Edit

Summary of changes in Configuration Manager current branch, version 2010

  • Article

Applies to: Configuration Manager (current branch, version 2010)

Summary of KB4599442

Release version 2010 of Microsoft Endpoint Configuration Manager current branch contains fixes and feature improvements. The Issues that are fixed list isn't inclusive of all changes. Instead, it highlights changes the product development team believes are most relevant to the broad Configuration Manager customer base. Many of these changes were made in response to customer feedback about product issues and improvements.

Notes

Issues that are fixed

  • The Set-CMStatusFilterRule and Get-CMStatusFilterRule PowerShell cmdlets return different results when used with the same -Name parameter. The Set-CMStatusFilterRule cmdlet fails with an error resembling the following.

    Set-CMStatusFilterRule : No object corresponds to the specified parameters.

  • Configuration Manager incorrectly uses the site system installation account for a remote site system to connect to the SQL Server database. Errors resembling the following are recorded in the remote SQL Server error log file.

    MSSQLSERVER,18452,Logon,Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. [CLIENT: primary_site_server_IP_address]

    Additionally, errors resembling the following are recorded in the Distmgr.log file in the case of a distribution point installation.

    *** [28000][18452][Microsoft][ODBC SQL Server Driver][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. 
*** Failed to connect to the SQL Server. Cannot save the package status to the data source...

  • The serial number of a device is blank when viewed from device properties in the Configuration Manager console.

  • Users without the Notify resource permission can select the Client Notification option for a device in the Configuration Manager console. After selecting Client Notification in this scenario an exception is displayed in the console. After updating to Configuration Manager version 2010 the option is now unavailable when the Notify resource permission is missing.

  • In an environment with a mix of HTTP and HTTPS management points, clients may persist an incorrect or unreachable fallback location for task sequence policy retrieval.

  • Task sequences and driver packages are unexpectedly imported into their respective root folder instead of the selected folder in the Configuration Manager console.

  • Task sequences may time out after a computer restart while waiting for the SMS Agent Host service (CCMExec.exe) to start and verify WMI performance counter data. Log entries resembling the following are recorded in the smsts.log

    Waiting for CcmExec service to be fully operational
Timed out waiting for ccmexec service to be fully operational

  • The keyboard combination of control and backspace inserts a character instead of deleting an entire word as expected in the Configuration Manager console.

  • Collection updates may be delayed in large environments that collect frequently changing hardware inventory data, such as recently used applications. This occurs due to triggers on the CollectionNotifications table that run when processing hardware inventory.

  • Members of a software update group aren't displayed in the Configuration Manager console after clicking the View Required button.

  • Automatic deployment rules (ADRs) may not process or deploy as expected under the following conditions.

    • Multiple deployments are associated with an existing ADR.
    • The site has a certificate registration point. When this occurs errors resembling the following are recorded in the policypv.log file.
    *** [40001][1205][Microsoft][SQL Server Native Client 11.0][SQL Server]Transaction (Process ID xx) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction. : spProcessPfxNotifications_Assignment 
*** Deadlock detected, retrying the statement 
SQL>>>>> Deadlock detected, retrying the transaction.

    RuleEngine.log also contains errors resembling the following.

    *** [40001][1205][Microsoft][SQL Server Native Client 11.0][SQL Server]Transaction (Process ID xx) was deadlocked on lock resources with another process and has been chosen as the deadlock victim. Rerun the transaction. 
*** Deadlock detected, not retry since there is 1 open transaction(s).

  • Installation of software updates can trigger an unexpected reboot of a computer under the following conditions.

    • A software deployment was installed with a pending reboot during the All deployments maintenance window, but the computer wasn't restarted.

    • A later software update that didn't require a reboot was installed during the Software Update maintenance window.

    • The following client setting is set to No in the environment.

      Enable installation of software updates in “All deployments” maintenance window when “Software update” maintenance windows is available.

  • Package updates may fail in a Configuration Manager hierarchy configured for high availability. This can occur if a package update is completed on the central administration site (CAS) while a primary site is performing a failover from active to passive mode.

  • Changes to the How many days… setting on the Deployment Ring tab in the properties of a servicing plan don't take effect.

  • The New-CMApplicationDeployment PowerShell cmdlet doesn't allow you to set an installation deadline for superseded applications.

  • The Next maintenance window field in software center doesn't display the correct value when clients have overlapping maintenance windows.

  • CMPivot terminates unexpectedly when creating a query that has a where clause referencing a nonexistent or invalid object.

  • Changes to a nested task sequence don't propagate to the parent task sequence if the package name contains a comma.

  • Configuration Manager clients installed on Windows Server 2016 computers that are joined to Microsoft Entra ID may fail to communicate with HTTP management points. Errors resembling the following are recorded in the ClientIDManagerStartup.log.

    Registering client using AAD auth.
RegTask: Failed to send registration request message. Error: 0x87d00231
RegTask: Failed to send registration request. Error: 0x87d00231
Failed to register using AAD auth with error 0x87d00231. Falling back to the old auth.

  • The Configurations tab of the Configuration Manager control panel applet hangs and doesn't display results on Windows 10 ARM64 devices.

  • The Workspace ID and Workspace Key values are in opposite locations between the Microsoft Defender Advanced Threat Protection (MDATP) onboarding windows and the Microsoft Defender Security Center console. This can lead to copy/paste errors during the onboarding process.

  • Synchronization of Microsoft Surface Drivers with a software update point takes longer than expected.

  • Custom SDK scripts using the SWbemObjectEx.Put_ or SWbemObjectEx.Delete_ methods may cause the WMI Provider Host Process (wmiprvse.exe) to terminate unexpectedly.

  • After migrating a site database server to new hardware, an error resembling the following is recorded in the Microsoft.ConfigMgrDataWarehouse.log.

    The existing Data Warehouse database has been used in another bench, please specify a different Data Warehouse database.

  • Deploying an uninstall action for an application group fails if the apps within the group have different revisions. The CIAgent.log will contain a VersionInfoTimedOut error entry when this occurs.

  • After a computer reboot following installation of an application or software update, users may receive an additional notification of a pending reboot. This occurs on computers that aren't joined to Microsoft Entra ID if they change from an Internet to Intranet location after the initial reboot.

  • The Configuration Manager Health Evaluation task (ccmeval.exe) may run during an in-place operating system upgrade task sequence. If this occurs, the task sequence fails and the client is left in provisioning mode.

  • The smspxe.log is now updated to record which management point a distribution point is communicating with during the PXE boot process. This information assists with troubleshooting installation and upgrade issues.

  • The -AllowFallBack parameter of the New-CMTaskSequenceDeployment PowerShell cmdlet doesn't work as expected.

  • Installation of a site in passive mode fails under the following conditions.

    • The site database is using SQL AlwaysOn.
    • The Configuration Manager database is using a named instance of SQL and a custom port for communication.
    • The site in active mode is using a default instance of SQL for the Configuration Manager database.

  • Tenant attach device experience and device actions won't work when running a non-English operating system date/time format.

  • The SMS Executive service (smsexec.exe) consumes more memory than expected, and may terminate, when the SMS_NOTIFICATION_MANAGER component processes a large number of .BLD files from the \inboxes\bgb.box folder.

Hotfixes that are included in this update

  • KB 4580678: Tenant attach rollup for Configuration Manager current branch, version 2006
  • KB 4584759: Clients report Desktop Analytics configuration errors in Configuration Manager, version 2006
  • KB 4575786: Configuration Manager console terminates unexpectedly on Configuration Manager current branch, version 2006
  • KB 4575787: Co-management enrollment takes longer than expected for Configuration Manager clients
  • KB 4575785: November 2020 Update for Asset Intelligence authentication certificate in Configuration Manager
  • KB 4575789: Revised update rollup for Microsoft Endpoint Configuration Manager current branch, version 2006

Dependency changes

The following dependent components that are included with Configuration Manager version 2010 are added or updated to the specified versions:

  • WebView2 Runtime to version 87.0.664.41
  • ScintillaNET.dll to version 3.6.3