Update Rollup 2 for System Center Configuration Manager current branch, version 1810

Applies to: System Center Configuration Manager (current branch - version 1810)


This article describes issues that are fixed in Update Rollup 2 for Microsoft System Center Configuration Manager current branch, version 1810. This update applies to customers who opted in through a PowerShell script to the first wave (early update ring) deployment, and also to customers who installed the globally available release.

For more information about changes in Configuration Manager version 1810, see:

Issues that are fixed

  • Client computers incorrectly report as being on an intranet when they receive a 404-redirect request from an internet-facing network.
  • The PXE responder does not use the value set in the registry under HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\DP\RamDiskTFTPBlockSize for boot files in an operating system image.
  • The "Send a smile" and "Send a frown" feedback options are updated to support TLS 1.2.
  • After you use the "Send a smile" or "Send a frown" feedback options to include a screenshot from the Configuration Manager console, the resulting .PNG file cannot be deleted until the console is closed.
  • Feedback that was submitted through the UploadOfflineFeedback.exe tool does not include screenshots as expected.
  • The OSDDoNotLogCommand task sequence variable does not affect the Command Line value printed in the smsts.log file.
  • After promoting a passive site server, the default boot image refers to package source on the previously active site server. This can cause boot image packages to fail if the previously active server is no longer available.
  • Windows Server 2019 updates are not shown in the wizard when scheduling updates for offline servicing of an operating system image.
  • Notification messages displayed on a client computer by Restart Client feature (reboot coordinator) may show the incorrect local date/ time format.
  • Pull-distribution points may fail to download package data, with errors resembling the following recorded in the PullDP.log file:

  • This may occur because of intermittent network failures between the pull-distribution point and the management point.
  • After selecting Devices from the Assets and Compliance section of the Configuration Manager console, the view shows the Endpoint Protection tab instead of the home tab.
  • A semicolon that is used to separate multiple email messages from the Approve application via email properties window is overwritten with a comma. This can prevent email messages from being sent to multiple recipients as expected.
  • When you deploy an operating system image, the Configure network settings button is unavailable after you click the Back button following a task sequence error.
  • The Software 06A - Search for installed software and Software 06B - Software by product name reports do not return data as expected after you update to Configuration Manager current branch, version 1810.
  • The keyboard shortcuts for product feedback may not function as expected in German or other non-English input locales.
  • Administrators cannot delete Windows Defender Exploit Guard policies after enabling them for client computers. An error entry that resembles the following is recorded in the ExploitGuardHandler.log file.

  • Operating system deployments may fail or take longer than expected when trying to download content from a distribution point in an environment using HTTPS and a PKI infrastructure. Error entries that resemble the following are recorded in the smsts.log file.

    Note These entries are truncated for readability.

  • Clients that are configured for internet-based client management may fail to run software distribution packages from a distribution point in a fast network boundary.
  • Application content downloads that occur during deployment of a new operating system image installation fail to use the Windows PE Peer Cache as expected. This occurs even when the SMSTSPeerDownload and SMSTSPeerRequestPort task sequence variables are configured. Error entires that resemble the following are recorded in the DataTransferService.log file:

  • The Message Processing Engine (MPE) that is used by the Run Scripts and CMPivot features cannot process Active Directory User data if there is an ampersand (&) in the OU path. Error entries tha resemble the following are recorded in the SMS_Message_Processing_Engine.log:

  • Clients fail to download task sequence content from other peer-cache enabled computers. This casues content to be transferred from distribution points instead.
  • After updating to Configuration Manager current branch, version 1810, the All Package and Program deployments to a specified computer report does not correctly display information for a specific program when selected.
  • The client authentication certificate is not updated in Azure Storage when a cloud management gateway distribution point is installed CMG-DP is installed in a Central Administration Site (CAS) environment.
  • Clients do not automatically wake using the wake on LAN feature when deadlines for mandatory software distribution, software update, or task sequence deployments are reached.
  • After updating to Configuration Manager current branch, version 1810, the SMS Agent Host service (ccmexec.exe) may consume 100 percent of the CPU. Error sequences that resemble the following are repeated in the M365AHandler.log file:

  • The Delete duplicate system discovery database maintenance task fails and returns error entries that resemble the following in the Smsdbmon.log file:

  • The SMS State System component may return error status messages that resemble the following:

  • The SMS Executive service (smsexec.exe) may terminate unexpectedly after Active Directory User Discovery runs if the site processes data that has an ampersand (&) in the name.

    Note This crash is inconsistent and may not coincide with every run of Active Directory User Discovery.

Additional hotfixes contained in this rollup

KB 4490575: Update installations stop responding or never show completion in Configuration Manager, version 1810

KB 4490434: Duplicate user discovery columns are created in Configuration Manager

KB 4487960: Microsoft Intune connector certificate does not renew in Configuration Manager

Update information for System Center Configuration Manager

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using first wave (Fast Ring) or broadly available (Slow Ring) builds of version 1810.

Members of the Configuration Manager Technology Adoption Program (TAP) must first apply the private TAP rollup before this update will displayed.

To verify whether a TAP build is in use, look for a Package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. The update applies to installations of version 1810 from packages that have the following GUIDs:

  • 699975FE-B5BA-43EB-8BE9-E2399F2F309A
  • 85475BAD-8669-4D36-8D64-C625BFE7DEDB
  • ACF6EECC-1C94-44E3-887E-D3349775816D
  • C8799F92-DC23-42A0-96FA-1862414C3967

Restart information

You do not have to restart the computer after you apply this update.

Update replacement information

This update replaces KB 4486457: Update rollup for System Center Configuration Manager current branch, version 1810

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, click Administration, click Site Configuration, click Sites, click Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.

If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.