Troubleshooting MEM deployed PowerShell Scripts
When you’re setting up configuration profiles and PowerShell scripts for MEM (formerly known as Intune) then you might sometimes face an issue where PowerShell scripts fail to be deployed onto the client.
To see what went wrong you don’t have any options in MEM itself, but on the client there is a trick I want to show you.
Powershell scripts are downloaded, deployed and report back their status via the Microsoft Intune Management Extension. This program keeps track of the Powershell scripts and new versions and captures the output and result of the PowerShell scripts created in MEM.
This information is captured in the registry and is very valuable because it allows you to see exactly what’s wrong with the script so you can remediate these errors.
The registry hive to look for is:
This hive contains all the policies, which are basically all the scripts that are being pushed to the client. Every script has it’s own identifier which corresponds with the scripts you will find once you disable the option “recycleScripts”.
Now to start troubleshooting your scripts you’ll need to change the configuration of the Microsoft Intune Management Extension. Now don’t worry that your not doing anything unsupported, it’s just changing the behaviour of the extension 😉
To change the configuration simply open the following file in Notepad (or any other text editor):
C:\Program Files(x86)\Microsoft Intune Management Extension\Microsoft.Management.Services.IntuneWindowsAgent.exe.config
You will need to change the setting recycleScripts to false as shown in below screenshot:
This will prevent the service to delete the scripts as soon as they are processed.
The next thing you will need to do is set any scripts that have Result set to Failed to reset it’s download and run statistics.
This can be done by emptying the following keys: DownloadCount, ErrorCode, Result and ResultDetails. This will ensure that the scripts get downloaded and the process of applying them starts from scratch.
After you’ve changed these values it’s time to restart the Intune Management Extension so it will download the scripts, open Task Manager and go to the Services tab.
Here you will find the Intune Management Extension which you will need to restart.
After you’ve done these things it’s time to have a look inside the Scripts folder:
C:\Program Files(x86)\Microsoft Intune Management Extension\Policies\Scripts
All the scripts that are going to be processed will be placed here and won’t be deleted because you’ve told the Management Extension to not do that 😉
To see which scripts failed to be processed you will need to look at the policies with the Result value of “Failed’ and the ResultDetails will show you exactly what went wrong.
In the case of the script below it didn’t run properly because there where incorrect characters in the script. Removing those characters from the script solved my problem!
Now as you can see this makes it a lot easier to troubleshoot your scripts.
This ends my blog, if you have any questions do not hesitate to post a comment below.