In this post I will be discussing on how to track SCCM application deployment through client log flow. There are several components involved with application model which is more complex than packaging model. I will run through all the important log files which plays vital role and also very much helpful while troubleshooting application deployment issues.
Log files involved in SCCM Application
Application deployment through configuration manager (MECM) creates multiple log files, few of them are very much important while few of them are not so much of any importance. However, for complex troubleshooting of application deployment you might get surprised that the log files which might not be considered as too much important also becomes important (in few scenarios). The default location of all sccm logs are c:\windows\ccm\logs. These are the log files related to Application Deployment and data flow when application installation triggers:
PolicyAgent.log
AppEnforce.log
AppDiscovery.log
AppIntentEval.log
CAS.log
ContentTransferManager.log
DatatransferService.log
Above mentioned log files are required to check for any application deployment issues.
If you are interested in looking into Track SCCM package deployment through client log flow, I would highly recommend as I would say it will be easy to go through package deployment work flow before jumping into application deployment as it is more complex then packaging deployment.
Follow Flowchart explains how Application deployment works. If you wanted to understand about work flow along with log files involved check the video below:

Sequence of log flow for Application Deployment
For demonstration purpose, I am going to use an application, with following details:
Application Name: 7-Zip 19.00 (x64 edition)
Deployment Types: 7-Zip 19.00 (x64 edition) – Windows Installer (*.msi file)
Installation program: msiexec /i “7z1900-x64.msi” /q
Uninstall program: msiexec /x {23170F69-40C1-2702-1900-000001000000} /q
Application is deployed with action – “Install” and Purpose – “Required” for forcing the application.
Its always good to confirm few details before checking the logs, login to SCCM Server, launch Configuration Manager console, navigate to. \Software Library\Overview\Application Management\Applications, while application selected, enable the column CI Unique ID

You will notice CI Unique ID consists of ScopeId_<GUID>/Application_<UniqueGUID>, while ScopeId remains same, Application ID is different for each application, make a note of it. In my case Application ID starts with Application_805dbf87xxxx.
While application selected, in bottom pane click on Deployment Types, make sure Content_ID column is visible, if not right click and enable the column. Make note of Content ID in my case it is Content_4185ab90-xxxx

The content ID information is very important as we may see multiple Deployment Types and each Deployment type will be having a unique ContentID. But only one deployment Type is going to install hence it is important to make a note of Content_ID to see and verify what Deployment type is installing at client side.
You may check the link if you are interested in knowing How Deployment Priority works.
Analyse the logs – Application Deployment
Let’s navigate to the client, from Configuration Manager Properties (shortcut command line: control smscfgrc), run now following Actions:
Machine Policy Retrieval & Evaluation Cycle – To download the policy related to application deployment which we just targeted.
Application Deployment Evaluation Cycle – We are initiating this cycle now because to force the application evaluation right away without waiting any time.
PolicyAgent.log – The log file will show downloading of policy, if we search for application CI ID, we can see the results. Search for: “application_805dbf87”. Policy download started and succeeded are the information I am looking for.
Compiling policy 'ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/Application_805dbf87-fde2-42b6-852d-4c908a211c2b/CA' version '2.00' hash 'SHA256:C6AA776FEEA1A14D4022059CDF1CD54130C6C982744A2B170F3FB0A22586D2B3' from 'SMS:MAN' (2021-11-28 04:20:41.660) PolicyDownload: <File Source=".sms_pol?ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/RequiredApplication_805dbf87-fde2-42b6-852d-4c908a211c2b/VI/VS.SHA256:E5B4DD7FBF81A3B1A634DD838A6ACE8C2FFCACEB1E6E177677DE30667F78429E" Destination="ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B-RequiredApplication_805dbf87-fde2-42b6-852d-4c908a211c2b-VI-VS.2.00.tmp"/> instance of CCM_PolicyAgent_PolicyDownloadStarted Raising event: instance of CCM_PolicyAgent_PolicyDownloadSucceeded

AppDiscovery.log – This log file will come into picture. Application Model is smart enough to detect whether application is present on the system or not, if it is not present then only the rest of the process triggers in. This responsibility is handled by component AppDiscovery. AppDiscovery will also create another job for AppIntentEval Component to look for any dependent application if any. And will finally create job for AppEnforce Component if application is not discovered.
We can see following in the logs:
Performing detection of app deployment type 7-Zip 19.00 (x64 edition) - Windows Installer (*.msi file)(ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/DeploymentType_2020701e-ee5e-4d0b-ac64-a183e9ce5240, revision 1) for system. +++ MSI application not discovered [MSI Product Code: {23170F69-40C1-2702-1900-000001000000}, MSI Product version: ] +++ Did not detect app deployment type 7-Zip 19.00 (x64 edition) - Windows Installer (*.msi file)(ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/DeploymentType_2020701e-ee5e-4d0b-ac64-a183e9ce5240, revision 1) for system. +++ Discovered MSI application +++ Detected app deployment type 7-Zip 19.00 (x64 edition) - Windows Installer (*.msi file)(ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/DeploymentType_2020701e-ee5e-4d0b-ac64-a183e9ce5240, revision 1) for system.

AppIntentEval.log
This Component is responsible to check if there is any dependencies for deployment type, such as if any other application requirement condition is set before installing current application. This will also check for Supersedence setting if specified in application. Once its job is done, the information will be sent back to component AppDiscovery. Following in the information we can see in AppIntentEval.log:

No dependencies for DeploymentType ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/DeploymentType_2020701e-ee5e-4d0b-ac64-a183e9ce5240/1. * Evaluating Application policies for Machine DT id = ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/RequiredApplication_805dbf87-fde2-42b6-852d-4c908a211c2b/2, technology = MSI ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/DeploymentType_2020701e-ee5e-4d0b-ac64-a183e9ce5240/1 :- Current State = NotInstalled, Applicability = Applicable, ResolvedState = Available, ConfigureState = NotNeeded, Title = 7-Zip 19.00 (x64 edition) - Windows Installer (*.msi file) ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/Application_805dbf87-fde2-42b6-852d-4c908a211c2b/2 :- Current State = NotInstalled, Applicability = Applicable, ResolvedState = Available, ConfigureState = NotNeeded, Title = 7-Zip 19.00 (x64 edition) ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/RequiredApplication_805dbf87-fde2-42b6-852d-4c908a211c2b/2 :- Current State = NonCompliant, Applicability = Applicable, ResolvedState = Compliant, ConfigureState = NotNeeded, Title = ApplicationIntentPolicy Important key take away from AppIntentEval.log is changing of: Current State : Changing from NotInstalled > NonCompliant > Installed > Compliant Applicability : Showing as Available as the conditions / requirement to install the application has been met. ResolveState : Changing from Available > Installed > Compliant
AppEnforce.log
AppEnforce Component is the master component or we can say most important log file which initiates the Application Installation, we can see lots of other information as well which were sent by other components such as whether application was discovered or not and other dependant application installation.
We will see other information such as content location from where application execution has started. Command line of installation command and finally successful installation of application. We see following in logs:
+++ Starting Install enforcement for App DT "7-Zip 19.00 (x64 edition) - Windows Installer (*.msi file)" ApplicationDeliveryType - ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/DeploymentType_2020701e-ee5e-4d0b-ac64-a183e9ce5240, Revision - 1, ContentPath - C:\WINDOWS\ccmcache\1, Execution Context – Any Performing detection of app deployment type 7-Zip 19.00 (x64 edition) - Windows Installer (*.msi file)(ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/DeploymentType_2020701e-ee5e-4d0b-ac64-a183e9ce5240, revision 1) for system. +++ MSI application not discovered [MSI Product Code: {23170F69-40C1-2702-1900-000001000000}, MSI Product version: ] App enforcement environment: Context: Machine Command line: msiexec /i "7z1900-x64.msi" /q Prepared working directory: C:\WINDOWS\ccmcache\1 Found executable file msiexec with complete path C:\WINDOWS\system32\msiexec.exe Prepared command line: "C:\WINDOWS\system32\msiexec.exe" /i "7z1900-x64.msi" /q /qn Valid MSI Package path = C:\WINDOWS\ccmcache\1\7z1900-x64.msi Advertising MSI package [C:\WINDOWS\ccmcache\1\7z1900-x64.msi] to the system. Executing Command line: "C:\WINDOWS\system32\msiexec.exe" /i "7z1900-x64.msi" /q /qn with system context Process 4348 terminated with exitcode: 0 Looking for exit code 0 in exit codes table... Matched exit code 0 to a Success entry in exit codes table. Performing detection of app deployment type 7-Zip 19.00 (x64 edition) +++ Discovered MSI application [AppDT Id: ScopeId_A01E8F68-CD81-4C08-80FA-477C0E10623B/DeploymentType_2020701e-ee5e-4d0b-ac64-a183e9ce5240, Revision: 1, MSI Product code: {23170F69-40C1-2702-1900-000001000000}, MSI Product version: ] ++++++ App enforcement completed (0 seconds) for App DT "7-Zip 19.00 (x64 edition) - Windows Installer (*.msi file)"

We can see Exit Code 0, which means application installed successfully.
Though this log file looks pretty simple and straight forward, but it has dependency upon so many other components, the most important are AppDiscovery and AppIntentEval. But that’s not the only dependency.
To download the content, it has to go through 3 other components ie. CAS.log, ContentTransferManager.log, DataTransferService.log. Let’s understand it one by one.
CAS.log
CAS stands for ContentAccess component, the component has 2 jobs to do:
- Locate the content on DP by creating first Job / request for LocationServices component and get the DP name / location to download the content.
- As DP location is available, CAS will create another job ie. CTM Job for ContentTransferManager component and instructing it to download the content.
CAS is also responsible for verification and integrity of Hash value of the package. Once CAS’s job is done it is ready with providing the content location to AppEnforce.log to execute such as c:\windows\ccmcache\1
We will see following in cas.log:
===== CacheManager: Initializing cache state from Wmi. ===== Cache size is 5120 MB. Location is C:\WINDOWS\ccmcache CacheManager: There are currently 4955564032 bytes used for cached content items (6 total, 0 active, 6 tombstoned, 0 expired). ===== CacheManager: Cache state initialization completed ===== **** Received request for content Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1, size(KB) 1707, under context System with priority Medium. Saved Content ID Mapping Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1, C:\WINDOWS\ccmcache\7 Content for Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1 was found in cache, content size is 1707K Saved Content ID Mapping Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1, C:\WINDOWS\ccmcache\7
Content is downloaded at the end of CAS.log
LocationServices.log
As the name suggest, LocationServices Component is responsible to provide the content location info back to CAS Component (ContentAccess). This log file will list content available on all DP’s based upon boundary group the client is in:
Calling back with the following distribution points Distribution Point='http://SCCM01.MANBAN.COM/SMS_DP_SMSPKG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1', Locality='SUBNET', Version='9058', Capabilities='<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>', Signature='http://SCCM01.MANBAN.COM/SMS_DP_SMSSIG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1.tar', ForestTrust='TRUE', BlockInfo='0' Distribution Point='http://mdt01.MANBAN.COM/SMS_DP_SMSPKG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1', Locality='SUBNET', Version='9058', Capabilities='<Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>', Signature='http://mdt01.MANBAN.COM/SMS_DP_SMSSIG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1.tar', ForestTrust='TRUE', BlockInfo='0' Calling back with locations for location request {CAEB2629-EF19-4413-855A-992F33EF1CA0} ContentTransferManager.log

As CAS Component created this 2nd job for ContentTransferManager, this component will be responsible for downloading the content. ContentTransferManager itself isn’t doing this job, but further created DTS Job for DataTransferService Component. Though the downloading status will be captured in this log file as well.
ContentTransferManager.log will show following downloading Status: CTM job {7E6D4E07-2EB0-424F-AE07-F56642A9F8C3} entered phase CCM_DOWNLOADSTATUS_WAITING_CONTENTLOCATIONS Queued location request '{CAEB2629-EF19-4413-855A-992F33EF1CA0}' for CTM job '{7E6D4E07-2EB0-424F-AE07-F56642A9F8C3}'. Persisted locations for CTM job {7E6D4E07-2EB0-424F-AE07-F56642A9F8C3}: (SUBNET) http://SCCM01.MANBAN.COM/SMS_DP_SMSPKG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1 (SUBNET) http://mdt01.MANBAN.COM/SMS_DP_SMSPKG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1 CTM job {7E6D4E07-2EB0-424F-AE07-F56642A9F8C3} (corresponding DTS job {57254A2E-6B8E-47F2-8AF1-4DDD09B18258}) started download from 'http://SCCM01.MANBAN.COM/SMS_DP_SMSPKG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1' for full content download. CTM job {7E6D4E07-2EB0-424F-AE07-F56642A9F8C3} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_MANIFEST CTM job {7E6D4E07-2EB0-424F-AE07-F56642A9F8C3} entered phase CCM_DOWNLOADSTATUS_PROCESSING_MANIFEST CTM job {7E6D4E07-2EB0-424F-AE07-F56642A9F8C3} entered phase CCM_DOWNLOADSTATUS_PREPARING_DOWNLOAD CTM job {7E6D4E07-2EB0-424F-AE07-F56642A9F8C3} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA CTM job {7E6D4E07-2EB0-424F-AE07-F56642A9F8C3} successfully processed download completion.

DataTransferService.log
As DTS Job has been created, DataTransferService Component will now download the content either using BITS.
We will the content downloading status as follows:
UpdateURLWithTransportSettings(): OLD URL - http://SCCM01.MANBAN.COM/SMS_DP_SMSPKG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1 UpdateURLWithTransportSettings(): NEW URL - http://SCCM01.MANBAN.COM:80/SMS_DP_SMSPKG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1 DTSJob {57254A2E-6B8E-47F2-8AF1-4DDD09B18258} created to download from 'http://SCCM01.MANBAN.COM:80/SMS_DP_SMSPKG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1' to 'C:\WINDOWS\ccmcache\7'. DTSJob {57254A2E-6B8E-47F2-8AF1-4DDD09B18258} in state 'DownloadingManifest'. UpdateURLWithTransportSettings(): NEW URL - http://sccm01.manban.com:80/SMS_DP_SMSPKG$/Content_4185ab90-7c90-46c5-9e36-eb2b2eb9e7ab.1/sccm?/7z1900-x64.msi DTSFlag is 0x0040050e DTSJob {57254A2E-6B8E-47F2-8AF1-4DDD09B18258} in state 'DownloadingData'. DTSJob {57254A2E-6B8E-47F2-8AF1-4DDD09B18258} in state 'RetrievedData'. DTSJob {57254A2E-6B8E-47F2-8AF1-4DDD09B18258} successfully completed download. DTSJob {57254A2E-6B8E-47F2-8AF1-4DDD09B18258} in state 'NotifiedComplete'. DTS job {57254A2E-6B8E-47F2-8AF1-4DDD09B18258} has completed: Status : SUCCESS, Start time : 11/28/2021 18:09:31, Completion time : 11/28/2021 18:09:47, Elapsed time : 15 seconds

Conclusion
This completes the Application Deployment workflow through checking and verifying it all components involved. Though there were other log files involved for complete end to end flow such as logs related to CI ie. CIAgent.log, CIDownloader.log, CIStateStore.log, CIStore.log etc. I thought including these logs might confuse a lot because majority of time you might not need these logs.
Important thing to consider is, to look for AppEnforce.log at the first place. This is the log file you must start with for application deployment.
Trackbacks/Pingbacks