Deep Dive into How the Site Server Works in Configuration Manager (SCCM)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

Great video as usual Justin! Explaining the complex in an easy and concise way :)

This video really helps you to understand how ConfigMgr works.

👍︎︎ 6 👤︎︎ u/plugstart 📅︎︎ Dec 08 2020 🗫︎ replies

In this #ConfigMgr video guide, we will review what the site server is in a Configuration Manager site and the functions the site server performs.

Docs:

- Site Server and Site System: https://docs.microsoft.com/en-us/mem/...
- Use the Configuration Manager Service Manager to manage site components: https://docs.microsoft.com/en-us/mem/...
- Logs for Site Server: Server log files: https://docs.microsoft.com/en-us/mem/...

Sections:

Intro: (0:00)
What is the ConfigMgr site server: (0:36)
Functions of the Site Server SMS_EXECUTIVE Treads: (2:37)
Review a site system: (3:40)
Review Configuration Manager Service Manager and the threads running under SMS_EXECUTIVE service: (4:20)
Review components and log files used by the site server: (8:30)
How we enabled verbose and debug logging on the ConfigMgr site server: (10:45)
Review SMS_AD_SYSTEM_DISCOVERY_AGENT | adsysdis.log: (13:00)
What are ConfigMgr inboxes on the site server: (14:25)
Review SMS_AD_USER_DISCOVERY_AGENT | adusrdis.log: (16:12)
Review AD group discovery: (17:19)
Review SMS_CLIENT_CONFIG_MANAGER used for Client Push CCM.log | Records activities for client push installation.: (18:08)
Review SMS_COLLECTION_EVALUATOR | colleval.log | Records details about when collections are created, changed, and deleted by the Collection Evaluator.: (20:40)
Review SMS_INVENTORY_DATA_LOADER | dataldr.log: (23:30)
Review SMS_DISTRIBUTION_MANAGER and SMS_PACKAGE_TRANSFER_MANAGER | distmgr.log | Records details about content distribution requests. & PkgXferMgr.log - Records the actions of the SMS_Executive component that is responsible for sending content from a primary site to a remote distribution point.: (28:44)
Review SMS_HIERARCHY_MANAGER | hman.log | Records information about site configuration changes, and about the publishing of site information in Active Directory Domain Services.: (33:25)
Review SMS_SITE_COMPONENT_MANAGER - sitecomp.log | Records details about the maintenance of the installed site components on all site system servers on the site.: (35:00)
Review SMS_STATE_SYSTEM | statesys.log | Records the processing of state system messages. (39:00)
Review SMS_WSUS_CONTROL_MANAGER: (41:00)
Review SMS_WSUS_SYNC_MANAGER: (43:30)

👍︎︎ 5 👤︎︎ u/PatchMyPCTeam 📅︎︎ Dec 08 2020 🗫︎ replies

Nice, Best videos in the game. Can't wait to check this one out

👍︎︎ 5 👤︎︎ u/ConfigMgrKing 📅︎︎ Dec 08 2020 🗫︎ replies

Thank you. I really appreciate you / the team! I always recommend setupconfgmgr.com for tutorials now.

👍︎︎ 3 👤︎︎ u/EdenNelsonConfigMgr 📅︎︎ Dec 09 2020 🗫︎ replies

Always top-notch content. Great products, Great education. Thanks for the effort and contributions to the community.

👍︎︎ 3 👤︎︎ u/configmgrgeek 📅︎︎ Dec 09 2020 🗫︎ replies
Captions
hi my name is justin shelfon i'm the founder here at patchmypc we develop a third party patch management solution that integrates into microsoft configuration manager and intune prior to my current rola is also a premier field engineer at microsoft supporting config manager in this video we're going to be taking a look at what a site server is within a config manager site as well as how it compares to a site system and really just kind of dig in deep into what are the different threads and functions the site server performs just to give you a better understanding would be the goal of this video so to get started let's just take a quick look at the documentation page so there's not a whole lot on the docs other than basically saying hey the site server this is just where you originally install uh a config manager site um so the easiest way to understand what your site server is within your hierarchy whether that's a cast primary secondary site is if you go into your servers and site system roles you should see a type of a primary site and if you look at the components installed you're also going to see the site server role so that's going to let you know hey this is the main site system role and this is what hosts the primary config manager components and services that perform a lot of the core of the site now if we look back at the docs there's also these things called a site system so this differs from the site server where it could be any remote server that hosts any different site system roles within the site so an example of a site system would be if we look back in our site we can see that we have this additional server called sitesystem.contozo.local we can see it saying it's a site system server and we can see this one only has the site system component and it does not have a site server so for example we can see it's hosting a software update point a service connection point a management point and a distribution point so it doesn't have that primary site server role and you can have a lot of different remote site systems and they're primarily used to scale out your site for example if you have remote locations a common one could be a software update point in a distribution point that could be a remote site system server which would not be the same as the site server which would be the primary one within that site so i think that's pretty good from a general perspective of what a site server is and what a site system server is but now let's kind of dig into the functions of the primary site server as well as what it does so if we look into services the the main thing that you're going to notice here is the sms executive service so on a site server this is going to have different threads or components that run under that windows service that performs different actions for the site another thing is on the site server you're also going to have the site component manager service this one's pretty big this is actually going to be a separate service from the sms executive and it's the service that would handle installing any remote site systems so for example if you said i want this remote server to be a site system that's a software update point this is the service on the site server that would actually remotely connect to that server it would copy the bits down for the software update point and it would actually initiate the remote installation using wmi from that site server so that's the sms executive on our site server so we can see we're currently on demo three now what you'll notice we're going to jump over to site system and that's going to be our remote site system that had that software update point you're also going to notice that we have the sms executive service there but the the big thing there is it's going to be different in the fact that it's not going to run all the the same threads as the sms executive on the site server so um let's go ahead and jump back to our site server and a good way to visualize this if you go into monitoring let's go to system status and then component status what we can do here is we can see the different components that are running on the different servers so for example we can see demo three these are a lot of different sub components running under the sms executive service and then we also have some components under site system so what i'm going to do is go and click on start and then i'm going to open the configuration manager service manager so what this will do this will show us the different components or threads that are actually running under the executive service on our site server so this will just take a moment to connect essentially what this is going to do is look at the registry on the different servers within your site and it's going to show you which components are actually running so while this loads let's actually take a quick look at the registry and see if we can show you what is actually going on and what this tool is querying so if we come over here and look at our components let me just copy this reg key i'll include this in the notes of the video as well just for quick reference so we're currently on our site server let's go ahead and open that up and we can see all these different components that are running on the site server so if we come and look at our sms executive service and we open up the threads we can see that these are the different threads under the sms executive of the site server so for example we can see things like the different components that are responsible for discovery right we can see our ccm so this would be the component that handles pushing out the client from the site server and these are just the different threads that essentially make up the sms executive service of the site server here for example is the rural engine log so this would be the component on the site server that actually handles automatic deployment role processing if we come in and actually look at the location of that you can also see the specific dll on the site server that is actually running that component under the sms executive okay so let's see if this is loaded up so we can now see if we look at our servers if we open up demo three we can see that these are the different components or threads that are running under the executive service on the site server so this is essentially the different components listed here this is ultimately the site server and the tasks that are being performed within that site server right so for example let's say that we wanted to go look at the wsus configuration manager component or the wcm component you can come in and you can query and you can see whether or not that thread is started so we can see it's currently running we can see it's a thread of the sms executive service now this is querying the registry so what we can do to actually show you what this is looking at let me come back to my registry locations and let's go ahead and look under this threads so here we go so it looks like we're actually already in that key so this is essentially querying so let's look at that ws configuration manager or wcm component and what we could actually do is if we were to come into this tool we could choose this stop action and what that would do that would essentially stop that component within the site server under sms executive so for example if we come in and look at our log files we can go look at the wcm.log and when we right clicked and chose stop what that essentially did is told that thread of the executive service to go ahead and stop so that specific thread would be responsible for example for configuring remote ws servers or software update points within the site so i'm kind of going over this to make sure that you guys understand you know this is all running under a single service for the most of the task but all of these uh services or that service has different threads that are responsible for different core actions within the site server now what i did is i went over to the documentation page for log files so let me just include a quick link here and show you where i got this data and this will also be in the notes of the video below so what i did is i created an excel document basically going over the site server anything that contains site server i basically grab that and put into an excel doc and that's ultimately going to be the different components that make up what the core site server does so i'll include this link for this excel sheet just in case you want to download and take a look of course you could check out the docs that's going to be the most up-to-date version but what i thought would be helpful in this video is to cover some of the core components that i would say are most commonly used for actions that would be performed from the site server so for example the items that are listed in bold here these are the ones that i'm planning to cover just a quick summary of each of these within this video so for example ccm.log this one is very common this is going to be the component that actually records any client push collection evaluator this would also be on the site server this would be whenever collections are being updated this would be the component on the site server that's responsible for doing the updates of those dynamic collections for example disk manager that would be where you can see different packages and application content whenever it's being updated on dps package transfer manager that's where you could actually see the binary content for apps updates really any any package content going out to remote distribution points that would be facilitated from the site server within the content library site comp this is going to be a big one this is going to be whenever you install a remote site system this is the component on the site server that is actually going to go out and connect to that remote server make sure that the site server has admin rights on that server and actually initiate the installation of any uh components for that remote site system so these are kind of some of the things just to give you a structure of what we're going to be looking at that i want to cover within this because this is going to be ultimately the task that the site server performs now one thing that i do want to note is i did enable verbose logging as well as debug logging on my site server the idea was that we could get a little more info in the logs as we go through these different components so just be aware that if you don't see the same level of logging within your site it's likely because we have verbose logging so the way that we turn on verbose or debug logging within a component is on your site server within software microsoft sms tracing we look over here each of these components have a couple of different things here so what we set by default debug logging would be zero meaning it's off we went ahead and set that to 1 and we also changed the logging level from 1 which is normal to 0 which is verbose logging so we do have some additional logging on here that would make the logs that we look at today quite a bit more verbose so we did that for every single component that is running under the site server so what we ultimately did we ran a powershell script that just looped through these keys this is something that cody an engineer on our team created i'll probably make this available but just be aware if you do enable verbose and debug logging these logs can grow quite quickly and in most cases it's going to be a lot more info that you need generally if you're troubleshooting you would probably only want to enable verbose and debug logging on the specific component that you're troubleshooting right so if wsync manager was having issues you would probably only want to enable debug and verbose logging you know on that specific component and once you're done troubleshooting you'll probably turn that back off so that you don't have those logs writing so frequently causing things like disk io to be excessive okay and then last thing i guess just to mention before we dig in we're not going to be looking at every component that makes up the site server so there are going to be a lot of functions um that we're not covering today but i think i am covering some of the core ones that would be most common from a day-to-day perspective where you may be troubleshooting different configurations of the site server that may not be working as intended for example so first thing let's take a look is discovery data so the site server would be responsible for performing any type of discovery so for example if we come over here and let's go ahead and open up our log folder because this is going to be ultimately where the actions are taking place would be here so let's say for example we already have system discovery enabled so that's going to be where your site server can go query different ous within ad and it can discover computers right so let's say for example we wanted to kick this in so the log file for the component of the site server here would be adsist.log so this guy right here oh i think that's actually group discovery ad system group adsisdiscover.log okay i think it's this guy here all right so here we go so we can see that we have the adsyst.log so when i went and click run discovery now you can see it actually kicked in that component and then it started to query either the ous or the containers that i had set to discover so this for example this would be a component of the site server that would be responsible for covering or discovering any devices that you may potentially want to push the client to now a lot of the actions that get performed within the site server so for example we can see a ddr so that's a data discovery record so any record that we discovered like a computer object that would be considered a ddr so a lot of the tasks the site server performs these different components they use what's called an inbox within config manager so if i were to come in and let's say i want to go look at the inboxes there's a lot of different inboxes for these different threads that run under the component so for example we can see that for discovery the inbox that was used was off and then ddm i believe ddr so ddm.box so whenever a record gets discovered with an active directory it would put a file into here in this inbox this would tell the component to actually process that data discovery record and then it would ultimately write that client record into the database so for example we can see that a machine called demo1 was discovered from active directory we can see the different properties that we discovered like the ip address of it and if that machine didn't already exist that component would drop it into the inbox and then the component monitoring the files within that inbox would then process it into the database so we'll actually see this a little bit more once we start talking about the hardware inventory component and we can actually see some of this happening in real time now one thing that you may have noticed like that log file it did take quite a while to load um so that's because i have that verbose and debug logging so let me see if i can just kind of clear up the existing logs here just so it doesn't take so long to load so kind of same thing here let's say that you wanted to run a user discovery so that's going to also be a component running under the site server we should see it kick in in a second it's going to be aduserdiscs.log so once that thread kicks in we should see that log file get created here in a second there we go so we can see 80 user disk kick in here and since we deleted the log before and since we have verbose and debug you can see that this actually just kicked in just right now so this is uh from running that discovery in a relatively small lab we can see that due to that debug and verbose logging there's actually a ton of content going on here even in this small lab so for example we can see that when that component kicked in we can see the verbose logging it gives us a lot more detail like for example we can see we discovered a user called cody mathis we can see the ou that he's in and just a lot of different data within that logging level so this would be the component involved in discovering users so if you wanted to deploy to users you'd have to make sure they're discovered and then kind of same thing here if i wanted to run a group discovery we'll see the ad sg which system group discovery kick in here in a second as well there we go we can see ad sg disks so that's the log that would be discovering the different groups that i want to detect so within that component you can see all the groups that are being discovered here and that would be another thread of the executive service on the site server and that would be its sole responsibility is discovering groups and writing that into the database which you can then see within your config manager console for example if we came over here and looked at the user collections or device collections you could populate groups under the criteria that you wanted to query here all right so the next big one ccm.log so this one's a pretty common one that if you're doing any type of client push you're probably already quite familiar with this log file so for example let's say that you wanted to push the client to a device that was discovered so in my case i'm just going to choose one that i've already got running and let's say i just wanted to reinstall the client whether or not it's a new install like client equals no or client equals yes and you're just reinstalling it the process would be exactly the same from this perspective so let's just say i want to always install it i want to install it for the site that i'm on so when we kick that in what we're going to see and this will probably happen too quick is there's going to be a file that gets dropped in the ccm inbox and then this component will discover that and it will know the computer name based on that discovery and we'll see it actually trying to connect and install the client on that machine so we can actually see this all happening now so let's just see what we got going on here so here's where we can see the inbox so when we went in and we said we want to install the client it created a new file and it dropped it in that inbox on the site server and this component detected hey there's a new file in here i need to go push the client to something so then we can see it found from that file the computer account that we wanted to install it from and then this component on the site server would then reach out and it would try to connect to the admin dollar sign which is the c windows directory this is why the site server unless you're using a connection account would need to have local administrator rights on the machine for this remote push and it's also why you would need to have the wmi port so that it could remotely execute processes so for example we can see the site server then started to copy ccm setup to that remote machine and then it essentially executed the ccm setup on that device so if we were to go over to the demo 3 client let's take a look here there's probably a good chance that we're going to see ccm setup running on this device and that was essentially initiated from the site server from the ccm component so if you ever had machines that were failing to get client push common reasons could be firewalls maybe dns issues the component on the site server that you would monitor would be that ccm.log because that's going to be the client component involved in client push all right next one we'll look at is collection evaluator so let's go over to our device collections we do have a couple here so whenever a collection updates whether it's from a uh scheduled so if you have like a daily schedule for it to evaluate or weekly or something like that or whether you come in here and click update membership col eval on the site server is going to be the component that is actually responsible for checking the different queries and collection evaluations to see whether or not there's any new devices that meet the thresholds so for example we can see when i went and clicked in to update the membership we can see that a file got dropped into the col eval dot box within that inboxes folder and then we can see it actually evaluating so for example we can see that this collection here for 0015 we can see it took about a tenth of a second or so to update based on the the the query that we had so if we go and find 0 15 i'm just curious what collection that would be this one right here so that collection took you know less than a tenth of a second to update so this is where you know if you do have a ton of collections if you have a lot of devices and you're using things like complex queries you're often going to find like if you did get into a state where collections were sitting here spinning for a long time this would be the log file that you would essentially evaluate to see whether or not there's any problematic collection so maybe you have a very complex query rule that is not optimized very well sometimes certain collections that aren't are running very uh sql intensive queries could cause some holdups in other collections evaluating so one tool that you can use is call eval viewer it's a tool available from i think it's actually in the tools folder natively in recent builds of config manager let's just take a look and just see if that's that's actually here i think it's server tools here we go um yeah so ce viewer this is where you can view collection evaluators so a lot of what this is going to do is connect to the database and show different collections evaluating but essentially it's going to be a lot of what coal eval is doing in the background is going to be the type of data that you see here so you know if you did have issues where you have collections maybe very aggressive from an evaluation perspective you're probably going to get very familiar with the col eval on the site server for monitoring anything that you could potentially optimize all right next one let's take a look at the data loader component so if we come back to our log files this one can actually be somewhat problematic if you're in a large environment you're probably going to be pretty familiar with the data loader log so this component on the site server is responsible for processing hardware inventory into the database so for example maybe if you had a very aggressive hardware inventory cycle just maybe you didn't understand how it actually worked um maybe you had it every hour or so i've seen all kinds of different configurations when i was at pfe where you know people may have hardware inventory running like every couple minutes for example and if you have a lot of devices that can put a lot of stress on the database and particularly the component that would be involved in processing all the inventory would be dataloader.log so let's do this let's actually come into our registry and we're going to go look at the dataloader component see if i can find that one here here we go so data discovery manager so what i'm going to do let's come back i'm actually in the wrong key here let's go back to our components there we go data discovery manager so um in this key under components sms executive and threads i'm going to say i want the requested operation to be stop so what that's going to do that's going to stop that component that's running under the executive so for example this is essentially the same thing as if i were to come into the discovery data manager and if i click query this just takes a second to load up we can see that's now stopped but that registry key was essentially the same as me coming in here and clicking stop it's going to stop that component which is ultimately going to be processing hardware inventory so what i'm going to do over here on this client hopefully it's done installing it looks like it is is i'm going to initiate a hardware inventory cycle and what we're going to see here on the client side is the inventory agent is going to kick in and then it's going to start processing hardware inventory which is essentially looking at things like adam remove programs things like system memory hardware pretty much anything that you see if you come into your device and if you right click and show resource explorer let's just take a look start resource explorer anything that you're looking at here would be coming from hardware inventory right so installed applications looking at the disk data all the hardware details you get here even though it's kind of confusing you some people you know you may think it's like software inventory but that's totally different the installed applications actually comes from hardware inventory so what's going to happen this is going to process the inventory file xml we can see that it then got sent up to our management point on the client side we can see it got sent up and then what's going to happen let's go ahead and look at our site server if we look back at our inboxes under the auth folder and then the data ddm.log let's just see if we can find this coming in in a second and then we can see it looks like i actually stopped the wrong component we can see that it did process that hardware inventory file that got in the dataloader.box let me just try to close out the data loader process as well so i'm just going to set that to stop just take a look here okay so that's the component that i actually wanted to stop so let's go ahead and trigger another hardware inventory cycle on the client side and what we'll see is we can attempt to see like when this hardware inventory file gets sent up to the site server if that component is stopped we should be able to actually see the file within the inbox on the site server because the component that processes that on the site server into the database we actually stopped it so we'll take a look give that some time and come back all right here we go so now that that process is actually stopped we can see we actually have the miff file so this is the format of file for hardware inventory so for example we can actually see some of this data in clear text when it gets sent up so we can see that showing up here we can see all the different inventory files like the programs and things like that so what will happen now if i go in and start that component so let's make it a start that's going to start up the inventory loader we can see that it detected that myth file that was waiting to be processed ultimately what happens when it processes it it moves it from the dataloader.box on the site server and then it moves it into the process folder for dataloader.box and then that's going to be what ultimately is going to have that component process those values into the database and then that's going to be what you actually then see within resource explorer because that's going to be looking at the database but that's the data loader component and that's essentially the responsibility would be for processing hardware inventory files so we can see that this one right here this one actually just got processed when we started up that component all right so next up let's take a look at dist manager and then package transfer manager so these two are going to be pretty big ones that you're probably be troubleshooting if you're in config manager admin quite a bit so if you ever have like a package that's stuck like in in processing or some something like that there's a good chance that data transfer manager or disk manager and package expert manager these are probably going to be the logs that you look at so i'm going to go ahead and open both of these and i'm going to go ahead and merge them so what i'm going to do to actually kick this off is we don't currently have any applications or things that we could distribute in here today so i'm just going to quickly create a new app just using our service over here on the site system so under config manager apps i'm just going to say i want google chrome apply that now the content distribution what we're going to do is within our patch my pc tool we're telling any new apps to go to the all distribution point group so what's going to ultimately happen let me go ahead and run a sync when this pack or when this application goes out and we create it it's going to automatically put it out to the distribution point and that's going to be where we can see it actually getting processed here in a second so we can see it's now creating the app in sccm you can see it downloading the content but this is the big thing that comes into play it's going to be where the package source is because this is where package expert manager is actually going to get the content so we can see it just created the app if i come back in and refresh i can see i have patched my p or google chrome from our tool and we can see it's pending so what that means is here in a second once the inbox for disk manager gets the file that we then distributed it we should see a lot of things kind of kicking in here within this log there we go so we can see let me just pause it for a second to see what's going on so here we can see it picked up the new content file that we detected we need to distribute taking a snapshot so this is a big piece of what's going to be happening here whenever you have a new app or software update deployment package the disk manager is going to take a snapshot of the source folder and this is going to be what goes into the content library so on your site server this is also one of the the really key components of the site server is there's this thing called the content library so that's going to exist here and this is where all the files that you have within applications packages software update content pretty much any binaries that you have that you're distributing they all get stored in the content library on the site server first and then if you have remote distribution points it would be the package expert manager that actually grabs it from the content library on the site server and then distributes it now there's a few exceptions there if you did have pool distribution points for example it could potentially pull it from another distribution point that has the content already but basically what we can see here is it took the snapshot here's where it actually processed some policy in here let's go ahead and unpause this for a second there we go so this is where we can see that since we had the all distribution points group we can see it's starting to distribute it to that remote distribution point because that was part of that group we can see things happening here and this is the big piece for package expert manager so this is the other component and this is what actually copies the binary files from the site server content library into the remote distribution point so we can see it actually writing the bits into here and this is pretty verbose i don't know if you would see this level of content for each individual byte that we're writing if you have normal logging on so you can see it then sent all the files so this this one here that's 65 meg there's probably a good chance that if we look at the content here that's probably the google chrome msi i think that's about the same size yep so right about 70 meg or so um so that piece right there is likely the msi so you can see just a lot of things going on so if you ever had like apps or packages that were showing up as felled or in progress there's a good chance that you'd be looking at both the disk manager log as well as the package expert manager and both of these components would be on the site server and they would be responsible for pushing that content out remotely okay hman is also a big one so let's come back to our log files and find that one so h man let's open that up so the this component is responsible for publishing site configurations to active directory so for example things like boundaries and boundary groups um this would be the component that would actually publish them into a d and that's what clients could look at to actually get that type of data so let's just make let's just see if we can actually get this component to do something here um okay let's just see if we do that and let's try to add it to a boundary group let's just see if this h-man actually picks up and starts publishing any of this site data that we added to active directory yep so we can see the component so just a couple seconds ago we can see that it updated different information in active directory so this would be essentially writing to that system management container you can learn more about that in the setup video that i did the first video in in this guide of series um that basically talks about how the system management container works in active directory and how that gets written to you but this is essentially the component that's going to write the boundary group data to let clients know about different config manager sites if you're using an automatic client push and just letting it look to a.d to determine what site it should be a part of all right so the next one this is this is probably one of the more common logs that i would look at when i was a pfe um would be the site comp.log so one thing to note about the site comp or site component manager this is actually not a thread of sms executive so this is actually running its own windows service and this component is purely responsible for installing remote site system details and checking remote site systems so for example to actually have this log file kick in let's go look at sitecom.log all right so let's take a look and let's just see if we have any uh roles that we can add to this remote site system so let's go ahead and do add just see if we can find something that would be interesting to add here okay let's just do a fallback status point that should be a pretty basic one i don't think i'm going to need a lot of configurations for that and then we'll do next here so when we went and said we want to add this new role on this remote site system what's ultimately going to happen is the site system or site comp component we can see it kicking in here so we can see in the site control dot box we detected a new file and this this component is going to kick in and it's going to say hey somebody went in and they added a new site system role to a remote site system so for example let's just kind of look through this log this is where we can see that it's connecting to the admin dollar sign of the remote server so a lot of times on that remote site system let's go ahead and look in get local users and groups a common error that you might see in site comp is if you didn't have the site server computer as local admin or if you didn't have the wmi ports enabled you would often see errors in this log that says something like failing to connect so what we're going to see is it should copy some binaries over to that remote site system and we're just getting a ton of data here so here's where we can start to see it connected to c dollar sign sms it's copying a couple of different files in here like this guy here so this is likely one of the binaries that starts the roll uh here's the role setup so it's going to copy the role setup.xd over there so if we actually remote in and we look at that site system we should see the sms folder on the root of c it looks like for this device and this is where we can actually see a lot of the data that's that's being copied remotely from the site server so let's just see if we can find where it actually kicks off the setup here so here's where it's installing some pre-requisites if needed and this is where it's actually triggering the remote install on the site system so we can see that it's running sms ben x64 roll setup and it's got a parameter of sms fsp for the fallback status point so if we were to come over to there and we look at bin x64 role setup this is essentially the binary that got copied and executed from the site server to that remote site system that told it to install the fallback status point now if we come back into our logs we can see the fspmsi.log so this is the fallback status point this is the actual log file that's getting installed from site comp that triggered on the site server that's being installed on this remote site system so for example if you ever had like a site system role fell you would probably be looking at the actual logs from that remote server on that machine okay and that's that's a good amount of some of the core things going on here there are a couple of other pretty common components that i had highlighted here so things like state sys this would be responsible for processing state messages which would be things like software update compliance would come via state messages so state sys can definitely be a good log file to kind of monitor like if you ever see machines maybe not reporting in update compliance sometimes if that gets too overloaded you may see some some errors in the state sys log so that's another big one primarily around software updates and processing state messages that come back from clients so that can be a good thing to know about just some of the basics get familiar with that log file but outside of that i think that that covers a lot of the big ones that i wanted to talk about the sms provider this one's pretty common um for most environments the sms provider is generally installed on the site server but that's not a requirement so for example within our lab just because it was already set up like this the sms provider is in fact on our site server but it doesn't necessarily have to be you could set up a provider on a remote site system and then the only other component that we did have that could potentially be remote here is the site system database so i won't go too deep into that because they're not necessarily required to be on the site server but the provider generally is and that's basically anything that you do in the console that's going to be going through the provider which essentially talks to the database so you know if we come in here and we look at the properties of this application we're going to see that log gets quite busy and it's going to be showing what's happening in the console and how that's interacting with the database when we go and click different options so it's usually on the site server definitely a good one to know about but doesn't necessarily have to be sometimes for large environment they might try to offload the provider into a remote site system just dedicated for that for example okay and then probably the other common ones that would be on the site server are things like wcm.log so the wcm component this is responsible for connecting to your software update points to configure ws on them so let's just see if we can kind of make this one kick in for a second so let's just do stop so we can see that then shut down and if we go ahead and start it oh that's not it start we can see it kicked in now in our case we only have one software update point so if we look in our site we can see that our remote site system is running that sup so if there were ever issues like maybe the wsus server was offline for example this is the log file that you would actually see a lot of errors in so let's let's just try to simulate an issue for example i'm going to go ahead and power down the site system so that's the one running our software update point or wsus component essentially so if i were to come in and let's go ahead and stop that again just to make this happen faster usually i think it's every hour it goes and tries to connect let's start it back up what we're likely going to see now is it's going to fail to connect to that remote server here in a second there we go so we can see when we started that component back up that wcm on the site server was unable to configure or connect to that remote ws server because it's now turned off so this is a pretty common log where if you are having issues where your ws servers may be unhealthy maybe the service is stopped maybe iis is broken maybe the servers are off you're likely going to see this component on your site server have a lot of errors in it so if we go ahead and stop that now that we're powering it back up start it again as long as that server's had time to boot up we should see that it now connects successfully so we can see that it is currently pending the config but we didn't get any errors so far and another one there we go so we can see it's successfully connected now so this is a pretty common one another one around updates is the wsync manager log now even if your software update point is on a remote ws server when you come in here and do something like trigger a software update point sync the component that actually monitors the process even of those remote subs is going to be the wsync manager component so we can see that it was woken up by an inbox drop so basically when i click sync now that dropped a file into the inboxes on the site server under the wsync manager box that actually said hey i need to go trigger a software update point sync and here in a second we'll actually see in the wsync manager log we'll see the status of that kick in so it's currently going to be pending for that wcm configuration so it's going to take one minute whenever it connects in before it can actually run a sync just because we started up that that thread wcm so once that kicks in that one minute we should see it go away and then we should also see wsync manager start to trigger a sync for ws to windows updates for example there we go so we can see the config config completed and right at that time once it was done configuring it it then said hey i can go ahead and sync my updates for that wss server now within the actual remote site system running ws there is a couple of logs that will also be running oh looks like i'm on the client let me connect into site system there we go and on the remote site system there's a couple of log files that you see kind of related to ws so under logs you can see wsus control that just kind of checks to make sure that the config manager component running the software update point can connect successfully to the local wsus server so from an admin perspective you're probably looking less at this log as well as the sub setup which will just show the software update being installed probably most of your time will be on the site server and actually looking at either wcm and or wsync manager because that's going to be kind of the health of those remote software update points especially if there's multiple that's where you're going to see all that going on all right so i think that really covers most of the big ones that i wanted to look at today so there's definitely some components that i didn't cover so this was not an all-encompassing video of hey this is every specific thing the site server does but hopefully with this video you can kind of understand how these different threads run under the executive service and you know hey if i want to go learn more about what these different components are doing under the executive service on the site server i can at least go into the documentation i can get some basic descriptions of that and i know where the log files are and how to kind of dig in to see what's going on on the back end when that site server is performing different actions either to the database or whether it's ccm pushing the client out to remote systems hopefully it just helps you understand kind of what that core site server is doing within a site and hopefully it was helpful and want to thank you for watching
Info
Channel: Patch My PC
Views: 4,518
Rating: undefined out of 5
Keywords:
Id: JhTVuELGayk
Channel Id: undefined
Length: 46min 31sec (2791 seconds)
Published: Tue Dec 08 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.