PENDING SCCM 2012 GPO Reporting Compliance issue

[Aljazair]

I try to check GPO Compliance Reporting (under Reports> Compliance and Settings Management> Summary Compliance of a configuration baseline for a collection).
I use Security Compliance Manager 3.0 to export GPO and follow this guidance for monitoring the GPO Items, and starts to monitoring them.
In summary, I've got 2 Compliant Items (Computers) in the compliant collections and I click the number to get the specified items that detected as complied. (pict1: prntscr.com/b8zw1y )

Compliance state of Detail Items is right. They're detected as Compliant. (pict2: prntscr.com/b8zwof )

I click again on the device name Item (7IDLPBEEXB) and get the detail of Group Policy Object

Some of Group Policy Object Compliance State detected as "Not Detected". Only 3 Items detected as Compliant (pict3: prntscr*com/b8zx39 )


I was found in here (5th Qs) that some configuration cannot exported by SCM. If my GPO settings cannot exported by SCM, why it shown as 'not detected', not 'not defined' or 'not configured'?


Regards,

Aljazair.

 

[Aljazair]

I was working again with this issue.

based from this referrence (https://technet.microsoft.com/en-us/library/hh427342.aspx), I'm only found one log (that's DcmWmiProvider.log)

[FONT=Georgia, Times New Roman, Times, serif]Log attached below (log extension changed from .log to .txt).[/FONT]



An I got some referrence about this log.
in this reference (https://technet.microsoft.com/en-us/library/gg682180.aspx) said that I should enable File and Printer Sharing from the firewall.

I was check the client's firewall, and all Client's firewall (domain, private, public) was turned off.

Can you help my issue?
Is it possible that compliance check was blocked by other rule (not only File and Printer Sharing options in firewall)?

 

[Prajwal Desai]

After viewing the log file, i see this issue is related to WMI.

<![LOG[Failed to retrieve WMI object[CCM_Script_Setting_Synclet.ID='CCM_Script_Setting_Boolean']. May be invalid path
Not found (Error: 80041002; Source: WMI)]LOG]!><time="14:18:31.042-420" date="06-08-2016" component="ScriptProvider" context="" type="3" thread="6196" file="cibase.cpp:721">

<![LOG[Failed in discovering instance.
Not found (Error: 80041002; Source: WMI)]LOG]!><time="14:18:31.042-420" date="06-08-2016" component="ScriptProvider" context="" type="3" thread="6196" file="cibase.cpp:524">

I suggest you try rebuilding WMI on one of the client machines using the below steps -

To repair the local WMI repository in Windows:

1. Open an elevated command prompt
2. Type net stop winmgmt and hit Enter. This stops the WMI service. (Side note: I’ve had instances where the WMI service is unable to stop after running this command. If this is the case, open the Services applet and set the Windows Management Instrumentation serviceStartup Type to Disabled and reboot the computer before proceeding)
3. Use Windows Explorer to navigate to: %systemroot\system32\wbem
4. Delete or rename the Repository folder (I usually like to add .old to the end of the folder name, so Repository.old)
5. Return to the elevated command prompt and enter: net start winmgmt (Set the Startup Type back to Automatic for the WMI service first if you disabled it previously)
6. Enter: cd /d %windir%\system32\wbem
7. Re-register the dlls by entering: for %i in (*.dll) do RegSvr32 -s %i
8. Reboot the system

Post then check this link - https://social.technet.microsoft.co...led-not-enabled?forum=configmanagerdeployment

 

[Aljazair]

it doesn't work for repairing WMI repository, Prajwal

I was read this refference, that WMI remote use port 135. Is it possible if that port was blocked or modified by administrator?
If that's possible for administrator to modify the port, How can I modify too the port used in SCCM? Is the configuration needed in SCCM for using WMI which the port was modified?

Tons of thanks for your response

 

[Aljazair]

Anyone can help me?