Management point security update for Configuration Manager 2403
Applies to: Configuration Manager (current branch, version 2403)
Summary of KB29166583
An update is available to harden the security of Configuration Manager environment. The update improves the security of connections between the management point and site server database.
Note
For enhanced security posture it is recommended to leverage alternate account rather than Computer account for ‘Management point connection account’.
Known issues
• Sep 05, 2024
We identified an issue after installing the hotfix. Hence this KB is no longer applicable to install and we republish this once a fix has been identified.
• Sep 18, 2024
A revised version of the hotfix is released to address the earlier issue.
The revision appears in the console as KB 29166583 for customers using Configuration Manager version 2403. For customers who has already installed original release KB 29166583 they see two instances of the same KB 29166583, one installed and another one as ready to install.
Update information for Microsoft Configuration Manager current branch, version 2403
This update is available in the Updates and Servicing node of the Configuration Manager console for version 2403 environments.
Restart information
This update doesn't require a computer restart or a site reset after installation.
Additional installation information
After you install this update on a primary site, preexisting secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site aren't affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.
Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.
If the value 0 is returned, the site hasn't installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.
File information
File information is available in the downloadable KB29166583_FileList.txt text file.
Release history
- September 4, 2024: Initial hotfix release
- September 5, 2024: Hotfix revoked
- September 18, 2024: Hotfix republished