How To Collect SCCM Client Logs From ConfigMgr Console

Let’s see how to collect SCCM client logs from ConfigMgr console. You can collect the SCCM logs from the remote client machines by sending a client notification action from Configuration Manager console.

The feature to collect SCCM logs was first introduced in Configuration Manager technical preview 1912. This new feature was next added to SCCM 2002 release as well.

Collecting the log files from remote computers is a really useful for admins who normally require the log files to troubleshoot the ConfigMgr agent related issues.

If you haven’t explored this feature yet, this post should help you in understanding about the SCCM client log collection feature.

What is Client Log Collection in SCCM?

Client log collection in SCCM is a feature that lets you trigger a client device to upload its logs. The log files are sent to the site server by sending a client notification action from the Configuration Manager console.

The client log collection in SCCM is very useful for admins who don’t want to retrieve log files from remote computers.

Imagine a situation where you as an IT admin would require reviewing SCCM client logs for troubleshooting a remote device.

Without the client log collection feature, the admins had to do the following to get the log files from remote computer.

  • Walk up to user desk and manually collect SCCM client logs from the computer.
  • If the computer is in a remote location, guide the user the location of Configuration Manager log files and ask user to send it via email.
  • Launch CMTrace tool on the computer and connect to admin$ of the remote computer and review the client logs.
  • Use a PowerShell script to copy the entire SCCM client log directory (C:\Windows\CCM\Logs) to computer and review the logs.

So as you can see, collecting the log files from remote SCCM computer is a tedious process. Hence, Microsoft introduced the feature to collect SCCM client logs to help admins troubleshoot the issues remotely.

Requirements to Collection SCCM Client Logs

Following are the requirements to collect SCCM logs using SCCM console:

  • ConfigMgr Server and Console version should be 2002 or later version.
  • You must update the client agent to the SCCM 2002 version (minimum version 5.00. 8968.1008) or later version.
  • The client agent on the target computer should be online and must have active status in the SCCM console.
  • Your Configuration Manager administrative user needs the Notify resource permission.
  • The Full Administrator and Operations Administrator built-in roles have this permission by default.
  • A proper connectivity to target computer is a must for collecting the log files.

With all the above prerequisites in place, you can collect SCCM logs from a remote computer.

SCCM Log files for Client Log Collection

When you intend to use the client log collection feature in SCCM, there is a associated log file. The log file associated with client log collection feature is Diagnostics.log.

This diagnostics.log file is located in the following location – C:\Windows\CCM\Logs folder. This log file confirms whether the client logs were sent to SCCM site server or not.

How to Collect SCCM Client Logs using Console

Let’s see how to collect log files from SCCM clients using console:

  • In the Configuration Manager console, click Assets and Compliance workspace.
  • Right-click on a device and select Client Diagnostics > Collect Client Logs.

Note: You can also select Collect Client Logs under Client Diagnostics from either the Device Collections or Devices node using the ribbon.

Collect SCCM client logs
Collect SCCM Client Logs Using ConfigMgr Console

To collect the log files from a computer, the client device must be online. The client will be notified to collect the client logs which are further sent to site server. Click OK on the information box.

Collect SCCM Client Logs Using ConfigMgr Console
Collect SCCM Client Logs Using ConfigMgr Console

What happens when you trigger Log File Collection?

When you trigger the client log file collection, the following activities occur in the background:

  • A client notification message is sent to the selected clients to gather the SCCM client logs.
  • The logs are returned using software inventory file collection.
  • You can review diagnostics.log on the client computer. This log file is located along with the other client log files in default location – C:\Windows\CCM\Logs folder.
  • The maximum size limit for the compressed client logs is 100 MB

This diagnostics.log should tell you whether the client log files were sent to site server successfully or not. The line FileCollection: Successfully sent report confirms the log files were sent successfully to the site server.

Collecting log files ... DiagnosticsEndpoint 
PowerShell path: C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe DiagnosticsEndpoint
FileCollection: Successfully sent report. Destination:mp:MP_SinvCollFileEndpoint, ID: {FDED4A8B-0D9C-4577-9E69-7B9A485AD5B9}, Timeout: 10080 minutes MsgMode: Signed, Not Encrypted DiagnosticsEndpoint
Diagnostics.log
Diagnostics.log

View the Client Logs from Console

In the above step we successfully gathered the client log files from remote computer. To view the log files, you must again use the Configuration Manager console.

To view the collected log files from ConfigMgr console:

  • In the console, go to Devices node, right-click on the device you want to view logs for.
  • Select Start, then select Resource Explorer.
  • From Resource Explorer, click on Diagnostic Files.
  • From the list of options, click View File and open the log files from CcmLogDataCollector\Logs folder.
View client logs
View client logs

On the Resource Explorer window, click Diagnostic Files and in the right pane you will see some fields.

  • Collection Date
  • File Name
  • File Path
  • Client Logs File Size (Bytes)
  • Last Date Modified

When you right click the collected log file info, you get set of options.

  • Open Support Center
  • Copy
  • View file
  • Save
  • Export
  • Refresh
  • Properties
View client logs
View client logs

When you click Open Support Center, the Configuration Manager Support Center viewer opens. It loads all the log files along with full path and name. To view a log file, simply double-click any file, and you can view the log file in Log Viewer tool.

Read: Tools to View SCCM log files

View the log files in Support Center
View the log files in Support Center

The next two options include Copy and View File. The Copy option copies the row information from Resource Explorer. While the View file opens the folder where the zip file is located with File Explorer.

View Extracted Client Logs
View Extracted Client Logs

Export the Client Logs

After you collect SCCM client logs, you can export the client logs and save it on your computer. The last two options are Save and Export. Save option opens a Save File dialog for the selected file.

Save Client Logs
Save Client Logs

Clicking Export saves the Resource Explorer columns shown in Diagnostic Files.

Export Client Logs
Export Client Logs

10 Comments

  1. is there a way to trigger this action through WMI trigger schedules or any other way that can be scripted? it’s not listed in the documentation for WMI TriggerSchedule Method.

  2. Avatar photo Tom Baumann says:

    Hi, is there an option to collect an additional Custom Logfile with this function? Or I have to use the origin Software Inventory Collection feature. Thanks.

    Tom

  3. I’m receiving a similar error any solution? Any assistance is much appreciated.

    PowerShell path: C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell.exe
    GetAllCcmLogs: Non-zero exit code. 5.
    GetAllCcmLogs: Failed. 0x80004005.

    1. Also, I have confirm the following:
      Client Version: 5.00.9040.1044
      Client online and shows as active in console
      Client Check result Passed

  4. Is the output in .json/CEF format or can it be in order to be ingested by a SIEM for example?

  5. Avatar photo Glory Rotty says:

    Thank you for your kind words

  6. Avatar photo PETER ALONSO says:

    Great Article! Thank you. When I open an individual log file, there is a Live Update button but the flyout message that not all files support this feature. Would you know which Files support the Live Update feature?

    Thanks

  7. Avatar photo Felipe Ribeiro says:

    Hello, Prajwal!

    I tried to get the logs of my client and this error was showed for me.

    ” GetAllCcmLogs: Failed. 0x80004005. DiagnosticsEndpoint 16/10/2020 16:16:17 1860 (0x0744) ”

    Is There any recommendation?

    Thanks in advance.

    1. Check if the client is upgraded to latest version and is the client online and shows as active in console ?.

    2. i am also getting same error any solution so far on this?

Leave a Reply

Your email address will not be published. Required fields are marked *