SCCM KB4578605. UR for Microsoft Endpoint Configuration Manager version 2006 KB4578605.
Issues that are fixed
- During client policy download, the execmgr.log repeats the following log entry multiple times every minute.
Device is not MDM enrolled yet. All workloads are managed by SCCM This results in potentially valuable troubleshooting information being overwritten.
- Client computers that are performing a PXE boot to install a new operating system are unable to find the boot WIM file. This occurs when the WIM file is stored in a content library split across multiple drives. Errors resembling the following are recorded in the SMSPXE.log file.
CContentDefinition::GetFileProperties failed; 0x80070003
CContentDefinition::TotalFileSizes failed; 0x80070003
- Computers are unexpectedly removed from orchestration groups. This occurs if the site has the option Use this boundary group for site assignment enabled, but the target computers are not in that boundary group.
- Clients are unable to communicate over a custom port for a management point when other communications changes are made to the site. For example, enabling HTTPS communication for a site causes previously defined custom HTTP ports to stop working.
- State messages from clients may not be properly recorded if the client computer restarts within 10 seconds of state message generation. This results in inconsistent or unexpected state message values, affecting the accuracy of task sequence and software deployment reporting.
- Clients incorrectly attempt to use PKI certificates for communication, even if the option Use PKI client certificate (client authentication capability) when available is disabled on the Communication Security tab of Site Properties. When the Use PKI client certificate option is disabled, errors resembling the following are recorded in the CcmMessaging.log file on internet-facing clients.
Client is on internet
Client is set to use webproxy if available.
Client is not allowed to use or doesn't have PKI cert while talking to HTTPS server.
[CCMHTTP] ERROR: URL=https://{management_point}/ccm_system_windowsauth/request, Port=0, Options=224, Code=0, Text=CCM_E_NO_CLIENT_PKI_CERT
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=
- Intranet clients will not fall back to another management point (MP) if the preferred MP is also a cloud management gateway.
- After updating to Configuration Manager current branch, version 2006, client installation using the PROVISIONTS property fails if the “Allow access to cloud distribution point” device setting is set to “No”. The client is unable to download content, and an error resembling the following is recorded in the tsagent.log file.
'{Task Sequence Deployment ID}' finished with exit code 2147746050
- Installation of a passive site server fails if orphaned .JOB files are present in the \inboxes\schedule.box folder. A message resembling the following is repeated in the FailOverMgr.log file.
site server job [Passive Site Server Installation][<old server>] is not targeted for this server <active server>
- Adding a passive site into a Configuration Manager infrastructure with at least 1 secondary site and client language packs installed will trigger a re-installation of all secondary sites.
- The Configuration Manager client installed on a Windows Embedded device stays in servicing mode if the maximum run time of a deployment is greater than the duration of the maintenance window.
- Improvements are made to the download process in the case of a timeout when the Download delta content when available client setting is enabled.
- The content download step of a task sequence may fail to download files to clients. This occurs if the BranchCache Windows feature is enabled, and the environment is using enhanced HTTP for communication with distribution points. The clients will retry the download step, but overall completion is delayed. Errors resembling the following are recorded in the smsts.log on the client.
Downloaded file from http://{Distribution_Point}:443/CCMTOKENAUTH_SMS_DP_SMSPKG$/{Package_ID}/sccm?/{Filename.ext}
Downloading file /CCMTOKENAUTH_SMS_DP_SMSPKG$/PR100090/sccm?/{Filename.ext} range 0-570085
WinHttpReadData() failed.
ReadDataAndWriteToFile() failed. 80072efd
ReadDataAndWriteToFile() failed for C:\_SMSTaskSequence\Packages\PR100090\{Filename.ext}. 0%
DownloadFileWithRanges() failed. 80072efd.
DownloadFile() failed for http://{Distribution_Point}:443/CCMTOKENAUTH_SMS_DP_SMSPKG$/{Package_ID}/sccm?/{Filename.ext}, C:\_SMSTaskSequence\Packages\PR100090\{Filename.ext}. 80072efd.
- Improvements are made to the synchronization and processing of policy assignments and policy data between the Microsoft Endpoint admin center and the Configuration Manager console. This prevents issues such as creating a policy in the admin center that is not visible in the on-premises console.
- The Configuration Manager console may generate an exception resembling the following when attempting to complete the Co-management Configuration Wizard.
ConfigMgr Error Object: instance of SMS_ExtendedStatus { Description = "User DOMAIN\\Username is not able to get the lock at this time. Error: 0x40480732"; ErrorCode = 1078462258;
This occurs after removing previously created settings.
- Configuration Manager clients deployed to Mac computers receive duplicate GUIDs. This occurs if the same user name is provided as a parameter to the CMEnroll tool during client installation.
- Clients may receive the incorrect policy, including scripts or settings, when multiple orchestration groups are present. Consider the following scenario:
Client 1 is a member of orchestration group 1.
Client 2 is a member of orchestration group 2.
Client 1 may receive policy from orchestration group 2, causing it to run the pre- and post-scripts intended for group 2 when installing an update intended for group 1.
Note: Any affected orchestration groups must be deleted and recreated after installing this update to correct the policy issue.
- The setting Allow access to cloud distribution points is not configured when clients are deployed using the Autopilot service and the PROVISIONTS parameter. This causes Install Application and Install Software Updates task sequence steps to fail.
- Client connections to a cloud management gateway may fail when multiple clients perform full software update scans in a short amount of time. Errors resembling the following are recorded in the SMS_Cloud_ProxyConnector.log file.
ERROR: Invalid operation when send the proxy message to internal server.Exception: System.InvalidOperationException: There were not enough free threads in the ThreadPool to complete the operation.~~
- After installing Windows updates released on October 13, 2020, Configuration Manager, version 1910, is unable to download Office 365 updates. The specific Windows update article ID varies by build; for example, KB 4579311 is the article ID for Windows 10, version 2004, and Windows Server version 2004.
- Errors resembling the following are recorded in the PatchDownloader.log on the computer downloading the content.
Download {update_GUID}/office/data/16.0.13231.20368/i640.cab.cat to %TEMP%\CABC1A4.tmp returns 0
Authentication of file %TEMP%\CABC1A4.tmp failed, error 0x800b0004
ERROR: DownloadContentFiles() failed with hr=0x80073633
- Windows 10 feature updates may fail to install on client computers using fast physical hardware. Errors resembling the following are recorded in the UpdatesHandler.log.
Contents already available for the update (update_guid).
Bundle update (bundle_guid) internal state transition: RUNNING to WAIT_CONTENTS
Bundle update (bundle_guid) internal state transition: WAIT_CONTENTS to EXECUTE_READY
StateCore - bundle update (bundle_guid) state changed from (WAIT_CONTENTS) to (EXECUTE_READY) as child update state changed
Update (bundle_guid) state (6) in-consistent for job after initiating execute.
CDeploymentJob - ExecuteUpdates failed. Error = 0x87d00654
Failing the job ({job_guid}) as updates agent internal error.
- Clients may randomly fail to install an update, or series of updates, due to a timing condition when they are deployed to a software update group. Errors resembling the following are recorded in the UpdatesHandler.log.
Failed to initiate install of WSUS updates, error = 0x87d0024a
Failed to start WSUSUpdate, error = 0x87d0024a
CDeploymentJob -- Failed to start procesing of the update (update_guid). Error = 0x87d0024a
Messages resembling the following are recored in the WUAHandler.log at the same time as the UpdateHandler errors.
Async installation of updates started.
CCM_E_JOB_ALREADY_CONNECTED, HRESULT=87d0024a
Cannot start another installation while one is already in progress.
Hotfixes that are included in this update
- KB 4576791 Update for Microsoft Endpoint Configuration Manager version 2006, early update ring
- KB 4580678 Tenant attach rollup for Configuration Manager current branch, version 2006
- KB 4584759 Clients report Desktop Analytics configuration errors in Configuration Manager, version 2006
Known issues in this update
- Automatic client enrollment during the co-management onboarding process may be delayed after upgrading clients.
The following steps are recommended prior to installing this update rollup.
- Disable automatic enrollment in Configuration Manager by setting the Automatic enrollment into Intune value to None before upgrading clients to version 5.00.9012.1052.
- Disable automatic client upgrade on the Client Upgrade tab of Hierarchy Settings.
The client upgrade process should be delayed until the new client, version 5.00.9012.1054, from KB 4575787 is installed in the environment.