Overview of MDM Troubleshooting

  • Article

2/9/2009

System Center Mobile Device Manager has many distributed features and components. Therefore, it is helpful to know which tools are available for you in certain circumstances. These tools can help you find and isolate the cause of an issue.

Dependencies

MDM 2008 SP1 includes the following dependencies that enable it to run:

  • Windows Server 2003
  • Internet Information Services (IIS)
  • Active Directory
  • Microsoft SQL Server 2005
  • Windows Server Update Services (WSUS)
  • .NET Framework 2.0 Service Pack 1
  • Microsoft Management Console (MMC)
  • Windows PowerShell 1.0
  • Group Policy Management Console

For a complete list of requirements for MDM 2008 SP1, see System Requirements for MDM Servers and Managed Devices.

This troubleshooting guide does not address issues for the previous products listed. Instead, this guide provides information about underlying platform components that can affect MDM functions.

Issues with prerequisite software and hardware are beyond the scope of this troubleshooting guide. For more information about how to troubleshoot any of these components, see the product documentation that accompanies these products or services.

MDM Troubleshooting Tools

The following lists the various tools and applications that you can use to troubleshoot MDM.

Tool Description

Event Viewer

This application logs the Application, system, security, and MDM events. Use Event Viewer to obtain information and details when specific issues occur. You should also check the events related to Windows Server 2003.

Tracing with MDM Shell cmdlets

Perform trace logging with the help of a Microsoft representative. A Microsoft representative has the resources to analyze the trace logs.

Some MDM tracing may collect information from MDM Active Directory objects. We recommend that you write the .etl trace logs to a secured area of the disk.

To run the cmdlets on computers that are running MDM, but do not have the PowerShell console installed, such as MDM Enrollment Server and MDM Gateway Server, install Windows PowerShell 1.0 and MDM Administrator Tools. When you install MDM Administrator Tools, MDM Shell will also install.

For more information about Windows Preprocessor (WPP) tracing, see WPP Software Tracing at this Microsoft Web site:

https://go.microsoft.com/fwlink/?LinkId=109941

WPP software tracing produces log files that you can analyze for debugging and troubleshooting issues.

Dd252836.note(en-us,TechNet.10).gifImportant:
We recommend that you perform diagnostic tracing only in association with a Microsoft Customer Support Services (CSS) representative.

To enable WPP tracing:

  1. Open MDM Shell.

  2. At a command prompt, type the following command:

    Enable-MDMTrace -Global -Components Everything -Level Error

The trace logs have an .etl extension and are located in the \Program Files\Microsoft System Center Mobile Device Manager\Logs folder on MDM Shell.

To disable tracing:

  1. Open MDM Shell.

  2. At a command prompt, type the following command:

    Disable-MDMTrace -Global -Components Everything

You do not have to restart the computer or any services after you enable or disable tracing.

Tracing with Logman.exe

Logman.exe is a standard tool found in the \Windows\System32 directory. Users must have Write permissions on the trace folder to run Logman commands successfully.

When Windows Event Logs are insufficient for troubleshooting a problem, you can start WPP tracing for MDM Gateway Server to obtain detailed trace logs.

Dd252836.note(en-us,TechNet.10).gifImportant:
We recommend that you perform diagnostic tracing only in association with a Microsoft Customer Support Services (CSS) representative.

To enable kernel-mode tracing on the network driver interface specification input method (NDIS IM) driver:

  1. Create a trace folder, for example, c:\VPN-trace.

  2. Open a Command Prompt window and then run the following command:

    Logman start ipsecvpn -p {fe2d0d86-76ae-4612-82f0-53bf1371fa28} 0xFFFFFFFF 15 -o <path-to-trace-folder> -ets
  3. Reproduce the problem.

  4. At a command prompt, run the following command:

    logman stop ipsecvpn -ets

To enable user-mode tracing on the NT service for VPN:

  1. Create a trace folder, for example, c:\VPN-trace.

  2. Open a Command Prompt window and then run the following command:

    Logman start mgwpm -p {cf0103c2-4066-47ad-b629-385e74c62069} 0xFFFFFFFF 15 -o <path-to-trace-folder> -ets
  3. Reproduce the problem.

  4. At a command prompt, run the following command:

    logman stop mgwpm -ets

The Logman tool generates an *.etl file in the trace folder that contains unformatted trace information. You must send this file to Microsoft.

Services MMC

Use the Services MMC snap-in to start, stop, and verify that certain services are running.

To open Services MMC, on the Start menu, choose Run, and then type services.msc.

MDM Console

Use MDM Console for status information, for example, for the last time that a device connected applications that installed on a device.

Use MDM Software Distribution Console for status on device package installations.

Use MDM Shell to run cmdlets that retrieve data or set configurations.

Active Directory Service Interfaces MMC

ADSIEdit.msc is a low-level editor for Active Directory that provides a graphical user interface (GUI) to view and change Active Directory. This tool is useful to add, delete, and move objects in a directory service. For more information about this tool, see Adsiedit Overview at this Microsoft Web site:

https://go.microsoft.com/fwlink/?LinkId=109940.

MDM Client Tools

Client troubleshooting tools and steps can help diagnosis issues that arise when the device is trying to enroll, has enrolled, or cannot connect to MDM Gateway Server or MDM Device Management Server. For more information, see MDM Client Tools at this Microsoft Web page: https://go.microsoft.com/fwlink/?LinkID=127030.

MDM Reporting Tools

For information about Report Viewer, see Microsoft Report Viewer Redistributable 2005 at this Microsoft Web site:

https://go.microsoft.com/fwlink/?LinkId=109939

MDM Reporting Tools collect data from Active Directory, MDM Gateway Server event logs, and the MDM databases. This feature uploads the data to a reporting database for comprehensive and detailed reporting capabilities.

Microsoft System Center Mobile Device Manager 2008 Management Pack for Operations Manager 2007

This management pack helps you monitor your MDM deployment, and provides troubleshooting guidance for MDM components and errors. For more information about this management pack, visit the following Microsoft Web site: https://go.microsoft.com/fwlink/?LinkId=123343.

MDM Log Files

The following lists the various log files that you can check for troubleshooting MDM.

Log file Description

MDMsetup.log

The MDMsetup.log file contains information that is collected from MDM component .msi installation logs. However, it does not contain verbose installer data, and does not report return values for the different custom actions. You can obtain the return values and more comprehensive information from the .msi logs for each MDM component installation.

By default, MDMsetup.log is located in the Temp directory.

Windows Installer version 3.1 .msi logs

If you run Setup from the MDM splash screen, the .msi logs have friendly names. For example, DM.log, Enrollment.log, and AdminTools.log.

If you run Setup at a command prompt, no logging is performed unless you use the /L or /L*v parameters. You can specify the log name by adding /L and a log file name to the command line.

Search for Return value 3 and examine the section before the return value. This section has the custom action that failed.

By default, SCMDMsetup.log is located in the Temp directory.

Verbose Windows Installer log

To find the source of an error, generate and analyze a verbose log file. You can use the WILogUtl.exe tool from the Windows Installer SDK. You can enable logging with a Windows Installer logging policy, or by appending /L*v <path of log name.log> to the MSIExec command line.

Application event log

Windows Installer records installation information, such as successful and failed operations, in this event log.

MDM event log

As you install MDM Device Management Server andMDM Enrollment Server, an MDM Event Viewer node is created that provides information on application and installation errors.

After you run Setup for each of these servers, a summary page provides details on installation specifics. This includes service failures and other complications or issues.

Gateway.log

MDM Setup logs do not record the installation of MDM Gateway Server or other MSI-based installations for prerequisites. However, MDM Gateway Server Setup creates the Gateway.log file on the computer that is running MDM Gateway Server.

By default, Gateway.log is located in the Temp directory.

MDM Troubleshooting Tips

The following tips will help you isolate, identify, and resolve issues common toMDM:

  • Check the MSI log, and server Application Event log, to pinpoint the source of the issue.
  • Make sure that the software and hardware requirements on the SQL Server computer are met; see the MDM Deployment Guide.
  • Make sure that the SQL Server computer is in the same domain as the MDM servers.
  • Verify that the account being used has access with Windows Integrated Authentication. Make sure you add the MDM Universal Groups to the SQL Server logins.
  • Verify that the SQL Server computer can be reached by FQDN and IP address from MDM Enrollment Server.
  • If this installation is a new one, verify that the database and sqlinstance keyword values are blank in the Active Directory service connection point (SCP).
  • Review any errors in the MSI log file.
  • Verify that a record for that server does not already exist in the Servers table in the Administration Services database.