Menu Close

Monitoring Microsoft Endpoint Configuration Manager (MECM)

Quick Download:


The old System Center Configuration Manager 2012 Management Pack is no longer available.  Customers often used this to monitor current branch, and it still works well for the most part.

Now that it was pulled, there is a gap for customers who don’t have that old MP, or want something a little more relevant to MECM deployment monitoring.

I have taken the old SCCM 2012 MP’s, and combined them into a single MP.  It largely works the same way, but I made some enhancements based on things I saw in the field.

The biggest changes are around controlling noise for transient errors, and changing the alert source to the Unit monitors, as alerting from rollup monitors was a terrible design as a method to limit noise, because you also limit quality detailed alerts.  Fixed some workflows that flat out didn’t work, and aligned the MP closer to best practices.

  • MECM Client Class discovers sitecode and version properties
  • Fixed errors on MECM client discovery that logged events
  • Added MatchCount property to most monitors to support multiple consecutive samples to reduce noise
  • Removed overrides that were muting alerts from unit monitors
  • Added overrides to disabled alerts from the aggregate rollup monitors and dependency rollup monitors
  • Added ScaleBy to Process based CPU Rules and Monitors so they actually work.
  • Changed Max sample separation on Perf Collection rules from 10 to 4 so one data point will be collected every hour on any perf collection rules that are enabled.
  • Deleted all Manual Reset Monitors and replaced with Rules.
  • Deleted all Classes, Rules, and Monitors for Deprecated and Unsupported roles
  • Renamed all Element ID’s to include the MP ID, and follow structured rules:
    • Datasource ends with .DS and with Displaystring Datasource
    • ProbeAction ends with .PA and with Displaystring Probe Action
    • WriteAction ends with .WA and with Displaystring Write Action
    • MonitorType ends with .MT and with Displaystring MonitorType
    • Discovery ends with .Discovery and with Displaystring Discovery
    • Rule ends with .Rule and with Displaystring Rule
    • Monitor Ends with .Monitor and with Displaystring Monitor
    • Aggregate Monitor ends with .AggregateRollup.Monitor
    • Dependency Monitor ends with .DependencyRollup.Monitor
    • Groups end with .Group and with Displaystring Group
    • Task ends with .Task
  • Removed all Override Displaystrings which were pointless
  • Reduced frequency of MECM Client Discovery from 60 seconds to once a day.
  • Created an override to disable the SMSExec service monitor for members of the Site Database Computers Group, since this was causing false alarms as Database servers are not typically Site server roles with SMSExec service present.




You can download this management pack here:


If you have any feedback or monitoring requests, I will be happy to consider them for future updates.


    • Kevin Holman

      This is a new MP with new ID’s, so it will not upgrade the old one. The SCCM 2012 MP’s should be removed, but you can run them side vby side for a short time if you need to. It will be confusing because some objects in the MP will have duplicate names. Obviously, customers will have a lot of overrides referencing the old MP’s so removing can be a pain. I’d still recommend it, because the old overrides likely won’t apply directly so I’d use it as a chance to start fresh.

  1. Ollie Woodall

    Great news! Do we understand why MS ceased development on SCCM MPs?

    Would there be any problem having this new MP imported, side-by-side with the SCCM 2012 MP? While we worked through the overrides required in the new MP (we have a LOT of overrides for the original 2012 MP).Or should you remove SCCM 2012 MP first?

    • Kevin Holman

      You can run the new one side by side. However, I’d keep it short, because some object names like groups will be duplicated.

        • Kevin Holman

          Meaning I’d make it a project to get the old one removed as soon as you can. I would not run both of them for months and months, because it could cause noise and confusion.

  2. Jay

    Hi Kevin,

    I just installed this MP and one of the groups we support that have no SCCM related objects in their server group/email subscription received email alerts from multiple servers that aren’t theirs for the critical alert MECM Windows Deployment Service Not Running. Is this a known issue?

    • Kevin Holman

      No. It isn’t. At least, not yet.

      MECM WDS Availability Monitor (MECM.PXEServicePoint.WDS.Service.Monitor) targets the class: ConfigMgr PXE service point (MECM.PXEServicePoint).

      If you look at discovered inventory for this class, do you have discovered objects that you do not expect in there?
      If you look at the group definition for the group scoping the people receiving alerts – how is it defined?

      • Jay

        When I target ConfigMgr PXE service point, I see objects that I expect to see in there. They are all objects from MECM servers.

        The subscription I created, targeting the server group of the team that received the email alert for the monitor, does not contain objects from the ConfigMgr PXE service point class within the server group. I have the subscription set to only receive new critical alerts targeting their server group which only contains the Windows Computer/Health Service watcher objects of the computers they support. Those computers are all SQL and DHCP servers.

        This issue occured immediately after installing the management pack. The MEMC WDS Availability monitor alerted right away on darn near all our MECM servers and thats when the other Non-MECM team received the email alerts. It may have just been a one-off type of deal, but I would have to wait for the alert to trigger again to see if it happens again. No other team in our environment received the email alert so that is a good thing.

  3. David Zemdegs

    Thanks heaps for that. I uninstalled the old one and installed this new one. I get a monitor alert about the notification port not being open. According to the doco I needed to open TCP port 10123 which I did but the monitor is still actively alerting. What I couldnt find was how to check which port the alert monitor is looking for?

    • Kevin Holman

      The Monitor for client notification port (like many monitors in this MP) gets this data directly from MECM. MECM publishes component state and severity in the registry, the monitors read this registry value straight from what MECM thinks about the health of itself:


      SOFTWARE\Microsoft\SMS\Operations Management\Components\SMS_Notification_Server\D07ACE61-FB84-4461-9F52-ABBA07C2EE3A\State

      SOFTWARE\Microsoft\SMS\Operations Management\Components\SMS_Notification_Server\D07ACE61-FB84-4461-9F52-ABBA07C2EE3A\Severity

      If Severity = 2 or 3 the monitor is marked unhealthy. If Severity = 0 or 1 the monitor is healthy. So if your monitor is unhealthy – then MECM thinks there is a problem with this component. You should have status messages in MECM reflecting this?

      • David Zemdegs

        the bgbserver.log has a few errors around specific clients timing out but nothing that suggests an entire port is not open. Looks like an erroneous alert. Override time.

  4. Ali

    I added this SCOM management Pack in to SCOM.
    Only if I check the Microsoft Endpoint Configuration Manager module in SCOM it’s completely empty.
    It looks like it doesn’t want to discover my SCCM environment

  5. Scott

    This is great Kevin, thanks. Is there support added for active/passive site servers? The biggest issue we’re having with the current MP is due to a bug (sort of) in MCM leaves turns all the registry flags MCM uses to determine site health to an error state on the passive site server. We’ve written some PowerShell to reset the values to “green” on the passive site server after a failover to prevent the false positives, but ideally the MP would be active/passive site swerver aware someday.

    • Kevin Holman

      I need to know more about this scenario. I’ll talk with my MECM guys and see what they say. If you want to give me more details – feel free to shoot me a comment via my blog with your email address, and we can start an email conversation

      • Stephen

        I have the same issue with the active passive and awhile back had a case open. This was the end result.

        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Identification\Site Servers

        This will contain a key for both(all) nodes and have a value of 1 or 0 meaning the below:
        1 = Active
        0 = Passive

  6. Michael Forde

    Thanks so much for this Kevin – Absolutely required… still confuses me that it’s had to come through you … and not the “official” channels. Please never stop doing what you do 🙂

  7. Kamil

    Absolutely awesome MP which should be provided by official Microsoft channels.
    Could you share on github xml file with mp? It will be nice looking inside before import on TEST or DEV environments.

Leave a Reply

Your email address will not be published.