First of all, thank you for giving me an opportunity. My name is Ashok. I'm from Andhra Pradesh.

I am having almost, close to 7 years of experience. When it comes to the SCCM, I have 5 plus
years of experience.

Coming to my roles and responsibilities, I have experience in software distribution, like

packaging model, application model, and user troubleshooting part. I do have experience in
patching, patch management, patch creation, and patch troubleshooting part. And, also, I can
configure the boundaries, boundary groups, distribution point, distributing the content to the
DPs. I do install a client software by using client push installation method. On a daily basis, I
was working for the incidents.

That's all about me. Okay. Great. How do I troubleshoot if client is not communicating or
communication issues with the client? Yeah.

So if the client, having a communication issues, we will verify whether that particular client is
installed properly or not first. So if it is required, we will just give a try with the reinstallation of
that particular client, by uninstalling that. Then later, what we will do, we will check whether it is
reporting to the which primary site and which MP it is connected to, whether that particular
device is part of which boundary and boundary group. Why? Because if the device is not part of
boundary and boundary group also, that, reporting communication will be lost.

And, when it comes to the log file wise, we can verify the from the server end, we can see the
ccm.log file if it is an installation phase. From the client side, we can verify the ccm setup dot log
file. Client ID startup manager dot log file, we will verify. Okay. Great.

So what do you mean for vulnerabilities? Do you have experience on vulnerability remediation?
I have an experience, but, I did not work for the Qualys. I just work for the SSC and patching
itself. So there will be a separate team for vulnerabilities.

They will be using a Qualys dot. So once they do these scanning activities, they will provide 1
Excel sheet with the resolution also. Some of the patches needs to be installed on any device to
fix the vulnerabilities, or some of the application needs to be, like, upgrade to the latest version
to fix that vulnerability. So such kind of information, they will provide an Excel sheet, and they
will tell us where to take that particular patch. If it is from the SCCM, we will push it from the
SCCM.

If not, we will try to fix it by the manual. So that is how we work for the vulnerabilities. How many
clients we handle? We have yeah. We have, like, I have worked for multiple projects, but the
recent project which I worked, it was, like, a 10,200 endpoints, and, 48 DPs, one primary site we
had.

Okay. Okay. What do you mean by 0 day vulnerabilities? What you are understanding? The 0
day days.

The 0 day patch or 0 day vulnerability, so we need to deploy it on an immediately basis. Like, we
don't usually, the patch will be deployed on a, every one second, Tuesday. Right? But the when
it comes to the 0 day, it's a emergency patch we can consider it. We need to deploy it as soon
as possible.

Okay. So in a client mission, if software center does not have any patches displayed, I mean,
patches are discovered. Mhmm. So what do you check? How do you troubleshoot on that?

Yeah. If the patches are not discovered in the sense, there might be having an issue with the
policy, first thing. Mhmm. If it is not received a policy, then only we are not able to see it. What
we can do on immediate basis, we will try to trigger the policies first.

Action items, we will trigger. Still, if it is the same issue, we will verify the policy agent dot log file
as well as a policy evaluator dot log file. Then after, we will verify the restarting the SMS agent
host service. One more thing. After that so if it is still, we will check the client when it is reported,
when was the last time it is reported to the SCCM.

So if it is more than, like, a 7 days or 8 days like that, we will just give it a try with the uninstall of
the existing client, and we will install the latest client. So afterwards, the particular device which
you told me, we will verify that particular device is part of deployment collection or not. These
are the things 1 by 1 we will, troubleshoot. Okay. What is the configuration manager version
you're using?

You mean to say that, configuration manager, double 203. Double 203. Okay. Let's say in a
mission, the patches are failed. Okay.

Failed install. So what is your approach to fix that? Yeah. If the patches are failed in the sense,
we have a 2 failures. Right?

In a call client server, it says, like, a downloading phase might have been failed, or else
installation phase might have been failed. So first, we will analyze the log files. When it comes
to the log files for patching trailer? Yeah. When it comes to the log files first, so we will verify as
we have already concluded that it is a failure.

Right? So there is no issue with the policy. So we can verify the scan agent dot log file or w a
handler dot log file, update stores dot log file, update deployment dot log file. Also, we can verify
the update handler dot log file, reboot coordinator dot log file. Coming to the validations wise,
we need to look into the few of these services.

Like I said, SMS agent host service. After that, Windows update agent service also should be
working fine. After that, we need to verify that particular device is connected to the which
distribution point. That, we can verify under the location services dot log file. Why?

Because that content has to be on a distribution point, then only it will get downloaded into the
local CCM cache and the execution will happen. Right? So we need to verify the DP, whether it
is having the content or not. If not, we need to distribute that. Then coming back to the client
side again, we have to analyze the disk spaces.

We have to analyze the CCM cache sizes. We have to check the group policy issues or
scanning issues. Okay. So any any command tools you'll be using, like, any commands you'll be
using to fix this, patch failures? The commands stands.

It comes to the, group policy, we have a command like a GP update slash force. Before using
that, we need to delete the register dot pull folder and end user system. See Windows system
32 group policy, there will be a folder called registry dot pull folder. We have to delete that. As
soon as we delete that, we need to update the GP locally.

So GP update slash force, that's 1. Another one is, repository checking, WLAN repository
checking. That we can use a win management verify repository. We can do that. And, these are
all the things we can do that.

And, also, we sometimes we can, rename the software distribution folders. Right? So if there is
any scanning issues, we have to rename the software distribution folders. Have you heard
about the system file checker? System file checker?

Yeah. No. I have not used it. Maybe it might be there, but I have not used. I'm sorry for that.

Okay. No problem. What about, the sync commands? The sync command, I have seen. The the
sync commands which we use whenever if there is an issue with the installation phase failure,
Like, any image corrupted issues or any files are corrupted.

So these deep SIM commands will try to fix us. Scan health as well as a restore health, check
health. Right? These are the deep SIM commands we have. Okay.

So for that also, we can verify the CBS dot log file. That is the best log we can say coming to the
Windows perspective. In this log, we can identify if there is any corrupted files or if there is any
dependency packages are missing. So these are the things we can check it in a CBS dot log
file. Okay.

Do you have done printer vulnerabilities, remediation? No. I have not worked on that. Have you
configured printer in your, No. No.

Past experience? Windows, I have not configured, Yeah. Okay. So, Sai, do you have any
questions for him? Yeah, Shrida.
Hi, Ashok. Hi, Sai. You have already you have extra hand on experience on application model
and factoring. I do have. I do have.

Can you explain in which cases we can we are using application model and package models?
The application model and package model, it purely depends on the client again. But when it
comes to the application model, we have an advantages like any dependency cases, any
requirements set up cases, like a global condition needs to be set up. So any super students
cases, like, for example, if the same application wants to be uninstalled on the same
deployment and wants to have a latest deployment of the particular application, we can use a
super students. All these scenarios, we can go for the application model instead of package
model.

Okay. And, what are the logs we are checking in the case of, failures of applications and, It's an
application or a package? Packages. Yeah. Both.

Okay. So let me come back to the application, then I'll go back to the package. So application
model, we can verify the app discovery dot log file, app intent evaluator dot log file, cas dot log
file, location services dot log file. So we can, check the app enforcement dot log file. In app
discovery dot log file, we will verify whenever if we have configured any detection logics,
whether those detection logics have been triggered properly or not, we can check.

Coming to the app intent evaluator, we can verify if we have configured any dependencies or
maybe any requirements set up on that particular application, we can check it that. So location,
we can verify the location services dot log file for DP configurations. Enforcement, we can get to
know end to end status of the execution, like advertisement ID and which command line it is
executing and which CCM cache folder it is hitting, exit codes. All these things we can get to
know in a app enforcement dot log file. Coming back to the package model.

So package model, we can verify the, CAS dot log file, location services dot log file, content
transfer manager.logfile, also execution manager.logfile. Execution manager, it is very similar to
the app enforcement.logfile, which is used to execute that particular application. Okay. And, one
more thing. What about the distribution?

When the content is getting failed to distribute to the DPs, what is the process you are following
to check that? Yeah. When the content is failed to distribute, the very first thing, we will try to
redistribute as soon as. So if it is success, that's fine. If not, what we'll do?

We will verify the log file. That is testmgr.logfile. Based on the package ID, we will start
troubleshooting. On a general validations, if it is a DP issues, first, we will verify the DP online
status by checking the ping command. So if it is online, we will try to log in to the distribution
point.
Once we log in, we will verify the, disk space issues as well as if there is any, I can say, if it is a
newly build distribution point, we will verify the IIS configurations also. Also, prerequisites also,
we will verify. Okay. Okay. Sure.

Yeah, Shrida. I'm okay. Okay. Any one example or recent scenario where you have a run critical,
issue or escalation which you have fixed. Yeah.

To be honest to see that I many times I had been in escalation cases only. So because, being a
senior in a project, I have seen many escalations. The recent one which I remember one is as
as high as about distribution issue. So the content was distributed, but, there are a schedule
blocks for that. So one of my colleague, he has verified everything.

Log he has verified and, ports he has verified. He checked everything, and he just passed the
statement called there is nothing from my side. There is a network issue. Go ahead and check.
Like, the day he has passed it.

So they have checked with the networking team. They said everything is fine. The
communication is good. Network is good. They said like that.

So they have raised the escalation. So you did not, dig into the issue properly. Please fix it, like
that they have raised. So again, I took the case. I have verified everything, whatever he has
done.

So log verification as well as the DP status, online status, and everything I have checked
components on there. Everything looks good, but, also, there are scheduled blocks on the DP
properties. So that schedule blocks made us to not to distribute from Monday to Friday certain
timings. So like that, they have scheduled the DP configurations. So he forgot to check that.

So I took all these screenshots. It's a habit for me. Whenever I do the troubleshooting, any
issues, I take all these screenshots, whatever I do. So to show the client so that we are not
doing mistakes, anything, that we are working something. Like that, I make a habit.

So I took all these screenshots, and I went for the call. And I told them, if you really want a
solution, you have to remove the schedule blocks first. Otherwise, you have an option called
robocopy. So the both the options I have given them, so we have sorted out. Okay.

So are you comfortable in working in shifts? Or Yeah. Yeah. I'm fine, Shida. I don't have any
issues with that.

Okay. Just give an example of positive and negative about you. The positive, I can say, it's like,
what do we call? I'll be keep on learning something. I'm very happy for that.

I'm very happy to learn, in fact. So wherever I am, whatever I am, so I'll just keep on researching
something new or something which I don't know. That's positive, I can say. When it comes to the
negative, I don't know whether it is negative or not. If I don't know anything, I'll not commit it to
do.

I'll ask somebody in a team, whether he may be a junior to me, whether he may have senior to
me. So I'll ask him. So I'll also in front of them only, I'll make a note. I'll carry my notes, pen,
everywhere. So I'll make a note.

So the next time, I should not forget that. No? I should not ask them again if the same issue
comes. So maybe that could be some people feel like, I don't know anything. Some people feel
like he has very good habit in that.

So I don't know how they will take it, but I feel it's like that. Okay. So the portion I mean, this
portion, what we're looking, this also includes a printer printer augmentation. Mhmm. So you
should be, learn Sure.

Definitely. Definitely. Definitely. Definitely, I'll learn. Yes, Shirk.

So we are done with your interview. We will give the feedback to HR, and HR will contact you.
Okay? Sure. Definitely.

Thank you. Thanks for your time. Thank you, Shridhar. Thank you, Sai. Thank you very much.

Thanks for your time. Have a nice day. Yeah. Yeah. Take care, Ashok.

Thank you. You too.