Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Summary

Note: This update is now contained in the following update rollup. It is recommended to install the update rollup instead of this individual update.

KB 4560496Update Rollup for Microsoft Endpoint Configuration Manager version 2002

An update is available to administrators who opted in through a PowerShell script to the early update ring deployment for Microsoft Endpoint Configuration Manager current branch, version 2002. You can access the update in the Updates and Servicing node of the Configuration Manager console.

This update addresses important, late-breaking issues that were resolved after version 2002 became available globally. This article summarizes the most significant changes.

This update does not apply to sites that downloaded version 2002 on May 11, 2020, or a later date. Therefore, it will not be listed in the Configuration Manager console for those sites.

Issues that are fixed

  • A Central Administration Site (CAS) may be placed in maintenance mode if the site database contains BitLocker management data and one of the following scenarios is true.
    1. If the or data link between a primary site and CAS is unavailable, and data is backed up for 5 days.
    2. If the site goes through the data reinitialization (reinit) process.
    3. If the CAS is recovered.

  • Microsoft Advanced Threat Protection (ATP) policy deployment status shows as “Unknown” when deployed from the Microsoft Endpoint Management admin center.

  • The SMS Agent Host process (CCMExec.exe) may cause high CPU and memory utilization when the computer is not a member of an orchestration group. The MaintenanceCoordinator.log will show the entry “Orchestration lock is required.”.

  • The download of third-party updates for internet clients will fail if only a cloud distribution points is available unless the user triggers the installation via Software Center.

  • A computer restart initiated from Software Center on a client will fail if a Windows Servicing Stack Update (SSU) was installed with other updates.

  • If both a Servicing Stack Update (SSU) and Latest Cumulative Update (LCU) are deployed together and past due, the SSU is not installed first.

  • Clients in boundary groups with limited network speed or BITS throttling ignore the “Prefer cloud based sources over on-premise sources" setting.

  • The Desktop Analytics dashboard may show stale data up to 12 hours out of date if duplicate devices are in the environment.

  • Site installation fails when the database is installed on a clustered instance of SQL on a Windows Server 2012 R2 server.

  • Administrators cannot run CMPivot scripts without having default scope access.

  • The Azure_CloudService table has inconsistent data after onboarding, offboarding, then onboarding co-management.

  • A client only retries a failed management point connection one time until the client is restarted, leading to delays in policy retrieval.

  • Windows Feature Updates that installed successfully may still appear in Software Center as pending installation after the client computer restarts.

  • The link to the Microsoft Intune Device Explorer for a specific device in the Configuration Manager console does not load correctly.

  • A site administrator with rights to read Devices and Boundary Groups is unable to query the same data using the administration service.

  • Administrators receive an “Insufficient user permissions” error in the Microsoft Endpoint Manager admin center when their on-premises permissions are granted via Active Directory group membership.

  • The Workspace Key and Workspace ID fields are now optional in the Create Microsoft Defender ATP Policy Wizard.

  • Application content fails to download from a cloud distribution point when BranchCache is enabled and there are multiple files to be downloaded.

  • The “Prefer cloud based sources over on-premise sources” boundary group setting is not used for Microsoft Ofice 365 update content downloads.

  • The tenant attach process fails if the SMS Provider is installed remotely from the site database server.

  • After client upgrade the PolicyAgent.log may be flooded with duplicate log entries, overwriting information valuable to troubleshooting. The entries resemble the following.

Policy instance for 'SMS:Client:Default:{guid}' with unknown policy source 'SMS:Client:Default:{guid}'. Ignoring it.

  • The administration service is unavailable if the service connection point is installed remotely from the site server.

  • The Windows PowerShell Integrated Scripting Environment (ISE) generates a “Failed to refresh” error when loading the cmdlet library and refreshing the list of available cmdlets.

  • Upgrade of the Configuration Manager client fails on Windows 10 clients with error code 80070020 when using the “Auto upgrade” and “Auto upgrade(Pre-production collection)”.

  • Error handling for the administration service is improved.

  • Installation of dynamic packages via the Install Package task in a Task Sequence fails with error 0x87d02004. This occurs if the “Allow this program to be installed from the Install Package task sequence without being deployed” option is selected in the program for the package.

  • Desktop analytics deployment plans in large environments may not display correctly in the Configuration Manager console due to a SQL timeout.

  • If the site database and data warehouse database are on different computers, and the data warehouse service point is on a different computer from the data warehouse database, the synchronization process may fail. Errors resembling the following are recorded in the Microsoft.ConfigMgrDataWarehouse.log file.

Process encountered an unexpected error
A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted.)

Additional hotfixes contained in this update

KB 4561494: Microsoft Edge application creation fails in Configuration Manager

Update information for Microsoft Endpoint Configuration Manager, version 2002 early update ring

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using early update ring builds of version 2002 and that were downloaded between March 23, 2020 and May 11, 2020.

To verify which first wave build is installed, look for a package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. This update applies to first wave installations of version 2002 from packages that have the following GUIDs:

AA9975F2-160A-4910-A698-B7A4AF35D727
B39BBA45-E1F0-4233-971E-BB66EB25359D
382F6B53-9217-47CB-9852-7A53232EC80D
0808D0BA-B36F-4719-BD10-08585C1B8B3E
AA09154F-56FB-449D-8009-5BBB7C23CB4F
C427C4F5-6967-4B64-86BC-DEC9E0F201CC
06F89B19-5A8B-460E-A7F4-6CC0E86A1FC6

Restart information

You do not have to restart the computer after you apply this update.

Update replacement information

This update does not replace any previously released update.

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, click Administration, click Site Configuration, click Sites, click Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

If the value 1 is returned, the site is up-to-date, with all the hotfixes applied on its parent primary site.

If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

File information


 

File name

File version

File size

Date

Time

Platform

_uimanifest.xml

Not Applicabile

752

06-May-2020

00:00

Not Applicable

ac_extension_amd64manifest.xml

Not Applicabile

332

06-May-2020

00:00

Not Applicable

ac_extension_i386manifest.xml

Not Applicabile

331

06-May-2020

00:00

Not Applicable

adminconsole.msi

Not Applicabile

54181888

06-May-2020

00:00

Not Applicable

adminservice.config.dll

5.0.8968.1013

20344

06-May-2020

00:00

x86

adminservice.controllers.dll

5.0.8968.1015

69496

06-May-2020

00:00

x86

adminservice.dataaccess.dll

5.0.8968.1013

54864

06-May-2020

00:00

x86

adminservice.host.dll

5.0.8968.1010

158072

06-May-2020

00:00

x86

ccmiis.dll

5.00.8968.1010

1693560

06-May-2020

00:00

x64

ccmiis.dll

5.00.8968.1010

1510480

06-May-2020

00:00

x86

ccmsetup.cab

Not Applicabile

11292

06-May-2020

00:00

Not Applicable

ccmsetup.exe

5.00.8968.1014

4265848

06-May-2020

00:00

x86

ccmsetup.msi

Not Applicabile

6701056

06-May-2020

00:00

Not Applicable

ccmsetup-sup.cab

Not Applicabile

1121475

06-May-2020

00:00

Not Applicable

ccmutillib.dll

5.00.8968.1010

1378168

06-May-2020

00:00

x64

ccmutillib.dll

5.00.8968.1010

1111928

06-May-2020

00:00

x86

client.msi

Not Applicabile

47841280

06-May-2020

00:00

Not Applicable

client.msi

Not Applicabile

56213504

06-May-2020

00:00

Not Applicable

cm2002-kb4553501.update.sql

Not Applicabile

8531

06-May-2020

00:00

Not Applicable

cmgsconfiguration.xml

Not Applicabile

4444

06-May-2020

00:00

Not Applicable

cmpivot.msi

Not Applicabile

5013504

06-May-2020

00:00

Not Applicable

cmupdate.exe

5.00.8968.1022

25220488

06-May-2020

00:00

x64

configmgr.ac_extension.amd64.cab

Not Applicabile

12636037

06-May-2020

00:00

Not Applicable

configmgr.ac_extension.i386.cab

Not Applicabile

15918770

06-May-2020

00:00

Not Applicable

consolesetup.exe

5.00.8968.1010

1232464

06-May-2020

00:00

x86

contentauthmodule.dll

5.00.8968.1010

1744760

06-May-2020

00:00

x64

contentauthmodule.dll

5.00.8968.1010

1601104

06-May-2020

00:00

x86

createtsmediaadm.dll

5.00.8968.1010

6979448

06-May-2020

00:00

x64

createtsmediaadm.dll

5.00.8968.1010

5617232

06-May-2020

00:00

x86

dmp.msi

Not Applicabile

9388032

06-May-2020

00:00

Not Applicable

dwss.msi

Not Applicabile

13012992

06-May-2020

00:00

Not Applicable

extractcontent.exe

5.00.8968.1010

4980600

06-May-2020

00:00

x64

extractcontent.exe

5.00.8968.1010

4011384

06-May-2020

00:00

x86

mcs.msi

Not Applicabile

17420288

06-May-2020

00:00

Not Applicable

microsoft.configurationmanager.configmgrgatewayclient.dll

6.2005.66.1002

177528

06-May-2020

00:00

x64

microsoft.configurationmanager.objectlibrary.dll

5.0.8968.1013

123768

06-May-2020

00:00

x86

microsoft.configurationmanager.oms_onboard.dll

5.2002.1083.2000

41352

06-May-2020

00:00

x86

microsoft.configurationmanager.serviceconnector.dll

5.0.8968.1020

388984

06-May-2020

00:00

x86

mp.msi

Not Applicabile

24690688

06-May-2020

00:00

Not Applicable

osdbitlocker_wtg.exe

5.00.8968.1010

4331384

06-May-2020

00:00

x64

osdbitlocker_wtg.exe

5.00.8968.1010

3520376

06-May-2020

00:00

x86

osddrivercatalog.dll

5.00.8968.1010

1678416

06-May-2020

00:00

x64

osddrivercatalog.dll

5.00.8968.1010

1473104

06-May-2020

00:00

x86

osdimageproperties.dll

5.00.8968.1010

4163448

06-May-2020

00:00

x64

osdimageproperties.dll

5.00.8968.1010

3408976

06-May-2020

00:00

x86

osdsetuphook.exe

5.00.8968.1010

5176696

06-May-2020

00:00

x64

osdsetuphook.exe

5.00.8968.1010

4165200

06-May-2020

00:00

x86

policyspy.exe

5.00.8968.1010

1549416

06-May-2020

00:00

x86

prereqcore.dll

5.00.8968.1022

4516216

06-May-2020

00:00

x64

pulldp.msi

Not Applicabile

12935168

06-May-2020

00:00

Not Applicable

pulldp.msi

Not Applicabile

15933440

06-May-2020

00:00

Not Applicable

replicationconfiguration.xml

Not Applicabile

124155

06-May-2020

00:00

Not Applicable

sdkinst.exe

5.00.8968.1022

2902408

06-May-2020

00:00

x64

setupcore.dll

5.00.8968.1022

26601352

06-May-2020

00:00

x64

setupdl.exe

5.00.8968.1022

3467648

06-May-2020

00:00

x64

smp.msi

Not Applicabile

11608064

06-May-2020

00:00

Not Applicable

smsdpmon.exe

5.00.8968.1010

4139384

06-May-2020

00:00

x64

smsdpmon.exe

5.00.8968.1010

3323472

06-May-2020

00:00

x86

smsdpusage.exe

5.00.8968.1010

3779448

06-May-2020

00:00

x64

smsdpusage.exe

5.00.8968.1010

3011656

06-May-2020

00:00

x86

smsswd.exe

5.00.8968.1011

330616

06-May-2020

00:00

x64

smsswd.exe

5.00.8968.1011

259960

06-May-2020

00:00

x86

smstsvc.exe

5.00.8968.1022

3986312

06-May-2020

00:00

x64

tsbootshell.exe

5.00.8968.1010

5495672

06-May-2020

00:00

x64

tsbootshell.exe

5.00.8968.1010

4436072

06-May-2020

00:00

x86

tsprogressui.exe

5.00.8968.1010

4061776

06-May-2020

00:00

x64

tsprogressui.exe

5.00.8968.1010

3315272

06-May-2020

00:00

x86

 

References

Updates and servicing for Configuration Manager

Learn about the terminology Microsoft uses to describe software updates.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×