Update rollup for Microsoft Endpoint Configuration Manager version 2203

Applies to: Configuration Manager (current branch, version 2203)

Summary of KB14244456

This article describes issues that are fixed in this update rollup for Microsoft Endpoint Configuration Manager current branch, version 2203. This update applies both to customers who opted in through a PowerShell script to the early update ring deployment, and customers who installed the globally available release. For more information on changes in Configuration Manager version 2203, see:

Issues that are fixed

  • Application approvals through email don't work with a cloud management gateway due to a missing Azure Active Directory token.
  • Metadata revisions to previously published metadata-only updates aren't synchronized to Windows Server Update Services (WSUS) as expected.
  • The Task Sequence Editor running on Windows Server 2022 fails to apply changes to a task sequence if the window is left open for several minutes. When this occurs the following message is displayed onscreen.
    Error connecting to provider, smsprov.log may show more details.
  • BitLocker compliance status won't be accurate for a brief period of time if the Client checking status frequency (minutes) value is set below 60.
  • The SMS_AZUREAD_DISCOVERY_AGENT thread of the SMS_Executive service incorrectly removes some users and their group memberships when the site server is configured with a non-US English locale. The removal happens when the discovery cycle runs after the 12th day of the month. Errors resembling the following are recorded in the SMS_AZUREAD_DISCOVERY_AGENT.log file at different times during the discovery cycle.
    ERROR: Encountered SqlException The conversion of a nvarchar data type to a datetime data type resulted in an out-of-range value.
    ERROR: Exception message: [The conversion of a nvarchar data type to a datetime data type resulted in an out-of-range value.]
    ERROR: Group full sync request failed. Exception: System.NullReferenceException: Object reference not set to an instance of an object.
  • When adding a CMPivot query as a favorite it is split into two lines and characters are removed.
  • The Name criteria isn't available when searching Software Update Groups in the Configuration Manager console.
  • The Browse button for Content location in the properties for a deployment returns an empty location instead of the value previously shown.
  • An application that is targeted to a device collection but deployed in the context of the user won't honor the implicit uninstall setting.
  • Typing a Name value in the Create Orchestration Group wizard is unexpectedly slow.
  • A misleading error message (false negative) is generated on a target distribution point that is co-located with a site server. This happens during content distribution from a parent site to a child site. The misleading error in distmgr.log resembles this entry:
    ~RDC:Failed to set access security on \\<SiteServerFQDN>\SMSSIG$\<PkgID>.1.tar for package <PkgID> signature file

Hotfixes that are included in this update

  • KB 13953025Update for Microsoft Endpoint Configuration Manager version 2203, early update ring
  • KB 14480034Registration fails for PKI clients after updating to Configuration Manager current branch, version 2203

Update information for Microsoft Endpoint Configuration Manager current branch, version 2203

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using early update ring or globally available builds of version 2203.

Members of the Configuration Manager Technology Adoption Program (TAP) must first apply the private TAP rollup before this update is displayed.

To verify which build is in use, look for a Package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. The update applies to installations from packages that have the following GUIDs:

  • 08AA4546-8F69-4F42-9C24-5A022ECEEB87
  • 56DB32EE-4377-460E-BB19-5095FBCFBE1D
  • 26D18D89-CDCA-4499-ACCC-9029E60D6C66
  • 89735386-930A-490A-909B-65101BA8C02C

The update is also applicable to TAP builds with the private TAP rollup (40CA6011-70E7-49DF-A05F-5400C85B971A) installed. New installations from 2203 media, as opposed to updates from prior versions, will not have any package GUIDs listed.

Restart information

This update doesn't require a computer restart but will initiate a site reset after installation.

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site aren't affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.

If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

Version information

The following major components are updated to the versions specified:

Component Version
Configuration Manager console 5.2203.1063.2400
Client 5.0.9078.1025

File information

File information is available in the downloadable KB14244456_FileList.txt text file.

Release history

  • June 24, 2022: Initial hotfix release


Updates and servicing for Configuration Manager