This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 52%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
I upgraded CM v2203 to v2303 on 1st August. I have a CMG and all was working as expected before this upgrade- client on the internet would pickup software updates policy from the CMG and download and install software updates from MS and all was working as expected.
On 1st August i installed v2303 +hotfix rollup KB21010486
since then (i have 4 machines that i am looking at and were working as expected prior to upgrade) these internet only based machines are not installing updates. The CMG is working fine as i can request a hw scan (via client notification) and these clients are appearing online in the console using the cmg
I orginailly had my new client version in pre-prod but have now made it the production client.
These 4 internet based clients- none of them are installing updates or updating their client version via automatic upgrade. (I thought that the CMG supported client upgrade.)
error in updatesdeplyment log show: GetUpdateInfo - failed to get targeted update, error = 0x87d00215.
all these clients are showing as client check passed/active in the deployments monitoring ( so it seems they are not downloaing the new policy for new updates)
I then enabled the CMG as a CDP and checked that the client package is there (even updated the DPs) and also deployed a small test package to test the CDP.
I have enabled using a CDP in the client settings for these machines.
i can see the package in software centre, but when i try and run it it says :The software could not be found on any servers at this time. (Not sure if this issue is realted because the client is having issues communicating with the site)
it seems that the old client (v2203) isnt communicating with the new site v2303 somehow
included attached are snippets from some of the logs (sanitized)
Please help- it seems like a bug and these internet based clients are not installing updates
thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 40%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
Hi,
i have a similar pb after installing 2303 version, failed to download Apps via internet
New app deployed appear in SC but can not be downloaded
Someone has already installed the last Hotfix Rollup (KB24719670) ?
or do you have any other solution ? Knowing that CDP is already enabled on client settings and work correctly before!
Hi,
Nope, no solution. im tearing my hair our trying to find out what is wrong with this. Definately think there's a bug
I updated to 2303+hf KB21010486, then enabled my CDP afterwards (which is not working)
the main issue i have is with internet clients not being able to install software updates/ or anything from the CDP
CMG is processing hinv etc and it appears fine.
Clients on the LAN or VPN install sucessfully, so the deployments are fine.
Internet based clients are not installing updates, where they did previously
one client had the same errors and i connected it to the VPN and restarted services/did SU scan and eval and it downloaded and installed updates sucessfully (awaiting another user testing this)
everything else seems to work as expected, except these internet based clients who cant seem to run the software updates deployemnts that are working for on prem clients (and CDP has never worked)
definately seems like a bug of some sort, would be good if someone from MS would help
i have a different error:
A new hotfix is available since 12/09 could u try it ?
The only hotfix I have available is this one which only corrects affected SQL views in the site database to prevent the issues described. So doubt that will fix anything https://learn.microsoft.com/en-us/mem/configmgr/hotfix/2303/24721208
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
We have the same issue in our environment, since the update to 2303 (incl. Hotfix rollup), internet clients are not able anymore to download app deployments from the CMG.
CAS.log mentions:
LS Request CorrelationID {xxx} - No reply received for location request
LS Request CorrelationID {xxx} - Failed to create Location Request Message body
GetLocationSyncEx3 for content xxx failed with error 0x80004005
According to LocationServices.log it looks ok cause it connects to the CMG and also the client update worked.
On VPN or in the company network all works fine. We have not changed anything after or before doing the update.
@Crystal-MSFT can someone from Microsoft please help us here 🙏. Think this is a bug. Thanks
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 16%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
This is a BUG in V2303! Confirmed by MS
U should see the following error on MPLocation.log of MP Server that is enabled fro CMG communication
The resolution for that is to run the following SQL Query:
GRANT SELECT ON vSMS_DefaultBoundaryGroup To smsdbrole_MP
I created a MS support case for this issue, but found this threads on Reddit today:
https://www.reddit.com/r/SCCM/comments/14zit9o/upgraded_to_2303_and_updates_are_stuck_i
https://www.reddit.com/r/SCCM/comments/16jfypn/cmg_and_clients_not_in_boundary_groups_cant/
Have tested it and it has solved our issue, waiting now for confirmation of MS if that is the right way to fix it.
Thanks for this. I'm away just now but will try it tomorrow night when I get back
Thanks, this solved my issue- would be good if MS would put it in the known issues for the hotfix
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 87%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENK%3C/text%3E%3C/svg%3E)
This fixed same problem with IBCM. Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXM%3C/text%3E%3C/svg%3E)
Hi,
It appears that you are facing issues with your internet-based clients not installing updates or upgrading their client version after upgrading Configuration Manager to v2303.
Client is on internet ccmsetup 29/08/2023 09:13:26 17832 (0x45A8)
Client is set to use webproxy if available. ccmsetup 29/08/2023 09:13:26 17832 (0x45A8)
Client is not allowed to use or doesn't have PKI cert while talking to HTTPS server. ccmsetup 29/08/2023 09:13:26 17832 (0x45A8)
[CCMHTTP] ERROR: URL=https://CMG01/CCM_Proxy_MutualAuth/ServiceMetadata, Port=0, Options=1216, Code=0, Text=CCM_E_NO_CLIENT_PKI_CERT ccmsetup 29/08/2023 09:13:26 17832 (0x45A8)
The error message "Client is not allowed to use or doesn't have PKI cert while talking to HTTPS server" suggests that there is an issue with the client's ability to authenticate with an HTTPS server that requires a Public Key Infrastructure (PKI) certificate for secure communication.
Thanks, yes that is correct. I'm not using a PKI but using eHTTP.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Hi, i commented above that i dont use PKI, only eHTTP. Thanks
OK- so there's an update. I had to update the certificate for my CMG and that recreates the VM. Since then, 2 of my test clients have updated their client version over the CMG. (i manually updated one (which wasnt updating but did that to check if it was an issue with getting software updates) client, but one other still hasnt updated
However, They are all still giving the same error with updates-
GetUpdateInfo - failed to get targeted update, error = 0x87d00215. UpdatesDeploymentAgent 12/09/2023 12:58:15 3040 (0x0BE0)
*spUpdatesManager->GetUpdateInfo((*it).sUpdateId, (it).sVersion, eUpdateState, eApplicability, eUpdateStatus, bIsSuperseded, hrError), HRESULT=87d00215 (K:\dbs\sh\cmgm\0405_083130\cmd\x\src\client\UpdatesMgMt\DeploymentAgent\updatesassignment.cpp,1189) UpdatesDeploymentAgent 12/09/2023 12:58:15 3040 (0x0BE0)
GetTargetedUpdate( sUpdateId, spManageUpdate ), HRESULT=87d00215 (K:\dbs\sh\cmgm\0405_083130\cmd\x\src\client\UpdatesMgMt\DeploymentAgent\updatesmanager.cpp,1365) UpdatesDeploymentAgent 12/09/2023 12:58:15 3040 (0x0BE0)
I have just logged into the VPN on one test client and done a scan and deployment evaulation and immediately its picked up the updates its supposed to- so it appears that after the upgrade to 2303 clients dont seem to be picking up software update policies(actionable?) through the CMG.
This means that clients are now not installing security updates when not on LAN/VPN
These clients all worked off LAN/VPN before the upgrade fine and CMG connection analyser is good
.... and on another (less important) note -none of them are pulling my software package (notepad++) from the Cloud DP either
Its distributed to the CDP, clients have the setting enabled in clients settings to use CDP but when i try and run it it says this:
LS Request CorrelationID {549CC2E5-3CB8-473A-9369-AB7390A5707B} - LSSendLocationRequestSync sending location request message ContentAccess 12/09/2023 13:39:50 17596 (0x44BC)
LS Request CorrelationID {549CC2E5-3CB8-473A-9369-AB7390A5707B} - No reply received for location request ContentAccess 12/09/2023 13:39:50 17596 (0x44BC)
hr, HRESULT=80004005 (K:\dbs\sh\cmgm\0405_083130\cmd\1d\src\Framework\LocationServices\LSInterface\ccmpkglocation.cpp,196) ContentAccess 12/09/2023 13:39:50 17596 (0x44BC)
LS Request CorrelationID {549CC2E5-3CB8-473A-9369-AB7390A5707B} - Failed to create Location Request Message body ContentAccess 12/09/2023 13:39:50 17596 (0x44BC)
RequestLocationsSync(sContentID, sContentVersion, Type, ulPriority, ui64DeploymentFlags, ulTimeoutMilliseconds, ulClientInOperation, pl, paDP, pContentInfo), HRESULT=80004005 (K:\dbs\sh\cmgm\0405_083130\cmd\1d\src\Framework\LocationServices\LSInterface\ccmpkglocation.cpp,609) ContentAccess 12/09/2023 13:39:50 17596 (0x44BC)
spICCMPkgLocation->GetLocationsSyncEx3( pwszContentId, pwszContentVersion, eContentType, dwLSPriority, ui64DeploymentFlags, dwLocationTimeoutInSeconds1000, 0xFFFFFFFF, &ulDPCount, &paDP, pContentInfo), HRESULT=80004005 (K:\dbs\sh\cmgm\0405_083130\cmd\m\src\client\SoftMgmtAgent\ContentAccess\ContentAccessService.cpp,1393) ContentAccess 12/09/2023 13:39:50 17596 (0x44BC)*
GetLocationSyncEx3 for content 00100430.3 failed with error 0x80004005 ContentAccess 12/09/2023 13:39:50 17596 (0x44BC)