SCCM CMG Setup Guide – Part 6 | Validate CMG Health & Client Communication

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager client over internet.

In the previous posts we discussed about CMG prerequisites, server authentication certificate requirement for CMG, client authentication certificate reqiurment, SSL configuration for ConfigMgr site , ConfigMgr site integration with Azure Active Directory and CMG setup and client settings.

In this post, we will discuss about validating Cloud Management Gateway services and client communication.

Post in this series:

• Part 1 | Cloud Management Gateway (CMG) Setup Guide
• Part 2 | Issue, Enroll & Export Server Authentication Certificate
• Part 3 | Configure SCCM Site for SSL
• Part 4 | Integrate Azure Active Directory with ConfigMgr
• Part 5 | Setup Cloud Management Gateway
• Part 6 | Validate CMG Health & Client Communication

Check CMG Status

Go to Administration > Cloud Services > Cloud Management Gateway and check the following

• CMG service status is Ready
• Select Connection Points tab at bottom of console and check if Connection Point status is Connected

While CMG service name is selected, click on Connection Analyzyer

Simulate the testing for Azure AD user

• Sign in with Azure AD user
• Click on Start to test the connections

Simulate the testing for SCCM client

• Select Client certificate
• Click on Browse and select Client Authenication Certificate
• Click on Start to test the connections

Check Client Policy

Verify that client has recevied the internet based management URL. Client should receive the policy while on intranet.

• On the client connected to Intranet, go to Configuration Manager client properties > network tab
• Verify that CMG service name is visible in Internet based management point option

Check if Clients Communicating from Internet

Perform below check for the machines which are connected to Internet. Client must have received Internet based management URL to be able to communicate with CMG.

• Go to SCCM console > Devices
• Add the Device online from Internet and Device online Management Point column

• If client is able to communicate through CMG, you can see the CMG management point URL

If you want to see the list of all machines which are online from Internet, you can quickly apply below critera.

Check CMG Role EndPoint Status

Go to Administration > Cloud Services > Cloud Management Gateway, select CMG Service Name and select Role Endpoint tab at bottom of screen.

You will see the communication status for Management Point and Software Update Point for CMG. You can see total number of requests in last 30 days. When configured a new CMG, the number of requests can confirm that client are able to communicate with SCCM via Cloud Management Gateway.

Monitor CMG Health from Monitoring > Cloud Management

You can also monitor Cloud Management Gateway health from ConfigMgr console Monitoring > Cloud Management pane. This dashboard shows the details such as client online from Cloud Management Gateway / Intranet Management Point, CMG traffic in last 30 days, Client online trends in last 30 days.

Related posts:

• Configure Management Point for HTTPS | ConfigMgr | SCCM
• Configure Software Update Point for SSL | ConfigMgr | SCCM
• Deploy client authentication certificate for SCCM clients
• SCCM CMG Part 1 | Cloud Management Gateway (CMG) Setup Guide
• SCCM CMG Part 2 | Issue, Enroll & Export Server Authentication Certificate
• SCCM CMG Part 3 | Configure SCCM Site for SSL
• SCCM CMG Part 4 | Integrate Azure Active Directory with ConfigMgr
• SCCM CMG Part 5 | Setup Cloud Management Gateway
• SCCM CMG Part 6 | Validate CMG Health & Client Communication
• Location of smsts.log file during Operating System Deployment (OSD)
• Schedule SCCM Client Reboot through ConfigMgr
• Check Software Center Business Hours of Remote Computer
• SCCM Software deployment strategy
• How to deal with wrong deployment in ConfigMgr
• How to Initiate SCCM client agent actions using PowerShell