Summary

Release version 2006 of Microsoft Endpoint Configuration Manager current branch contains fixes and feature improvements.

The "Issues that are fixed" list is not inclusive of all changes. Instead, it highlights the changes that the product development team believes are the most relevant to the broad customer base for Configuration Manager. Many of these changes were made in response to customer feedback about product issues and product improvement.

Notes

Issues that are fixed

Tenant attach and cloud services

  • The CMG connection analyzer tool fails when testing the CMG channel for a management point that uses a replica database. Errors resembling the following are recorded in the CCM_STS.log

    Return code: 500, Description: Failed to get info from DB, System.Data.SqlClient.SqlException (0x80131904): Invalid object name 'fn_GetUserResourceMapping'.

  • Policy status information fails to update for devices onboarded to Microsoft Defender Advanced Threat Protection (ATP). This only affects customers updating to Configuration Manager version 2006 from the early update release of version 2002 that did not apply KB 4553501 before updating to 2006.

  • Tenant-attach Endpoint Security policies, such as those for Microsoft Defender Advanced Threat Protection (ATP), are now enforced outside maintenance windows.

Operating System Deployment and Task Sequences

  • Content downloaded to the client for a program to run from a task sequence is not used when the option "Install software packages according to dynamic variable list" is selected. This leads to content downloading twice on the client; once to the client cache and again from the distribution point.

  • The Install Application and Install Software Updates task sequence steps fail when clients are installed using the PROVISIONTS parameter. This occurs when the task sequence runs after the initial client installation process in environments where the management point is configured to use HTTPS. Errors resembling the following sequence are recorded in the DataTransferService.log

    DTS::AddTransportSecurityOptionsToBITSJob - Failed to attach certificate context to DTS job '{C429F9F4-4C28-458F-AF21-C5CCB5B14780}', error 0x80070002. smsts.log Policy Evaluation failed, hr=0x87d00267 ... Install application action failed: '{application name}'. Error Code 0x87d00267

  • After a computer reboot, variables updated in a parent or child task sequence do not show updated in child task sequence.

PowerShell

  • The New-CMApplicationDeployment PowerShell cmdlet does not allow you to set a deadline for available deployments with the supersedence option.

  • The SMSTSPreserveContent task sequence variable does not maintain package version information. This results in content re-downloading after task sequence package versions change.

Client

  • Configuration Manager clients installed while using a metered internet connection are unable to register. Errors resembling the following are recorded in the ClientIDManagerStartup.log file.

    Request to http://MP/ccm_system/request cannot be fulfilled since use of metered network is not allowed. Post to http://MP/ccm_system/request failed with 0x87d00231. RegTask: Failed to send registration request message. Error: 0x87d00231

  • When a domain-joined client is connected to the corporate network via the internet, Software Center does not display applications deployed to users. Errors resembling the following are recorded in the SCClient.

    Exception caught - System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'NTLM,Negotiate'. 

  • Clients are unable to download third party updates from a cloud management gateway or cloud-based distribution point if the fully qualified domain name of Windows Server Updates Services (WSUS) ends with ".net".

Site Systems

  • The Distribution Manager component of the SMS Executive service (smsexec.exe) can hang when trying to communicate with an unresponsive distribution point. This leads to delays in processing of packages and notification files, resulting in an overall slowdown in content distribution.

  • The Discovery Data Manager component does not correctly process domain information from discovery data record (DDR) files. After a discovery cycle, the client domain data is null. A message resmbling the following is recorded in the ddm.log file if verbose logging is enabled.

    Ddr: Ignored property "Domain" (class "CCM_ComputerSystem")

  • Distribution Point Configuration Status may erroneously show the warning message "Failed to retrieve the package list on the distribution point"; the warning is not consistently cleared after updated status messages are processed. The last status message time in the message details may also be out of date.

  • Enabling the Track remediation history when supported checkbox for a configuration item results in the Always apply this baseline for co-managed clients setting being ignored.

  • Updating a passive site server to a new version of Configuration Manager results in the SMS Provider reinstalling if it was previously removed or not installed.

Hotfixes that are included in this update

  • KB 4560496: Update Rollup for Microsoft Endpoint Configuration Manager version 2002

  • KB 4575339: Devices appear twice in Microsoft Endpoint Configuration Manager admin center

  • KB 4575774: New-CMTSStepPrestartCheck cmdlet fails in Configuration Manager, version 2002

  • KB 4576782: Application blade times out in Microsoft Endpoint Manager admin center

Dependency changes

The following dependent components that are included with Configuration Manager version 2006 are updated to the specified versions:

  • Microsoft.ApplicationInsights to version 2.14.0

  • System.Diagnostics.DiagnosticSource to version 4.7.0

  • Newtonsoft.Json to version 6.0.8

References

Updating and servicing for Configuration Manager

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.