Update rollup for System Center Configuration Manager current branch, version 1902

Applies to: System Center Configuration Manager (current branch - version 1902)


This article describes issues that are fixed in this update rollup for Microsoft System Center Configuration Manager current branch, version 1902. This update applies to both customers who opted in through a PowerShell script to the first wave (early update ring) deployment and customers who installed the globally available release.

For more information about changes in Configuration Manager version 1902, see the following articles:

What’s new in version 1902 of Configuration Manager current branch

Summary of changes in System Center Configuration Manager current branch, version 1902

Issues that are fixed

  • The Download Package Content task sequence action fails and the OsdDownload.exe process terminates unexpectedly. When this occurs, the following exit code is recorded in the Smsts.log on the client:
  • Screenshots that are submitted through the Send a Smile or Send a Frown product feedback options cannot be deleted until the Configuration Manager console is closed.
  • Hardware inventory data that relies on the MSFT_PhysicalDisk class reports incomplete information on computers that have multiple drives. This is because the ObjectId property is not correctly defined as a key field.
  • Client installation fails on workgroup computers in an HTTPS-only environment. Communication with the management point fails, indicating that a client certificate is required even after one has been provisioned and imported.
  • A "success" return code of 0 is incorrectly reported as an error condition when you monitor deployment status in the Configuration Manager console.
  • When the option to show a dialog window is selected for app or update deployments that require a computer restart, that window is not displayed again if it is closed before the restart deadline. Instead, a temporary (toast) notification is displayed. This can cause unexpected computer restarts.
  • If it is previously selected, the “When software changes are required, show a dialog window to the user instead of a toast notification” check box is cleared after you make property changes to a required deployment.
  • Expired Enhanced HTTPS certificates that are used for distribution points are not updated automatically as expected. When this occurs, clients cannot retrieve content from the distribution points. This can cause increased network traffic or failure to download content. Errors that resemble the following are recorded in the Smsdpprov.log:

    The distribution points certificates are valid when you view them in the Security\Certificates node of the Configuration Manager console, but the SMS Issuing certificate will appear to be expired.

    Renewing the certificate from the console has no effect. After you apply this update, the SMS Issuing certificate and any distribution point certificates will automatically renew as required.

  • A management point may return an HTTP Error 500 in response to client user policy requests. This can occur if Active Directory User Discovery is not enabled. The instance of Dllhost.exe that hosts the Notification Server role on the management point may also continue to consume memory as more user policy requests arrive.
  • Content downloads from a cloud-based distribution point fail if the filename contains the percent sign (%) or other special characters. An error entry that resembles the following is recorded in the DataTransferService.log file on the client:

    The DataTransferService.log may also record error code 0x80190194 when it tries to download the source file. One or both errors may be present depending on the characters in the filename.

  • After you update to Configuration Manager current branch, version 1902, the Data Warehouse Synchronization Service (Data_Warehouse_Service_Point) records error status message ID 11202. An error entry that resembles the following is recorded in the Microsoft.ConfigMgrDataWarehouse.log file:
  • User collections may appear to be empty after you update to Configuration Manager current branch, version 1902. This can occur if the collection membership rules query user discovery data that contains Unicode characters, such as ä.
  • The Delete Aged Log Data maintenance task fails if it is run on a Central Administration Site (CAS). Errors that resemble the following are recorded in the Smsdbmon.log file on the server.
  • When you select the option to save PowerShell script output to a task sequence variable, the output is incorrectly appended instead of replaced.
  • The SMS Executive service on a site server may terminate unexpectedly after a change in operating system machine keys or after a site recovery to a different server. The Crash.log file on the server contains entries that resemblie the following.

    Note Multiple components may be listed, such as SMS_DISTRIBUTION_MANAGER, SMS_CERTIFICATE_MANAGER, or SMS_FAILOVERMANAGER. The following Crash.log entries are truncated for readability.
  • Old status messages may be overwritten by new messages after promoting a passive site server to active.
  • User targeted software installations do not start from Software Center after you update to Configuration Manager current branch, version 1902. The client displays an “Unable to make changes to your software” error message. Errors entries that resemble the following are recorded in the ServicePortalWebSitev3.log:

    This issue occurs if the PKI certificates that are used have a key length that is greater than 2,048 bits.

  • Audit status messages are not transmitted to the site server in an environment with a remote SMS provider.
  • The Management Insights rule “Enable the software updates product category for Windows 10, version 1809 and later” does not work as expected for Windows 10, version 1903.

Additional changes

  • Client computers that use IPv6 over UDP (Teredo tunneling) may generate excessive traffic to management points. This, in turn, can also increase load on the site database. 

    This traffic occurs because of the frequent network changes that are associated with the Teredo refresh interval. After you apply this update, this data is filtered by default and is no longer passed to the notification server on the management point. This filtering can be customized by creating the following registry string under HKEY_LOCAL_MACHINE\Software\Microsoft\CCM:

    Type: String
    Name: IPv6IFTypeFilterList
    Value: If the string is created without any data (blank), the pre-update behavior applies and no filtering occurs.

    The default behavior of filtering Teredo tunnel data (interface type IF_TYPE_TUNNEL, 131) is overwritten if new values are entered. Multiple values should be separated by semicolons.

    For more information, see the following Windows Dev Center article:


    Also, see the following RFC document:

    Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)
  • The Configuration Manager client now handles a return code of 0x800f081f (CBS_E_SOURCE_MISSING) from the Windows Update Agent as a retriable condition. The result will be the same as the retry for return code 0x8024200D (WU_E_UH_NEEDANOTHERDOWNLOAD).
  • SQL database performance is improved for operations that involve a configuration item (CI) that has associated file content by the addition of a new index on the CI_Files table.

Additional hotfixes contained in this rollup

KB 4500232: Management points do not reinstall in Configuration Manager

Update information for System Center Configuration Manager, version 1902

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using first wave (Fast Ring) or broadly available (Slow Ring) builds of version 1902.

Members of the Configuration Manager Technology Adoption Program (TAP) must first apply the private TAP rollup before this update is displayed.

To verify that a TAP build is in use, look for one of the following Package GUIDs by adding the Package GUID column to the details pane of the Updates and Servicing node in the console:

  • DD8881AF-61AA-4AA4-8F91-18E21C326E18
  • 44EBDBD5-AC9A-4067-A526-6869F396E604
  • 75A8F297-ABA3-44EB-9236-E5A1FCBB0C6E
  • B052CB0C-01BB-445E-A41C-DC1651E35ADC

Customers who are updating from a first wave deployment should see one of the following Package GUIDs:

  • 4588EAF0-7848-419E-9FAD-9E9A25763F38
  • EDD93252-AECD-4199-BA16-A39B8F89F133
  • 216C3489-839A-438A-815E-60C8F90DF667

Customers who deployed Configuration Manager current branch, version 1902, as a new baseline installation will not see any of these listed Package GUIDs. However, this update rollup will still be indicated to be applicable.

Restart information

You do not have to restart the computer after you apply this update.

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, click Administration, click Site Configuration, click Sites, click Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

If a value of 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.

If a value of 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.