Update rollup for Microsoft Configuration Manager version 2211
Applies to: Configuration Manager (current branch, version 2211)
Summary of KB16643863
This article describes issues that are fixed in this update rollup for Microsoft Configuration Manager current branch, version 2211. This update applies both to customers who opted in through a PowerShell script to the early update ring deployment, and customers who installed the globally available release. For more information on changes in Configuration Manager version 2211, see:
- What’s new in version 2211 of Configuration Manager current branch
- Summary of changes in Microsoft Configuration Manager current branch, version 2211
Issues that are fixed
- When the content lookup process for a task sequence fails with error 0x8000000a (E_PENDING), it fails to recover. Errors resembling the following are recorded in the smsts.log file.
The task sequence installation now retries if this error happens. To support this behavior three new variables are added with this update rollup.CAppMgmtSDK::GetEvaluationState <applicationID> = DownloadFailed Installation job completed with exit code 0x00000000 Execution status received: 24 (Application download failed ) App install failed. Setting TSEnv variable '_TSAppInstallStatus'='Error' Setting TSEnv variable 'SMSTSInstallApplicationJobID__<applicationID>'='' Completed installation job. Step 3 out of 5 complete Install application action failed: 'Application name'. Error Code 0x80004005- _SMSTSAppInstallNeedsRetry is used internally by the executable to check if the application installation needs to be retried.
- OSDAppInstallRetries specifies the number of times the installation needs to be retried.
- OSDAppInstallRetryTimeout specifies the timeout period between retries.
- SQL configuration items fail to evaluate correctly when deployed to non-English versions of Windows Server 2022. Instead of a "compliant" or "not compliant" result, the affected configuration items instead return "WMI provider error Invalid parameter [0X80041008]".
- Group membership data is incorrectly removed if the Active Directory User Group Discover process returns error 0x8007202B (ERROR_DS_REFERRAL).
- The Monitor service state rule for a cloud management gateway updates the Azure_Service table unnecessarily. The rule leads to unexpected growth of the SCCM_Audit table in the site database.
- In large environments, it's possible for IIS logging on a cloud management gateway (CMG) to fill the C:\ drive. To prevent the drive from filling, a new scheduled task, CleanIISLogs, is created on the Virtual Machine Scale Set used for a CMG. This task deletes the Internet Information Services (IIS) logs older than 30 days, and runs every Sunday at 12:00 AM.
- In the recurrence schedule for a maintenance window, the Offset (days) value can now be set to a maximum value of seven days instead of the previous maximum of four. This allows for greater flexibility when configuring the offset.
- Older cipher suites that may be considered less secure, such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, are now disabled on cloud management gateway Virtual Machine Scale Sets. Existing Virtual Machine Scale Sets need to be manually updated for changes to take effect, such as by using the Synchronize Configuration button in the ribbon.
- Windows Server Update Services (WSUS) synchronization fails in environments that require strong-name verification for .NET assemblies. The wsyncmgr.log contains the following entry.
Strong-name verification is required when the AllowStrongNameBypass registry value is set to zero. Refer to How to: Disable the strong-name bypass feature for additional information.Sync failed: Could not load file or assembly 'updmgrclr, Version=5.0.9096.1000, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A). Source: wsyncact
Known issues in this release
Localized (non-English) versions of the Configuration Manager console may fail to install this update. The following error message is recorded in the ConfigMgrAdminUISetup.log
Installation failed with error code 1638Note the text of error code 1638 is "Another version of this product is already installed. Installation of this version cannot continue. To configure or remove the existing version of this product, use Add/Remove Programs on the Control Panel."
To work around this issue, first uninstall the localized version of the Configuration Manager console, then install it again using the version from this update rollup.
Update information for Microsoft Configuration Manager current branch, version 2211
This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using early update ring or globally available builds of version 2211.
Members of the Configuration Manager Technology Adoption Program (TAP) must first apply the private TAP rollup before this update is displayed.
To verify which build is in use, look for a Package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. The update applies to installations from packages that have the following GUIDs:
- C457206E-CD5C-4E6E-8625-EE3F232D48D6
- BAD30974-7608-45F6-B2CE-78FB3900E19A
Restart information
This update doesn't require a computer restart but will initiate a site reset after installation.
Additional installation information
After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site aren't affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.
Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.
If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.
Version information
The following major components are updated to the versions specified:
| Component | Version |
|---|---|
| Configuration Manager console | 5.2211.1061.1300 |
| Client | 5.0.9096.1024 |
File information
File information is available in the downloadable KB16643863_FileList.txt text file.
Release history
- February 21, 2023: Initial hotfix release
References
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for