SMS Agent host service Disabled after 20H2 upgrade

Rahul Jindal [MVP] 9,041 Reputation points MVP

I am noticing that SMS agent host is getting disabled after a successful 20H2 OS upgrade. I am using an IPU with TS variable OSDSetupAdditionalUpgradeOptions to add /reflectdrivers to allow the automatic deployment to work with Symantec Encryption Desktop 10.4.2. MP5.

Also, after the OS upgrade completes, the provision mode is being left as TRUE which is also causing issues. The device doesn't check back in with MP and the TS never completes. This obviously affects are deployment compliance.

So far the workaround has been enabling the SMS agent host service, changing the provision mode to FALSE and doing a remediation of the Configmgr agent. Any idea why is this happening? Details on infrastructure -

CB 2010
Co-Managed with Defender policies applying from Intune.
Join type - Hybrid

One thing I have noticed is that if we decrypt the disks before the OS upgrade, then everything works. PGP team are refusing to support citing reasons that they only support manual installs and not mass scale installs through a 3rd party tool.

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,084 questions
Microsoft Configuration Manager
{count} vote

1 answer

Sort by: Most helpful
  1. Rahul Jindal [MVP] 9,041 Reputation points MVP

    I have a case opened with Broadcom, but wanted to cover this issue from all possible angles.

    1 person found this answer helpful.
    0 comments No comments