Install Hotfix KB14480034 for SCCM 2203

A new hotfix KB14480034 has been released for SCCM 2203 to address the issue where registration fails for PKI clients after updating to Configuration Manager version 2203.

After KB13953025 hotfix, KB14480034 is the second hotfix released for SCCM version 2203 and is available for everyone. Customers using the early update ring version for SCCM 2203 must first install the KB13953025 first before installing this new hotfix.

The SCCM 2203 hotfix KB14480034 is available for installation in the Updates and Servicing node of the Configuration Manager console. If you don’t see this KB 14480034 update, click Check for Updates to get the latest updates available for Configuration Manager.

To install the hotfix KB14480034, you must first upgrade your SCCM to version 2203. More details about the KB14480034 are available on Microsoft Hotfix documentation.

Summary of KB14480034

After updating to Configuration Manager current branch, version 2203, the registration process fails for clients using public key infrastructure (PKI) for client authentication if they are unable to authenticate against the domain. This affects the following scenarios:

  • Newly installed workgroup clients using PKI.
  • Clients that are joining an AD or Azure AD domain for the first time, generating a new device identity.
  • Existing clients that are trying to renew their client authentication certificate.

When this issue happens, the following error is logged in the DDM.log file on the site server for each affected client.

ClientIdentity is not a hex string
The registration record is not valid. Bad RDR

The .RDR file(s) will be moved to ..\auth\ddm.box\regreq\bad_ddrs on the site server.

To resolve the above issues, you must install KB14480034 update on your ConfigMgr 2203 production server.

Install Hotfix KB14480034

Perform the following steps to install the KB14480034 hotfix for SCCM 2203:

  • Launch the Configuration Manager console.
  • Navigate to Administration > Overview > Updates and Servicing.
  • Right-click Configuration Manager 2203 Hotfix KB14480034 and select Install Update Pack.
Hotfix KB14480034 for SCCM 2203
Hotfix KB14480034 for SCCM 2203

The Configuration Manager 2203 hotfix KB14480034 includes only site server updates. There are no console updates or client updates included with this hotfix. Click Next to continue.

You may also run a prerequisite check before installing the hotfix KB14480034 to eliminate potential errors or warnings. Typically, hotfixes shouldn’t cause any major issues.

Hotfix KB14480034 for SCCM 2203
Hotfix KB14480034 for SCCM 2203

On the License Terms page, review and click I accept these license terms and privacy statement for the update pack. Click Next.

Hotfix KB14480034 for SCCM 2203
Hotfix KB14480034 for SCCM 2203

Review the settings on Summary page and on Completion window, click Close. The hotfix installation begins now.

SCCM 2203 Hotfix KB14480034
SCCM 2203 Hotfix KB14480034

You can monitor the hotfix installation progress by reviewing the cmupdate.log on the site server. Alternatively, even Monitoring workspace provides the progress of hotfix installation.

The total installation time for hotfix KB14480034 was only 10 minutes and there were no errors encountered during the installation of this update.

The hotfix update KB14480034 does not require a computer restart or a site reset after installation. Although you may restart the server if you’d like to.

As mentioned earlier, there is no console upgrade after you install the hotfix KB14480034. The console version will remain 5.2203.1063.1500.

Similarly, there will be no client agent upgrade required and the client agents will remain at version 5.00.9078.1006. For more information, read about the updated SCCM build numbers, console version numbers.

Updating the Secondary Site with Hotfix KB14480034

After you install SCCM 2203 hotfix KB14480034 update on a primary site, pre-existing secondary sites must be manually updated. Read more about secondary site installation in SCCM.

To update a secondary site in the Configuration Manager console, select Administration > Site ConfigurationSites > Recover Secondary Site, and then select the secondary site.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
  • If the value 1 is returned, the site is up-to-date, with all the hotfixes applied on its parent primary site.
  • If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

1 thought on “Install Hotfix KB14480034 for SCCM 2203”

  1. Hi Prajwal,

    In a fresh and distributed environment, I am getting “Fail to create SQL Server Certificate, ConfigMgr installation cannot be completed” error. However, SQL Server Certificate was created successfully. Any pointer or help would be appreciated.

    ConfigMgrSetup.log-
    INFO: ‘L1PRIDB.lab1.local’ is a valid FQDN. $$
    Installing service SMS_SERVER_BOOTSTRAP_L1PRI.lab1.local_SMS_SQL_SERVER on remote server L1PRIDB.lab1.local … $$
    Installed service SMS_SERVER_BOOTSTRAP_L1PRI.lab1.local_SMS_SQL_SERVER on remote server L1PRIDB.lab1.local $$
    Starting installed service SMS_SERVER_BOOTSTRAP_L1PRI.lab1.local_SMS_SQL_SERVER on remote server with command-line arguments “PRI D:\SMS_L1PRI.lab1.local_SMS_SQL_SERVER0 /createcertificate SOFTWARE\MicrosoftCertBootStrap\ SMS_SQL_SERVER”… $$
    Could not start service SMS_SERVER_BOOTSTRAP_L1PRI.lab1.local_SMS_SQL_SERVER. The operating system reported error 1008: $$
    ERROR: Failed to create SQL Server certificate on server L1PRIDB.lab1.local $$
    ERROR: Failed to create SQL Server [L1PRIDB.lab1.local] certificate remotely. $$
    Not recovery mode or not top level site. Skip restoring client piloting packages. $$
    ~~===================== Completed Configuration Manager Server Setup ===================== $$

    SQL Server log details-
    Login failed for user ‘LAB1\SMSAdmin’. Reason: Failed to open the explicitly specified database ‘PRI\CM_CHK’
    Error: 18456, Severity: 14, State: 38.

    Reply

Leave a Comment