Update for System Center Configuration Manager version 1702, first wave KB4018732.

An update is available to administrators who opted in through a PowerShell script to the first wave (early update ring) deployment for System Center Configuration Manager current branch, version 1702. You can access the update in the Updates and Servicing node of the Configuration Manager console.

This update addresses important late-breaking issues that were resolved after version 1702 became available globally.

This update does not apply to sites that downloaded version 1702 on or after April 5, 2017. Therefore, it will not be listed in the Administrator Console for those sites.

Issues that are fixed

Installations downloaded between March 22 and March 24, 2017

The following issues are resolved for installations or downloads of version 1702 performed between March 22 and March 24, 2017.

  • When you try to create a Microsoft Intune subscription, you receive an exception in the Configuration Manager console. The Details portion of the exception resembles the following:
    System.InvalidCastException
    Unable to cast COM object of type ‘System.__ComObject’ to interface type ‘CERTENROLLLib.CX509PrivateKey’. This operation failed because the QueryInterface call on the COM component for the interface with IID ‘{728AB362-217D-11DA-B2A4-000E7BBB2B09}’ failed due to the following error: No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE)).
  • The automatic client upgrade process for clients may fail. Errors resembling the following are recorded in the ccmsetup.log on the target clients:
    Failed to delete the ccmsetup service (0x80070430)
  • Errors that resemble the following are recorded in the UpdateDeployment.log on computers that have the Management Point role installed:
    Job error (0x8007007f) received for assignment ({guid}) action
    Updates will not be made available          UpdatesDeploymentAgent
    Job error (0x8007007f) received for assignment ({guid}) action
    Updates will not be made available

    These errors occur during the Software Updates Evaluation Cycle.

  • Upgrade Readiness (formerly Upgrade Analytics) data is unavailable for clients that are missing hardware inventory data.
  • The required software updates dialog box in Software Center incorrectly states “Required software changes have been made on this computer” before changes are applied.
  • Internet-facing clients are unable to check compliance with device compliance policies, even when an Internet-facing Management Point or Cloud Management Gateway is available. Errors resembling the following are recorded in the ComplRelayAgent.log file:
    Failed to retrieve AAD token. Error Details: An ADAL exception occurred while acquiring a token
    Error: Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException: Federated service at https://{url} returned error: See inner exception for detail. —> System.Net.WebException: The remote server returned an error: (401) Unauthorized. —> System.ComponentModel.Win32Exception: The system cannot contact a domain controller to service the authentication request. Please try again later.

Installations downloaded between March 25 and April 4, 2017

The following issues are resolved for installations or downloads of version 1702 performed between March 25 and April 4, 2017.

  • Administrators cannot edit the Task Sequence application property Allow this application to be installed from the Install Application Task Sequence action without being deployed when the deployment type may require user interaction.
  • Task sequences with the option to Download all content locally before starting task sequence enabled may not run on non-English operating systems.
  • The User Notifications tab of a Task Sequence property may not appear if third-party administrator console extensions are installed.
  • Editing a compliance rule for a Mobile Device Configuration Policy results in modifications to additional policy elements. For example, adjusting the “Number of passwords remembered” setting also results in an unintentional change to the “Number of complex character sets required in password” setting.
  • The SMS Agent Host service (ccmexec) may stop on computers following in-place upgrade of the operating system. This issue can occur if the folder %windir%\system32\tasks\Microsoft is missing after the upgrade.
  • Enrolled Android devices, other than Samsung Knox devices, are not displayed in the Administrator Console.
  • Password Compliance rules added to support Android for Work are available on other platforms but only exposed when Android for Work is selected in the rule properties.
  • The SMS Executive service (smsexec.exe) consumes excessive memory when it downloads Upgrade Readiness data.
  • Upgrade Readiness data may not be processed on the site server. Errors resembling the following are recorded in the hman.log file on the site server.
    *** exec dbo.spOMSUpgradeAnalytics…
    *** [42000][9420][Microsoft][SQL Server Native Client 11.0][SQL Server]XML parsing: line 3180, character 10, illegal xml character : spOMSUpgradeAnalytics
    Failed to execute [C:\Program Files\Microsoft Configuration Manager\inboxes\hman.box\CFD\ConfigMgr.OMSUpgradeAnalytics_{datecode}.OMS]
  • Bulk enrollment of devices to Microsoft Intune fails.
  • After you upgrade to version 1702, application installation may fail on clients. Errors that resemble the following are recorded in the AppEnforce.log file. This indicates that the client is looking for the installation executable file in the wrong location. This occurs for applications that were created before the upgrade to version 1702.
    App enforcement environment: Content: MachineCommand line: “Install TestApp.exe”…
    Prepared working directory: C:\windows\system32
    Invalid executable file “Install TestApp.exe”
  • Configuration Manager clients may try repeatedly to download data for deleted policies.
    Clearing the proxy as no proxy address has been set
    ERROR: TaskManager: Task [CreateDeployment for service {guid}] has failed. Exception Microsoft.ConfigurationManager.AzureManagement.FailedToCommunicateToServiceException, Failed to contact Azure service.
  • A defined proxy server is not used as expected when you try to install a Cloud Distribution Point. Errors that resemble the following are recorded in the CloudMgr.log file:
  • The upgrade to Configuration Manager current branch, version 1702, may fail with errors resembling the following in the ConfigMgrSetup.log file:
    INFO: Inserting default ConfigurationItem(GLOBAL/Windows_Update_Settings)
    *** declare @rc int, @errxml xml, @errmsg nvarchar(max); EXEC @rc=sp_SetupCI 16889846, default, @errxml output, @errmsg output; select @rc, @errxml, @errmsg
    *** [42000][50000][Microsoft][SQL Server Native Client 11.0][SQL Server]ERROR 547, Level 16, State 0, Procedure sp_SetupSettingsAndRules, Line 177, Message:
    The MERGE statement conflicted with the REFERENCE constraint “CI_CurrentRuleDetail_SettingID_FK”. The conflict occurred in database “CM_V01”, table “dbo.CI_CurrentRuleDetail”, column ‘SettingID’. : spRethrowError
    ERROR: Failed to execute SQL Server command; CCISource::InsertObject returned -1

Update information for System Center Configuration Manager, version 1702

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using first wave (Fast Ring) builds of version 1702 downloaded between March 22 and April 4, 2017.

To verify which first wave build is in use, look for a Package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. The update applies to first wave installations of version 1702 from packages that have the following GUIDs:

  • 0FB0A697-662D-45C2-A96C-8C95E5944DF7
  • 2DC025B9-AF2F-4F22-A477-33F19C16C14C

This update does not apply to first wave installations of version 1702 from packages that have the following GUID as they are already up to date:

  • 82258EB9-88F1-427A-8B42-5A5C7FD185FF

Restart information

You do not have to restart the computer after you apply this update.

Update replacement information

This update does not replace any previously released update.

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, click Administration, click Site Configuration, click Sites, click Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.

If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

Share on Pinterest
Share with your friends










Submit