Update rollup for Microsoft Endpoint Configuration Manager version 2107

Applies to: Configuration Manager (current branch, version 2107)

Summary of KB11121541

This article describes issues that are fixed in this update rollup for Microsoft Endpoint Configuration Manager current branch, version 2107. This update applies both to customers who opted in through a PowerShell script to the early update ring deployment, and customers who installed the globally available release. For more information on changes in Configuration Manager version 2107, see:

This update also adds support for devices running Windows 11 ARM64. For more information, see Support for Windows 11 in Configuration Manager.

Issues that are fixed

  • After upgrading to version 2107, one or more applications in a task sequence fail with an error resembling the following in the smsts.log.

    Install Static Applications failed, hr=0x87d00267
  • Offline Servicing for Windows Server 2022 operating system image fails to detect updates as applicable.
  • The Installation Status tab in Software Center hangs without loading completely. When this issue occurs, errors resembling the following are repeated in the scclient.log.

    Getting all instances of CCM_Application
    Getting all instances of CCM_Program
    Getting all instances of CCM_SoftwareUpdate
  • The CMTrace log file viewer does not display all characters at the beginning of a line.
  • Syntax highlighting for PowerShell ignores the back quote escape character (`) when escaping double quotation marks.
  • The site server may stop processing state messages, resulting in a backlog of files, due to a primary key constraint violation. Errors resembling the following are recorded in the statesys.log file.

    SQL MESSAGE: spProcessStateReport - Error: Message processing encountered a SQL error 2627 at record 100 for TopicType 500, StateID 1: "Violation of PRIMARY KEY constraint 'SR_MissingMessageRanges_PK'. Cannot insert duplicate key in object 'dbo.SR_MissingMessageRanges'. The duplicate key value is (123456, 112233).", Line 0 in procedure ""
  • A console extension may fail to import with an error resembling the following recorded in the AdminUI.ExtensionInstaller.log file.

    Return code indicates unhandled case. Result: Exception of type 'System.OutOfMemoryException' was thrown.
  • The Configuration Manager console generates an exception when selecting View Collection from the Collections tab in the Devices node. The exception contains information resembling the following.

    The requested object information could not be retrieved. Refresh the Configuration Manager console to verify that another administrator has not moved or deleted the object, or that the role-based administration security scopes or security roles for the object or current user have not changed.
    ConfigMgr Error Object:
    instance of __ExtendedStatus
    Operation = "GetObject";
    ParameterInfo = "SMS_DeviceCollectionMember.SiteID=\"{Site_ID}\"";
    ProviderName = "WinMgmt";
    Error Code:
  • The Configuration Manager client is blocked from sending endpoint analytics sensor events to the management point. This happens when there are backlogs in the CCM_SensorMessageQueue in WMI. Errors resembling the following are recorded in the SensorEndpoint.log file.

    Invoke SensorWmiProvider succeeded.
    QueryTraceW returned=234 for SensorFramework-Live-Etw...
    Failed to get the next message to send. 0x80041032
  • The Configuration Manager console terminates unexpectedly if a Reporting Services Point is installed while the SQL Server Reporting Services (SSRS) service is stopped. The AdminUI.log file contains errors resembling the following.

    Version string portion was too short or too long.
  • The Configuration Manager Support Center Client Tools application terminates unexpectedly on a Windows 11 computer selecting different deployments.
  • The Cloud Management Gateway Azure Storage Account can now be configured to use TLS 1.2 through the Configuration Manager console. For more information, see Enforce TLS 1.2.
  • Improvements to the Data Warehouse synchronization process are included to prevent the SQL Server TempDB from filling up.
  • Endpoint analytics sensor data now includes the system SKU and processor name, and Microsoft Surface Model information, for Windows 11 hardware readiness.
  • The cloud service configuration file (.csfg) is not updated after deploying a cloud management gateway. Errors resembling the following are recorded in the CloudMgr.log file.

    ERROR: TaskManager: Task [UpdateServiceConfigurationTask: Service {ID}] has failed. Exception Hyak.Common.CloudException, ChangeDeploymentConfigurationOperationFailed: The Change Deployment Configuration operation failed for the domain '{ID}' in the deployment slot 'Production' with the name '{ID}-deployment': 'The specified configuration settings for Settings are invalid. Verify that the service configuration file is a valid XML file, and that role instance counts are specified as positive integers.'..~~
  • Incremental collection updates don't work when the WQL statements contain custom properties.
  • In some scenarios the maximum client policy size is incorrectly limited to 16MB instead of 32MB. This results in errors resembling the following in the smsts.log file.

    Request was successful.
    dwBodyLength <= m_nMaxReplySize, HRESULT=80004005
    reply message body length is too long (18291682, 16777216)
  • The BitLocker recovery key is only escrowed for the first user on a computer instead of all users that log on.
  • Clients fail to download content from a peer cache source under the following conditions:

    • The content is deleted from a distribution point but remains in the peer cache.
    • The client is on a low bandwidth connection that causes the BITS download job to take over 24 hours to complete.
  • The device collection is unexpectedly empty when selected from the device graph on the Windows 10 dashboard.
  • The list of BitLocker recovery keys is blank for Microsoft Entra joined devices.

Hotfixes that are included in this update

  • KB 10503003 Update for Microsoft Endpoint Configuration Manager version 2107, early update ring

Known issues in this release

  • The Log Analytics connector for Azure Monitor feature was removed from Configuration Manager version 2107. However, the pages that allow an administrator to view and delete the OMS Connector are still present but don't function. For more information, see Deprecated features.

Update information for Microsoft Endpoint Configuration Manager current branch, version 2107

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using early update ring or globally available builds of version 2107.

Members of the Configuration Manager Technology Adoption Program (TAP) must first apply the private TAP rollup before this update is displayed.

To verify which build is in use, look for a Package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. The update applies to installations from packages that have the following GUIDs:

  • 248DC1EB-4B98-4483-BAF3-08C678C1CD0A
  • 142D394F-4E40-4574-AB8F-D182200DF03C
  • 8D0F9A5B-B21D-438F-AC56-38428FECB787
  • 86FE4AF1-68A1-4AD4-B435-91995D30ECD6
  • E392EF90-DB2C-47BB-ACB8-11E702D0F451
  • 42E1CF6E-95A1-4A8D-96AD-311E6247B3FB

The update is also applicable to TAP builds with the private TAP rollup installed.

Restart information

This update does not require a computer restart but will initiate a site reset after installation.

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
  • If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.
  • If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

Version information

The following major components are updated to the versions specified:

Component Version
Configuration Manager console 5.2107.1059.3700
Client 5.0.9058.1047

File information

File information is available in the downloadable KB11121541_FileList.txt text file.

Release history

  • October 27, 2021: Initial hotfix release


Updates and servicing for Configuration Manager