SCCM 1806 KB4459701

SCCM 1806 KB4459701.

Issues that are fixed and improvements that are included

Configuration Manager Console

• Fixes an issue in which administrators cannot copy any text from the Content Status node in the Configuration Manager console.
• Fixes an issue in which application-requested Approver comments appear in the user comment section and overwrite the user’s comments.
• Fixes an issue that causes the Application Catalog website to time out because a query takes a long time (more than 60 seconds) to finish.
• Fixes an issue that causes the Application Catalog website to time out because a query takes a long time (more than 60 seconds) to finish. Checking the ServicePortalWebSite.log may show that the GetApplicationValuesForProperty call is taking a long time to finish.
• Fixes an issue in which the Windows Defender Application Control compliance status is displayed as compliant (status 0), but is displayed as non-compliant on the Error tab in the Configuration Manager console.
• Fixes an issue in which the Cloud Management Gateway Role Endpoints are not displayed in the console.
• Fixes an issue that causes the Compliance Policies node loading and dashboard interaction to be slow. This issue may also generate a long-running script warning dialog box.
• Updates the “Configure conditional access policy in the Intune console” hyperlinks (under Compliance Settings > Conditional Access) to point to the Azure Portal.
• Fixes an issue that occurred after version 1710 was installed: If the disk size or free space (inventory of SMS_LogicalDisk) is less than 1 gigabyte, the disk size is displayed as 0 in the Configuration Manager console.
• Fixes an issue that causes the correct maximum run-time values for updates not to be reflected correctly within the properties of software updates.
• Fixes an issue that causes an invisible character to be added to the clipboard when a PowerShell script is copied from the Script Details property window.
• Fixes an issue in which Windows 10 versioning information is not displayed as expected in the Product Lifecycle Dashboard.

Software Updates Management

• Fixes an issue tht occurs after you enable express file support in version 1802: Windows 10, version 1803 clients cannot download software updates, and they receive a hash mismatch error. When this issue occurs, the following is logged in the WUAHandler.log file: Unexpected HRESULT for downloading complete: 0x80246002 Additionally, the following is logged in the Downloadmanager.log: *DownloadManager* -> [Info] : *FAILED* [80246002] Downloading job; *DownloadManager* -> [Info] : *FAILED* [80246002] Error occurred while downloading update {GUID}; notifying dependent calls.;
• Fixes an issue that causes some buttons not to be visible in the Deploy Software Updates Wizard when the display is set to a high resolution.

Software Distribution and Content Management

• Fixes an issue in which a custom Software Center logo that has a file name that contains a space is not listed in Software Center.
• Fixes an issue in which user-available applications cannot be installed through the Software Center if the Application Catalog roles are configured for https by using a certificate that has no subject name. Note Starting in Configuration Manager, version 1806, application catalog roles are no longer required to display user-available applications in Software Center.
• Fixes an issue in which Configuration Item processing breaks on the client if an application deployment type name contains a backslash ( \ ). Additionally, errors entries that resemble the following are recorded in the CIDownloader.log file: DCM::LanternUtils::StoreModelDocument
  == WBEM_S_NO_ERROR, HRESULT=87d00235 (..\WmiMofCompiler.cpp,492)
  Compiler lPhaseError: 2, ObjectNum: 0, hRes: 80044007 FirstLine: 0 LastLine: 0 == WBEM_S_NO_ERROR, HRESULT=87d00235 (..\WmiMofCompiler.cpp,492)
  Compiler lPhaseError: 2, ObjectNum: 0, hRes: 80044007 FirstLine: 0 LastLine: 0
• Fixes an issue that causes a client download to fail for content from a distribution point that has a path that is longer than 256 characters. IIS log files on the distribution point show “status 404” (file not found). The DTS.log on clients shows an error message that resembles the following: DTS job {GUID} BITS job {GUID} failed to download source file http://{Distribution_Point}:80/SMS_DP_SMSPKG$/Content_{long file path} to destination C:\Windows\ccmcache\{destination_folder} with error 0x80190194

Client

• Fixes an issue in which removing an Azure AD tenant from Configuration Manager does not revoke the related policy. Also, the Azure AD settings on the client are persisting the values that are located at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\AADConfigs. Therefore, clients continue to try to authenticate by using the Azure AD tenant information. Clients that are built off the network, by using stand-alone TS media, are not registered when they connect to the network unless the Configuration Manager client (SMS Agent Host) is restarted.
• Fixes an issue in which the following occurs:
  • A Configuration Manager client cannot retrieve an Azure AD authentication token (for example, because of a lack of connectivity).
  • This condition causes authentication failures against an https-enabled intranet management point (as expected).
  • This condition does not cause the Configuration Manager client to fall back to an available http management point.
• Fixes an issue in which clients that are built off the corporate network that uses Stand-Alone Task Sequence media do not register with the site until the Configuration Manager client (SMS Agent Host) is restarted. When this issue occurs, client registration requests are queued and a log entry that resembles the following are logged in ccmexec.log: SystemTaskProcessor::QueueEvent(NetworkChangedRaw, 1) – not queuing because flags indicate not to queue an already queued event.
• Fixes an issue in which Intune workloads may not become fully manageable by Intune after the Configuration Manager client is uninstalled.
• Fixes an issue in which SCEP Certificate Deployment fails for clients that connect through the Internet through a Cloud Management Gateway or Internet Management Point. Errors entires that resemble the following are logged in the Certenrollagent.log: Sending enrollment request message: <CertificateEnrollment MessageType=”CertDetection”>CertEnrollProvider
  Message timeout: 60 seconds
  spMessage, CCM_MESSAGING_DELIVERMODE_SYNC, dwMessageTimeout, &spReplyMessage ), HRESULT=80004005 (certenrollprovider.cpp,736)
  CertEnrollProvider Failed to send enrollment request message. Error: 0x80004005 Additionally, the following is logged in the Dcmwmiprovider.log: Failed to send enrollment request message. Error: 0x80004005 CertEnrollProvider
• Fixes an issue in which restarting the Configuration Manager client (SMS Agent host) on Branchcache clients triggers the duplication of Firewall Rules. In the Firewall event log, you see many events that are related to rule creation for BranchCache Content Retrieval.
• Fixes an issue in which a Configuration Manager client that uses Peer cache and that has a failed content download for the first Distribution Point it contacts does not move on to another Distribution Point, even if fallback is enabled.

Site Systems

• Fixes a problem in which a CMG connection point cannot connect to the Cloud Management Gateway after it is upgraded to a newer version of Configuration Manager. When this occurs, the required certificate information is missing from the Proxy_RoleCertificates SQL table.
• Fixes an issue that causes new clients not to be registered or approved because DDRs are backed up and are not processing in Configuration Manager\Inboxes\Auth\DDM. Additionally, the ddm.log loops through the following log entries: Refreshing Site Settings
  Inbox source is local on server.domain.com
  Inbox Source is local on server.domain.com
• Fixes an issue that occurs after a Configuration Manager site upgrade in which lots of status messages are sent to management points for packages that are configured for “distributed on demand” but for which no distribution point is configured for “distributed on demand.” Errors that resemble the following are logged in the MP_relay.log. Message Body :
  <ProvisionDPRequest SchemaVersion=”1.00″><Packages/></ProvisionDPRequest> MP_RelayEndpoint date time 4272 (0x10B0)
  Relay Task: failed in Relay Translator MP_RelayEndpoint date time 19404 (0x4BCC)
  discarding an inventory report … MP_RelayEndpoint date time 19404 (0x4BCC) Entries similar to the following are generated for the packages that are marked for on-demand distribution In the MP_Location.log: DMD files for DPs <ServerNameList><ServerName>{distribution_point}</ServerName></ServerNameList> for Site (DRC) MP_LocationManager date time 4300 (0x10CC)(UID: {unique_identifier},1,DRC,<ServerNameList><ServerName>{distribution_point}</ServerName></ServerNameList>,SMSUpdate) MP_LocationManager date time 4300 (0x10CC)
  MP LM: DemandFile message body:
  <ProvisionDPRequest SchemaVersion=”1.00″><Packages/></ProvisionDPRequest> MP_LocationManager date time 4300 (0x10CC)
• Fixes an issue that occurs when you use the new “Reassign a Distribution Point” feature that is available in version 1802: The SMS_HIERARCHY_MANAGER (hman) component thread can crash SMS_EXECUTIVE (smsexec) if you move multiple Distribution Points at the same time very quickly or through a script. When this occurs, the Event Viewer may log an Event 1000 error message (0xc0000374) that resembles the following: Faulting application name: smsexec.exe, version: 5.0.8634.1000, time stamp: 0x5a923726
  Faulting module name: ntdll.dll, version: 6.3.9600.18969, time stamp: 0x5aa29ff0
  Exception code: 0xc0000374
  Fault offset: 0x00000000000f1cd0
  Faulting application path: d:\Program Files\Microsoft Configuration Manager\bin\x64\smsexec.exe
• Fixes an issue in which Cloud Distribution Point certificate changes are not applied to the Cloud Distribution Point Cloud Service in Azure. When this issue occurs, there are no visible errors in the console or log that indicate that the change was not successfully applied. A manual review of the Certificates property in Azure, on the Cloud Distribution Point, shows that only the old certificate is present.
• Fixes an issue in which a Primary Site finishes an upgrade but gets stuck in Maintenance mode because of a race condition that exists between Despooler and Replication Configuration Manager. This issue occurs after the CAS sends BCP data, and the Primary receives the data before the Primary ServerData SQL table is changed to reflect that it is in Maintenance mode. In these conditions, the Primary deletes the BCP without processing it into the database. The causes a Reinitialization status = 4 (package created) status to become stuck for the Replication Group.
• Fixes an issue in which Replication Manager uses UNC files paths to access the local drive. This causes suboptimal performance in some environments.
• Fixes performance issues that might be experienced in some environments when Windows 10 Servicing reports are loaded against very large collections.

Operating System Deployment

• Fixes an issue that causes Operating System Deployment to fail because the Configuration Manager client cannot be put into Provisioning mode on peer cache source clients. This issue occurs because the SMS agent host takes more than five minutes to shut down. This occurrence is logged in the Ccmexec.log file. When this issue occurs, an error entry that resembles the following is also logged in the SmsClientMethodProvider.log file: Invoking method SetClientProvisioningMode
  Enable provisioning mode of the client
  stat.dwCurrentState == dwDesiredState, HRESULT=80004005 (..\ServiceControl.cpp,197)
  PollForDesiredState(stat, SERVICE_STOPPED), HRESULT=80004005 (..\ServiceControl.cpp,265)
• Fixes an issue that occurs when you use Dynamic Variables in a Task Sequence: An application installation fails if an application name contains a comma. When this issue occurs, the following error entires that contain a program name that includes “,” are logged in the SMSTS.log file: InstallApplication Added “Software | Program, 00.7” to the install list
  InstallApplication assignmentList.size() > 0, HRESULT=80004005
  InstallApplication No matching policy assignments received.
  InstallApplication Policy download failed, hr=0x80004005
  InstallApplication daUtil.DownloadPolicies(), HRESULT=80004005
  InstallApplication Successfully cleared App model names from TS env.
  InstallApplication daInstaller.Execute(), HRESULT=80004005
  TSManager Process completed with exit code 2147500037
• Based on user feedback and starting in Configuration Manager version 1806, using the built-in Upgrade Operating System task to run a Windows 10 compatibility scan (/Compat ScanOnly) for testinga  Windows 10 upgrade no longer puts the Configuration Manager client into Provisioning mode.
• Fixes an issue in which OSD task sequences may not always download application content from a Peer Cache source. Error entries that resemble the following are logged in the Clienttransfermanager.log file and the Clientauth.log file, depending on whether http or https is enabled:
  HTTP is enabled ClientAuth.log Signing Certificate is not available in the store
  CCMGetCurrentCertificateContext( eCertMsgAuthSignature, ppCertContext ), HRESULT=80004005 (..\ccmgencert.cpp,3380) ContentTransferManager.log Requesting DP auth token for content Content_<content_guid>
  spMessaging->SendMessageSync( spMessage, CCM_MESSAGING_DELIVERMODE_RECOVERABLE, c_uRequestTimeout, &spReplyMsg ), HRESULT=80004005
  CcmGetDPAuthToken(sContentId, this->m_sServerEncryptedToken, this->m_et), HRESULT=80004005 (ctmjob.cpp,7071)
  this->RequestToken(sContentId), HRESULT=80004005 (ctmjob.cpp,7274) HTTPS is enabled ContentTransferManager.log Decrypt the token first
  CryptDecryptMessage ( &DecryptParams, pbEncrypted, nEncryptedSize, pbPlain, &nPlainSize, 0 ), HRESULT=8009200c (..\windes.cpp,466)
  DecryptBuffer (hStore, pbEncrypted, nEncryptedSize, pbPlain, nPlainSize), HRESULT=8009200c (..\windes.cpp,545)
  SMS::Crypto::DES::DecryptBuffer( L”SMS”, pbOriginalToken, dwOriginalTokenSize, pbUnencryptedToken, dwUnencryptedTokenSize ), HRESULT=8009200c
  this->EncryptToken(sKeyContext, sTokenEncryptedForPeer), HRESULT=8009200c (ctmjob.cpp,7284)
• Fixes an issue in which an OSD that starts by using dynamic task sequence media first tries to start from an Internet https management point before it finally falls back to an http management point. This causes a delay before the available task sequences are displayed to the user.