however, this does not exist and it not referenced in Client Settings.


Raising event:
instance of CCM_PolicyAgent_PolicyDownloadSucceeded 
Failed to compile rule "{Rule_WRC10000}": 0x8000ffff
Raising event:
instance of CCM_PolicyAgent_PolicyCompileFailed 
We can see that Policy is downloaded however fails to compile.

The Image below details the "Actual" policy applied and as you can see 'Reserved1' details the AppCatalog Website which does not exist; however the client is told to use this address to find User deployments.  As the site does not exist policy cannot exist and Software Center does not show User deployed Applications.

The Image below details the "Requested" policy applicable via Client Settings. As you can see 'Reserved1' does not detail the AppCatalog Website; the client should understand that and receive User policy from the Management Points as intended.  If this was working the SCClient_Domain@USERNAME_1.log would show details for the Management Points instead.

While I cannot explain why the Client Settings are not compiling it did conclusively show that the Site Server was offering the right policy but the client was not applying it.  Various sites have stated this behavior is a known bug and that simply changing a Client Setting would re-engage the client and allow the desired policy to apply.

This client would not update which made me wonder how many systems in the estate have this exact issue?

Using PowerShell you can query the class CCM_ClientAgentConfig namespace and report a compliance metric; this is easily deployed via ConfigMgr Baselines..

$ClientConfig =Get-WmiObject -class CCM_ClientAgentConfig -namespace "root\ccm\policy\machine\actualconfig"
IF ($ClientConfig.Reserved1 -eq "https://AppCatalogSERVER:443/CMApplicationCatalog")
{Write-host "Non-Compliant"}
{Write-host "Compliant"}

The hope at this point is that the Agent Config client settings compile issue is limited to a small number of systems. Once the exposure of non-compliant system is understood we can see if a Remediation Script needs to be added to the Baseline.

...........Watch this space for Remediation (28/06/19)

Key Search words, phrases

Policy not compiling
Remove AppCatalog


  1. Hey there! Good stuff, do keep us posted when you finally post something like that! House Movers South Dublin

  2. Would love to always get updated outstanding blog ! . Auto verkaufen

  3. Your post is guiding thousands of people who are facing the same issues. Sharing personal experiences is such a courageous act. The step by step details provided by the web application development services is also a significant contribution to the system. Pictures are making it more reliable and practical to get the benefit out of it.

  4. This works great, but I can’t get a shortcode to work with it for my website.

  5. any job requires a careful approach. Especially it concerns essay writing. In this essay service you can order the writing of the works you need. An essay to order wr1ter is a great option for those who do not know how to correctly express their thoughts. Your work will be written efficiently, quickly and as efficiently as possible.

  6. Go to \Administration\Overview\Site\Configuration\Servers and Site System Roles' in your ConfigMgr console. Remove each of the roles from the Application Catalog by clicking Remove Role. You should be able to monitor the uninstallation process using smscomp.log. Afterward, you should see a post like this indicating that the role is being deactivated, followed by a series of activities that complete the transition to 1806. According to Video Animation Production Company It is expected to take place pretty rapidly.