SCCM (MECM) RAS Assessment – Comprehensive Checklist
1️⃣ Site Infrastructure & Core Health
✔ Site Server Component Status
-
Site component errors & warnings
-
SMS_EXECUTIVE, SMS_SITE_COMPONENT_MANAGER
-
Site System Status (green/yellow/red)
✔ Inbox & Backlog Health
-
Inbox folders backlog (auth, distmgr, statmgr, hman, replmgr)
-
File age vs processing delay
✔ Status Message Configuration
-
Status message interval settings
-
Backlog in statmgr.box
-
State message processing delays
✔ Maintenance Tasks Status
-
Enabled / disabled tasks
-
Cleanup discovery data
-
Delete aged status messages
-
Rebuild indexes
-
Summarize software metering
-
WSUS cleanup (SUP)
2️⃣ SQL & Database Health (Critical for RAS)
✔ SQL Database Health
-
CM_<SiteCode> database status
-
SUP (WSUS) database performance
-
Data & log file growth configuration
-
Auto-growth & free space
✔ SQL Performance
-
CPU, Memory, Disk latency
-
TempDB configuration
-
SQL max memory setting
-
Blocking & long-running queries
✔ SQL Replication & Change Tracking
-
Replication health (rcmctrl.log)
-
Change Tracking backlog
-
SQL Broker status
-
Replication link analyzer output
✔ Index & Statistics Health
-
Fragmentation %
-
Index maintenance jobs
-
Statistics update status
3️⃣ Upgrade, Version & Compatibility
✔ Current SCCM Version
-
Baseline vs latest hotfix
-
Unsupported versions
-
Console version consistency
✔ Site Server & Site System Compatibility
-
OS version support
-
SQL version support
-
ADK / WinPE compatibility
-
TLS / .NET version compliance
✔ Upgrade Readiness
-
Prerequisite check warnings
-
Custom SQL modifications
-
Unsupported features in use
4️⃣ Client Health & Discovery
✔ Discovery Configuration
-
AD System/User Discovery
-
Boundary & boundary group alignment
-
Duplicate records
✔ Client Health
-
Active vs inactive clients
-
Client activity (7/14/30 days)
-
Client version consistency
-
Client remediation status
✔ Duplicate & Inactive Devices
-
Duplicate GUID / Hardware ID
-
Stale discovery records
-
Cleanup policies
5️⃣ Inventory & Compliance
✔ Hardware Inventory
-
Inventory cycle success rate
-
Inventory backlog
-
Corrupted MIF files
✔ Software Inventory
-
Enabled/disabled evaluation
-
Performance impact
-
Inventory class optimization
✔ Inventory Data Completeness
-
% reporting hardware inventory
-
% reporting software inventory
6️⃣ Patching & Update Compliance
✔ SUP / WSUS Health
-
Sync success & duration
-
Declined/expired updates
-
WSUS cleanup effectiveness
✔ Patch Compliance
-
Compliance vs non-compliant devices
-
Unknown compliance devices
-
Scan failure root cause
✔ Deployment Health
-
Update deployment success/failure
-
Maintenance window conflicts
7️⃣ Content, Distribution & Delivery
✔ Content Distribution
-
Distribution failures
-
DP content validation status
-
Retrying content vs stuck packages
✔ Distribution Points
-
DP role health
-
Client count per DP
-
Disk usage & free space
-
PXE / Multicast (if enabled)
✔ All Content Status
-
Application, Package, Driver, Image
-
Distribution vs deployment mismatch
✔ Delivery Optimization
-
DO enabled policies
-
Peer cache usage
-
Bandwidth savings tracking
8️⃣ Collections & Evaluation
✔ Collection Design
-
Query vs direct collections
-
Limiting collection best practices
-
Nested collection depth
✔ Collection Evaluation
-
Full vs incremental evaluation
-
Long-running collections
-
Evaluation backlog
9️⃣ Reporting, Dashboards & Customizations
✔ SSRS Health
-
Report server availability
-
Performance of reports
✔ Custom SSRS Reports & Dashboards
-
Unsupported SQL queries
-
Direct DB queries impact
-
Report usage relevance
✔ Scripts & CI Baselines
-
Scripts approval governance
-
Execution frequency
-
Compliance baseline performance
🔟 Cloud & Modern Management
✔ CMG Status
-
Service health
-
Traffic & client load
-
Certificate expiry
-
Cost monitoring
✔ PKI Infrastructure
-
Client auth certificates
-
DP & MP certs
-
Expiry & renewal process
✔ Co-Management Configuration
-
Workload split (Intune vs SCCM)
-
Device eligibility
-
Policy conflicts
1️⃣1️⃣ Roles & Scale Validation
✔ Management Points
-
Client count per MP
-
MP response time
-
IIS health
✔ Distribution Points
-
Client count per DP
-
DP performance under load
✔ Secondary Sites
-
Justification & necessity
-
Replication health
-
Alternatives (DP groups)
1️⃣2️⃣ Security & Governance (Often Missed 🚨)
✔ RBAC & Security
-
Admin role review
-
Least privilege compliance
✔ Auditing
-
Script execution auditing
-
Change tracking
✔ AV / EDR Exclusions
-
SQL & SCCM folder exclusions
-
Real-time scan impact
📌 RAS Assessment Output (What Microsoft Expects)
For each item, capture:
-
Current State
-
Risk Level (Low / Medium / High)
-
Impact
-
Recommendation
-
Effort to Fix
💡 Architect-Level Tip (Interview / Assessment)
RAS SCCM assessment focuses on site stability, SQL health, client manageability, content delivery efficiency, patch compliance accuracy, and cloud readiness, while validating scalability, security, and upgrade readiness against Microsoft best practices
No comments:
Post a Comment