SCCM Automatic deployment rule failed with error code 0X87D20417

Recently one of the user posted an issue related to ADR in community forums. The SCCM automatic deployment rule failed with error code 0X87D20417. In one of my post we have already seen how to create and work with ADR. Because the ADR’s have the ability to automatically approve updates and deploy them, they are quite popular.

When you are working with ADR’s you could come across many issues. The issues could be related to proxy settings, EULA issues, time out issues etc. For each error code that you see, there is a troubleshooting involved. Therefore investigating the log files will reveal the error codes and help you in further troubleshooting.

Looking at the patchdownloader log file revealed the following. In this case the error was seen during the deployment of endpoint protection definitions.

Contentsource = \\Site Server\Sources\Updates\EP_Definitions\AM_Delta_Patch_1.247.789.0
Content source = \\Site Server\Sources\Updates\EP_Definitions\WsusContent\9B\E8701A7BB
Downloading content for ContentID = 16809086, FileName = AM_Delta_Patch_1.247.789.0
Download\\Site Server\Sources\Updates\EP_Definitions\AM_Delta_Patch_1.247.789.0 to C:\Windows\TEMP\CAB4B19.tmp returns 2
Download \\Site Server\Sources\Updates\EP_Definitions\am_delta_patch_1.247.789.0_e8701a7bb144f9ec2d1c5193e2d6aa4ad3700c9b to C:\Windows\TEMP\CAB4B2A.tmp returns 2
Download\\Site Server\Sources\Updates\EP_Definitions\WsusContent\9B\E8701A7BB144F9EC2D1C5193E2D6AA4AD3700C9B to C:\Windows\TEMP\CAB4B2B.tmp returns 3
ERROR: DownloadContentFiles() failed with hr=0x80070003
SCCM Automatic deployment rule failed with error code 0X87D20417
SCCM Automatic deployment rule failed with error code 0X87D20417

SCCM Automatic deployment rule failed with error code 0X87D20417

To fix the SCCM Automatic deployment rule failed with error code 0X87D20417, try the below mentioned steps. If none of these worked and some thing else did, post it in comments.

  • Try recreating the automatic deployment rule again. Deleting the existing ADR and creating a new one works most of the times.
  • Automatic Deployment Rules don’t work when you use specific proxy authentication on a site server. There is a hotfix available for this issue. Note that the hotfix is applicable only if you have installed Microsoft System Center 2012 R2 Configuration Manager.
  • Error code=3 means the system cannot find the path specified. So ensure you have provided the correct path to download the updates.
  • Open the ruleengine.log in config mgr trace tool and look for errors. Purge all files in the windows temp folder c:\windows\temp. Run the failed ADR again. This solution has been working for many as per the comments.


  1. I had 0X87D20417 on some ADR after upgrading from 2006 to 2010. This is how I resolved it:
    1. Open the ruleengine.log in config mgr trace tool and look for errors.
    2. Purge all files in the windows temp folder c:\windows\temp
    3. Run the failed ADR again
    For me that meant no more errors on my ADRs

    1. Hey Tyrone

      Nice one! Purging the files in c:\windows\temp solved the issue for me!
      Thanks a lot for the tipp!

      Best regards

    2. Heaps of thanks Tyrone.

      Had the exact same issue here.
      Purged c:\windows\temp – and ran the ADR rule again
      Now back into action 😉

    3. I had the same Issue, thanks. Purging all files in the windows temp folder “c:\windows\temp” did the trick.

      1. Hi Guys,

        When you are all referring to purging temp files i am guessing you are doing this server side?

        Is there a process for doing this or are you simple just going in and deleting all contents from the temp folder?
        Ive tried to have a look online prior to commenting on here but cant seem to find any information. I would of thought there would be a function within SCCM to delete server based temp files but i cant find anything..

        Ive tried applying the hotfixes in hope this resolved the issue so i am currently upto date but i still seem to be getting error when the ADR is running. Ive recreated the ADR too but still no joy, unsure if this is since i havent purged the temp files at the same time….

        Any help would be greatly appreciated!!

    4. Good morning Tyrone,

      Deleting all files in the c:\windows\temp folder worked for me.


  2. I tried all of the above recommendations but to no avail. Luckily, through a research on the Internet which took time, I added SYSTEM account to both “Security” tab and also “PERMISSION” on “sharing” tab. Finally, it worked like a charm.

    1. Avatar photo Jeffrey Spink says:

      What folder did you add to? c:\windows\temp? I’m having similar issue with 1906. This month the ADR is not downloading O365 patches.

      1. Hi Jeffrey Spink,

        Did you found any solution for this issue, currently I’m facing the same issue with 1906. I have already tried deleting and creating the new ADR. Let me know.

        1. Avatar photo Stefan Kruger says:

          Hi Uday,
          I’ve got the exact same issue, did you make some headway with this yet? Let me know please…

  3. Hi Prajwal

    I did recreate the ADR, still facing same error, and in patch downloader log on SCCM server there are no errors, nor I see any new line, the last line updated in log is of Jan 2017.

    I have WSUS on a different server than primary site server, this is a recent change and another change is SQL has been upgraded to 2012 R2 from 2008.

    Can you please help with this issue.

    1. Did you ever resolve?

    2. Avatar photo Dominique Duchemin says:


      Did you find a resolution?
      Are you looking at the correct PatchDownloader.log file?
      I noticed as I have two PatchDownloader.log files one is in E:\SCCM\Logs and another one in E:\SMS_CCM\Logs which is the active one…


Comments are closed.