Share via

How CMPivot works?

Sergi Díaz Ruiz 245 Reputation points
2024-08-06T10:14:24.1+00:00

Hi to all,

I want to understand how cmpivot works...

I launched query to 229 devices..

4 are offline and I have been returned 200 objects and 0 errors.

229-(200 + 4) = 25

Where are the other 25?

How it works? If they are online, the queries are live so... If we don't have errors... Is related with WMI device? On target device.

I don't know if you understand me as well...

Regards,

Microsoft Security | Intune | Configuration Manager | Other
0 comments

Answer accepted by question author

glebgreenspan 2,260 Reputation points
2024-08-06T13:07:49.0166667+00:00

Hello Sergi

What is cmpivot?

cmpivot is a powerful tool within Microsoft Endpoint Manager (formerly known as Intune) that allows you to perform live queries against devices enrolled in your environment. It retrieves real-time data from devices by querying the data that is available through the Configuration Manager client.

Understanding Your Query Results:

  1. Total Devices Queried: You initiated a query against 229 devices.
  2. Devices Offline: You noted that 4 devices are offline. This means these devices could not be reached at that moment and therefore did not participate in the query.
  3. Received Objects: You received 200 objects in response to your query, with 0 errors reported. This indicates that the query was successfully executed against these 200 devices.

Calculation of Missing Devices:

Your calculation of the missing devices is as follows:

  • Total devices: 229
  • Devices offline: 4
  • Devices that returned results: 200
  • 229 - (200 + 4) = 25

This means you have 25 devices that did not return any results but are not accounted for as "offline." The whereabouts of these 25 devices can be due to several reasons:

Possible Reasons for the Missing 25 Devices:

  1. Devices Are Online but Not Responsive:
    • The devices might be online but are not responding to the query for some reason. This can occur if the Configuration Manager client is malfunctioning or if there are issues with WMI (Windows Management Instrumentation) on the target device.
    1. Clients Ignoring Queries:
      • The Configuration Manager client might be misconfigured. If the client is set to ignore cmpivot queries or similar requests, they won’t return results even if they are online.
      1. Client Health Issues:
        • Some of the devices might have health issues that prevent them from processing requests successfully. You might want to check the client health status or logs on those devices.
        1. Permissions/Policies:
          • There could be permission issues or endpoint security policies that restrict the query requests. Ensure that the Configuration Manager client and endpoints are correctly configured to accept queries from cmpivot.
          1. Filtering and Query Logic:
            • It’s also worth verifying the query itself. If there are conditions in your query that aren't met by those 25 devices, they won’t return entries even if they are online. Check the logic and filtering in your query.

How cmpivot Queries Work:

  • cmpivot queries are sent to devices via the Configuration Manager client, which retrieves data from WMI, registry, and file system on those devices at query time.
  • The devices respond with available data that match the criteria set in the query.

Steps to Investigate Missing Devices:

  1. **Check Client Health:**Use the Configuration Manager console to review the health and status of the clients you suspect are having issues.
  2. **Client Logs:**Examine the logs on the client devices (e.g., WMI, ClientIDManagerStartup.log, ExecMgr.log) for any errors that occurred during the query time.
  3. **Manual Reachability:**Try to ping the devices or access them directly to confirm they are responsive.
  4. **Review cmpivot Logs:**If you have access to the cmpivot logging, ensure there are no other underlying issues related to the query. What is cmpivot? cmpivot is a powerful tool within Microsoft Endpoint Manager (formerly known as Intune) that allows you to perform live queries against devices enrolled in your environment. It retrieves real-time data from devices by querying the data that is available through the Configuration Manager client. Understanding Your Query Results:
    1. Total Devices Queried: You initiated a query against 229 devices.
    2. Devices Offline: You noted that 4 devices are offline. This means these devices could not be reached at that moment and therefore did not participate in the query.
    3. Received Objects: You received 200 objects in response to your query, with 0 errors reported. This indicates that the query was successfully executed against these 200 devices.
    Calculation of Missing Devices: Your calculation of the missing devices is as follows:
    • Total devices: 229
    • Devices offline: 4
    • Devices that returned results: 200
    • 229 - (200 + 4) = 25
    This means you have 25 devices that did not return any results but are not accounted for as "offline." The whereabouts of these 25 devices can be due to several reasons: Possible Reasons for the Missing 25 Devices:
    1. Devices Are Online but Not Responsive:
      • The devices might be online but are not responding to the query for some reason. This can occur if the Configuration Manager client is malfunctioning or if there are issues with WMI (Windows Management Instrumentation) on the target device.
    2. Clients Ignoring Queries:
      • The Configuration Manager client might be misconfigured. If the client is set to ignore cmpivot queries or similar requests, they won’t return results even if they are online.
    3. Client Health Issues:
      • Some of the devices might have health issues that prevent them from processing requests successfully. You might want to check the client health status or logs on those devices.
    4. Permissions/Policies:
      • There could be permission issues or endpoint security policies that restrict the query requests. Ensure that the Configuration Manager client and endpoints are correctly configured to accept queries from cmpivot.
    5. Filtering and Query Logic:
      • It’s also worth verifying the query itself. If there are conditions in your query that aren't met by those 25 devices, they won’t return entries even if they are online. Check the logic and filtering in your query.
    How cmpivot Queries Work:
    • cmpivot queries are sent to devices via the Configuration Manager client, which retrieves data from WMI, registry, and file system on those devices at query time.
    • The devices respond with available data that match the criteria set in the query.
    Steps to Investigate Missing Devices:
    1. **Check Client Health:**Use the Configuration Manager console to review the health and status of the clients you suspect are having issues.
    2. **Client Logs:**Examine the logs on the client devices (e.g., WMI, ClientIDManagerStartup.log, ExecMgr.log) for any errors that occurred during the query time.
    3. **Manual Reachability:**Try to ping the devices or access them directly to confirm they are responsive.
    4. **Review cmpivot Logs:**If you have access to the cmpivot logging, ensure there are no other underlying issues related to the query.

Was this answer helpful?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.