New ConfigMgr 2211 Hotfix Rollup KB16643863 Released

Microsoft has released the first ConfigMgr 2211 hotfix rollup KB16643863. The update KB16643863 addresses several issues existing in SCCM version 2211 related to CMG, Task Sequences, WSUS, discovery methods, and much more.

This KB16643863 hotfix update applies both to customers who opted in through a PowerShell script to the early update ring deployment, and customers who installed the globally available release.

If you are using SCCM 2207 or an older version of Configuration Manager, ensure you upgrade to SCCM 2211 to get the latest hotfixes and security updates. Configuration Manager 2211 brings a set of new features and improvements over the previous release, which makes it worth upgrading to version 2211. Check out all the new features of SCCM 2211 and how to use them.

The KB16643863 rollup is the first hotfix released by Microsoft for 2211 version of Configuration Manager current branch. This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using early update ring or globally available builds of version 2211.

The update KB16643863 applies to installations from packages that have the following GUIDs:

• C457206E-CD5C-4E6E-8625-EE3F232D48D6
• BAD30974-7608-45F6-B2CE-78FB3900E19A

If the ConfigMgr 2211 Hotfix Rollup KB16643863 doesn’t appear in the Configuration Manager console, ensure you run Check for Updates. Furthermore, verify the package GUID to the 2211 update.

Issues fixed in SCCM 2211 Hotfix Rollup KB16643863

The following issues are fixed in the KB16643863 hotfix update of ConfigMgr version 2211.

Issue 1: The Monitor service state rule for a cloud management gateway updates the Azure_Service table unnecessarily. The rule leads to unexpected growth of the SCCM_Audit table in the site database.

Issue 2: In the recurrence schedule for a maintenance window, the Offset (days) value can now be set to a maximum value of seven days instead of the previous maximum of four. This allows for greatly flexibility when configuring the offset.

Issue 3: Windows Server Update Services (WSUS) synchronization fails in environments that require strong-name verification for .NET assemblies. The wsyncmgr.log contains the following entry – Sync failed: Could not load file or assembly ‘updmgrclr, Version=5.0.9096.1000, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ or one of its dependencies. Strong name validation failed. (Exception from HRESULT: 0x8013141A). Source: wsyncact

Issue 4: Older cipher suites that may be considered less secure, such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, are now disabled on cloud management gateway Virtual Machine Scale Sets. Existing Virtual Machine Scale Sets need to be manually updated for changes to take effect, such as by using the Synchronize Configuration button in the ribbon.

Issue 5: Group membership data is incorrectly removed if the Active Directory User Group Discover process returns error 0x8007202B (ERROR_DS_REFERRAL).

Issue 6: SQL configuration items fail to evaluate correctly when deployed to non-English versions of Windows Server 2022. Instead of a “compliant” or “not compliant” result, the affected configuration items instead return “WMI provider error Invalid parameter [0X80041008]”.

Issue 7: When the content lookup process for a task sequence fails with error 0x8000000a (E_PENDING), it fails to recover.

CAppMgmtSDK::GetEvaluationState <applicationID> = DownloadFailed
Installation job completed with exit code 0x00000000
Execution status received: 24 (Application download failed )
App install failed.
Setting TSEnv variable '_TSAppInstallStatus'='Error'
Setting TSEnv variable 'SMSTSInstallApplicationJobID__<applicationID>'=''
Completed installation job.
Step 3 out of 5 complete
Install application action failed: 'Application name'. Error Code 0x80004005

More details here: Update rollup KB16643863 for Microsoft Configuration Manager version 2211.

Install ConfigMgr 2211 Hotfix Rollup KB16643863

You can install the KB16643863 hotfix rollup in the Configuration Manager console using following steps:

• Launch the Configuration Manager console.
• Browse to Administration\Overview\Updates and Servicing.
• Ensure the status of KB16643863 hotfix rollup update shows as Ready to Install.
• Right-click Configuration Manager 2211 Hotfix Rollup KB16643863 and select Install Update Pack.

The Configuration Manager 2211 hotfix KB16643863 includes site server updates, console updates, and client updates. For prerequisite warnings, you can enable the option “ignore any prerequisite check warnings and install the update” on your production server running SCCM 2211. Click Next.

Client update options allow you to upgrade your client immediately or validate the most recent client version in the pre-production collection before upgrading all of your Configuration Manager clients. Select the appropriate option for your setup and click Next.

On the License Terms page, you must review the license terms and accept them. Click “Next” to continue.

Review the KB16643863 hotfix rollup installation settings on the Summary page and click Next. Close the Configuration Manager updates wizard. This completes the steps to install the KB16643863 hotfix rollup for ConfigMgr 2211.

Monitor the KB16643863 Hotfix Update Rollup Installation Progress

On your SCCM 2211 environment, you can monitor the hotfix KB16643863 installation progress by reviewing the cmupdate.log on the site server. When you install the KB16643863 hotfix rollup, any errors you run into are written to the cmupdate.log file. Monitoring Workspace in the Configuration Manager console, on the other hand, allows you to track the progress of a hotfix installation. Take a look at the list of all the helpful SCCM Log Files related to hotfix updates.

The SCCM 2211 Hotfix Rollup KB16643863 required a total of just 30 minutes to install on the server, and there were no errors encountered at any point in the installation process. There will be a SCCM site reset after the installation of the hotfix even though it doesn’t require a restart of the computer.

KB 16643863 Hotfix Rollup Console Upgrade

The KB 16643863 hotfix update requires a console upgrade and this step should be performed on all the systems installed with Configuration Manager console. Microsoft recommends upgrading the console to the latest version on site server. The hotfix installation will usually prompt for the console upgrade, you can proceed with the upgrade by clicking on the install link. The console upgrade window also appears when you close and re-open the SCCM console. Click OK to begin the console upgrade.

The SCCM 2211 KB16643863 Hotfix rollup upgrades the existing console version to 5.2211.1061.1300. During the console upgrade, review the console admin upgrade log files in case you encounter any errors.

Verify the KB16643863 Installation on ConfigMgr 2211 Server

You must check and verify if the KB16643863 hotfix is installed correctly on the SCCM server. There are multiple ways to confirm the hotfix installation and the easiest method being directly from the console. Launch the Configuration Manager console and go to Administration\Overview\Updates and Servicing, here we see the hotfix KB16643863 update shows as Installed. This confirms the KB16643863 hotfix installation is successful, and you can begin to use the console for administrative tasks.

Updating the Secondary Sites with Hotfix KB16643863

After you install ConfigMgr KB16643863 hotfix rollup on a primary site, pre-existing secondary sites must be manually updated. Read more about secondary site installation in SCCM to get an idea on how to install secondary sites in SCCM.

To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

• If the value 1 is returned, the site is up-to-date, with all the hotfixes applied on its parent primary site.
• If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

KB16643863 Client Upgrade (5.00.9096.1024)

The ConfigMgr KB16643863 hotfix rollup updates the production client version to 5.00.9096.1024. You must upgrade the client agents to the latest version and to accomplish that you can use the automatic client upgrade feature. Check out all the SCCM client upgrade options.

To perform the automatic client upgrade for Configuration Manager 2211 clients, go to the site hierarchy settings properties and switch to the Client Upgrade tab. Here enable the option “upgrade all clients in the hierarchy using production client“. Enabling this option will upgrade the client agents on all computers to version 5.00.9096.1024.

After installing the KB16643863 hotfix for SCCM 2211, the following major components are updated to the versions specified in the below table. Take a look at the history of SCCM build version numbers along with console and client versions.