SCCM CMG Setup Guide – Part 6 | Validate CMG Health & Client Communication

The cloud management gateway (CMG) provides a simple way to manage Configuration Manager client over internet.

In the previous posts we discussed about CMG prerequisites, server authentication certificate requirement for CMG, client authentication certificate reqiurment, SSL configuration for ConfigMgr site , ConfigMgr site integration with Azure Active Directory and CMG setup and client settings.

In this post, we will discuss about validating Cloud Management Gateway services and client communication.

Post in this series:

Part 1 | Cloud Management Gateway (CMG) Setup Guide
Part 2 | Issue, Enroll & Export Server Authentication Certificate
Part 3 | Configure SCCM Site for SSL
Part 4 | Integrate Azure Active Directory with ConfigMgr
Part 5 | Setup Cloud Management Gateway
Part 6 | Validate CMG Health & Client Communication

Table Of Contents

Post in this series:
Check CMG Status
Check Client Policy
Check if Clients are Communicating from the Internet
Check CMG Role Endpoint Status
Monitor CMG Health from Monitoring > Cloud Management
Related posts:

Check CMG Status

Go to Administration > Cloud Services > Cloud Management Gateway and check the following

CMG service status is Ready
Select the Connection Points tab at the bottom of the console and check if the Connection Point status is Connected

SCCM CMG Connection Analyzer | Validate CMG Health

While the CMG service name is selected, click on Connection Analyzer

Simulate the testing for the Azure AD user

Sign in with an Azure AD user
Click on Start to test the connections

Simulate the testing for the SCCM client

Select Client certificate
Click on Browse and select Client Authentication Certificate
Click on Start to test the connections

Check Client Policy

Verify that the client has received the internet-based management URL. The client should receive the policy while on the intranet.

On the client connected to the Intranet, go to Configuration Manager client properties > network tab
Verify that the CMG service name is visible in Internet Internet-based management point option

Check if Clients are Communicating from the Internet

Perform below checks for the machines that are connected to the Internet. The client must have received Internet based management URL to be able to communicate with CMG.

Go to SCCM console > Devices
Add the Device online from the Internet and the Device online Management Point column

If the client is able to communicate through CMG, you can see the CMG management point URL

If you want to see the list of all machines that are online from the Internet, you can quickly apply below criteria.

Check CMG Role Endpoint Status

Go to Administration > Cloud Services > Cloud Management Gateway, select CMG Service Name, and select the Role Endpoint tab at the bottom of the screen.

You will see the communication status for the Management Point and Software Update Point for CMG. You can see the total number of requests in the last 30 days. When a new CMG is created, the number of requests can confirm that clients are able to communicate with SCCM via Cloud Management Gateway.

Monitor CMG Health from Monitoring > Cloud Management

You can also monitor Cloud Management Gateway health from the ConfigMgr console > Monitoring > Cloud Management pane. This dashboard shows the details such as client online from Cloud Management Gateway / Intranet Management Point, CMG traffic in the last 30 days, Client online trends in the last 30 days.

SCCM Cloud Management Traffic monitoring

Tags: CMG

Subscribe to Techuisitive Newsletter

Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.