Update rollup for Microsoft Endpoint Configuration Manager version 2111
Applies to: Configuration Manager (current branch, version 2111)
Summary of KB12896009
This article describes issues that are fixed in this update rollup for Microsoft Endpoint Configuration Manager current branch, version 2111. This update applies both to customers who opted in through a PowerShell script to the early update ring deployment, and customers who installed the globally available release. For more information on changes in Configuration Manager version 2111, see:
- What’s new in version 2111 of Configuration Manager current branch
- Summary of changes in Microsoft Endpoint Configuration Manager current branch, version 2111
Issues that are fixed
- The Configuration Manager console fails to open after installing an updated version of a required console extension.
- Users without the Read Client Status Settings permission on the Site object are unable to see the client health dashboard.
- Windows LEDBAT isn't automatically enabled or disabled for a distribution point when selecting the Adjust the download speed to use the unused network bandwidth (Windows LEDBAT) setting in site properties.
- Automatic registration of the Configuration Manager PowerShell module (ConfigurationManager.psd1) can trigger a false positive alert from security software.
- The Configuration Manager console now allows wildcards when defining Microsoft Defender Attack Surface Reduction (ASR) rules.
- CMPivot queries against the Processor entity may fail with an "Invalid query" error.
- Clients that aren't Intune enrolled will record the following error in the execmgr.log file after receiving a task sequence policy.
Failed to check enrollment url, 0x00000001:
- The OneTrace log file viewer (CMPowerLogViewer.exe) may terminate unexpectedly when opening a log file.
- The Show Table link in the Windows Servicing dashboard displays repetitive information after selecting different collections.
- The Post Installation task Installing SMS_EXECUTIVE service displays a status of Completed with warning even though it was successful and no warnings are recorded in the sitecomp.log file.
- Clients will now throttle communication with a cloud management gateway if they make five unsuccessful contact attempts in five minutes.
- If a client computer is offline for multiple days with a pending state message resync request, it will receive duplicate policies for the resync when it comes back online. This leads to repeated resynchronization of the same messages.
- When the Configuration Manager console is installed on a computer with an x86 processor, it doesn't detect the installation state of console extensions.
- The built-in cloud features notification message continues to display in the Configuration Manager console even after it is dismissed.
- A remote control session doesn't display as expected when the target computer has multiple monitors and the display has a custom scale over 125 percent.
- Internet-based clients fail to register over the cloud management gateway when the management point is hosted on a remote site system. This occurs for clients installed using a Windows Imaging Task sequence and boot media over an internet connection.
- After updating to Configuration Manager version 2111, client policies for Windows Defender Firewall Remote Management that were previously disabled may be re-enabled.
Hotfixes that are included in this update
- KB 12709700 Update for Microsoft Endpoint Configuration Manager version 2111
- KB 12959506 Client update for Configuration Manager current branch, version 2111
Update information for Microsoft Endpoint Configuration Manager current branch, version 2111
This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using early update ring or globally available builds of version 2111.
Members of the Configuration Manager Technology Adoption Program (TAP) must first apply the private TAP rollup before this update is displayed.
To verify which build is in use, look for a Package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. The update applies to installations from packages that have the following GUIDs:
The update is also applicable to TAP builds with the private TAP rollup (C30077BF-D610-4C8A-BDB1-9B2D5442380E) installed. New installations from 2111 media, as opposed to updates from prior versions, will not have any package GUIDs listed.
This update doesn't require a computer restart but will initiate a site reset after installation.
Additional installation information
After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site aren't affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.
Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.
If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.
The following major components are updated to the versions specified:
|Configuration Manager console||5.2111.1052.2500|
File information is available in the downloadable KB12896009_FileList.txt text file.
- March 2, 2022: Initial hotfix release
Submit and view feedback for