How to update to SCCM 1906

How to update to SCCM 1906

Step by Step guide on how to update to SCCM 1906​

SCCM 1906 upgrade

Hi all, Microsoft has just recently released their latest iteration to SCCM, version 1906. With this update of SCCM comes quite a few welcome features and to find out more go to this link on the Microsoft site.

But you are here to see how easy it is to upgrade your SCCM to the current branche 1906.

So let’s get started on the upgrade process for SCCM 1906.


  1. As always when performing any upgrades, make sure that you have a good known valid backup or snapshot of the servers you are targeting. Once you have confirmed you have both or either of these in place, open your SCCM console with your SCCM administration account.
    SCCM Console Main Window


  2. Now click on Administration then highlight Updates and Servicing.
    SCCM Administration Pane


     

  3. Now in the main Window you should hopefully see the SCCM 1906 update is Ready to Install. If not, click on Check for Updates and allow for sometime for SCCM to download the latest branch update from the Microsoft site. Remember to refresh your window as it wont show up automatically.SCCM 1906 download ready

  4. As you can see from the prior picture, our environment has the SCCM 1906 update all ready to install and that our previous SCCM 1902 updates had been installed. First thing we need to do is to Run prerequisite check. Highlight the Configuration Manager 1906 update, right click and choose Run prerequisite check.SCCM 1906 Run Prerequisite Check

  5. This check will take a little time, you can see the status of the check by refreshing the window.
    SCCM 1906 checking prerequisites
    You can also select Monitoring in the SCCM console Window, navigate to Updates and Servicing, highlight the Configuration Manager 1906 update, right click that and choose show status for a more detailed display of the status of the prerequisite check of SCCM 1906.
    (now this may take sometime to allow the 1906 upgrade to confirm that your SCCM environment is ready for the install, so always be patient)
    SCCM 1906 checking prerequisites detailed


  6. OK, hopefully your SCCM environment passed all the checks to confirm it is ready for the SCCM 1906 installation. Now go back to the Administration and you should see that the Prerequisite Check Passed for the Configuration Manager 1906 update as below.
    SCCM 1906 checking prerequisites passed


  7. Now to the gritty stuff, we are ready to start the upgrade process for SCCM 1906. Again, highlight the Configuration Manager 1906 update, right click and choose Install Update Pack.SCCM 1906 install update pack

     

  8. You are now presented with the Configuration Manager Updates Wizard. Click on Next when you are ready to start the installation, this will take around 30 – 45 minutes to complete so make sure you have a big enough change window for the update process.SCCM 1906 Configuration Manager Updates Wizard

  9. On the second windows of the SCCM updates wizard, carefully choose any options / features  that you require and then click on Next.SCCM 1906 Configuration Manager Updates Wizard Options

     

  10. Client Update Settings window allows you to choose if you would like to validate the client update on members of a Pre-Production collection so that you can test there are no issues with the update. As this is one of SmiKar’s software test environments, I am going to just Upgrade without Validating. When you are ready to proceed click on Next.SCCM 1906 Configuration Manager Updates Wizard Client Updates

     

  11. We are almost ready to start the installation and upgrade to SCCM 1906. On the License Terms window, you can read the License Terms if you wish to do so, click on Next when you are ready for the next step.
    SCCM 1906 Configuration Manager Updates Wizard License Acceptance


  12. Now the last step before the upgrade process starts off. On the Configuration Manager Updates Wizard Summary Window, check the settings and details you want have been selected and then finally click on Next. This will start the upgrade to SCCM 1906 so make sure you want to do this.SCCM 1906 Configuration Manager Updates Wizard Summary

     

  13. The last window you can now close and the SCCM 1906 update will complete in the background.SCCM 1906 Configuration Manager Updates Wizard Completed

  14. Now what if you dont want to refresh the SCCM console window and wish to see more details about what is happening with the update to SCCM 1906. Well you can easily get a more detailed view of the upgrade process by going to the local C Drive of your SCCM server and opening the ConfigMgrSetup.log file. If you have Trace32 installed to read your log files, it will display this in a nice and easy to read fashion.SCCM 1906 ConfigMgrSetup Log

  15. Alternatively to see the update, in your SCCM Console go to Monitoring then Updates and Servicing Status, highlight the Configuration Manage 1906 update, right click and choose Show Status. In the Update Pack Installation Status window, highlight Installation and you can also see the what the SCCM 1906 update is doing.SCCM 1906 Update Status Window

  16. Hopefully after some time (it took around 30 minutes to complete the upgrade to SCCM 1906 in our test environment), everything should have installed and updated your SCCM to the latest branche. You may get a warning that your Configuration Manager console needs to be updated as well.SCCM 1906 Console Update

  17. Close the console then reopen to update. (the SCCM 1906 update took a few minutes to complete in the lab)SCCM 1906 Console Update

  18. Finally after quite a few easy steps, we can confirm that the SCCM environment successfully installed to the current branche, SCCM 1906.SCCM 1906 install successSCCM 1906 Installed

Now that you have updated your SCCM to version 1906, perhaps you use SCCM to patch your virtual server environment. While you are here, check out SnaPatch and see how it allows you to have an easy roll back position should any issues with your patch deployment occurs.

How to update SCCM 1902 Hotfix Rollup KB4500571

How to update SCCM 1902 Hotfix Rollup KB4500571

How to update SCCM 1902 Hotfix Rollup KB4500571

 

SCCM Hotfix rollup KB4500571

SCCM Hotfix rollup KB4500571 bug fix overview

Microsoft has released yet another update for SCCM, hotfix rollup KB4500571.

First off, we will cover the update fixes issues with SCCM including; (how to update your SCCM environment to Hotfix rollup KB4500571 is further down the page)

  • The Download Package Content task sequence action fails and the OsdDownload.exe process terminates unexpectedly. When this occurs, the following exit code is recorded in the Smsts.log on the client:
    Process completed with exit code 3221225477
  • Screenshots that are submitted through the Send a Smile or Send a Frown product feedback options cannot be deleted until the Configuration Manager console is closed.
  • Hardware inventory data that relies on the MSFT_PhysicalDisk class reports incomplete information on computers that have multiple drives. This is because the ObjectId property is not correctly defined as a key field.
  • Client installation fails on workgroup computers in an HTTPS-only environment. Communication with the management point fails, indicating that a client certificate is required even after one has been provisioned and imported.
  • A “success” return code of 0 is incorrectly reported as an error condition when you monitor deployment status in the Configuration Manager console.
  • When the option to show a dialog window is selected for app deployments that require a computer restart, that window is not displayed again if it is closed before the restart deadline. Instead, a temporary (toast) notification is displayed. This can cause unexpected computer restarts.
  • If it is previously selected, the “When software changes are required, show a dialog window to the user instead of a toast notification” check box is cleared after you make property changes to a required application deployment.
  • Expired Enhanced HTTPS certificates that are used for distribution points are not updated automatically as expected. When this occurs, clients cannot retrieve content from the distribution points. This can cause increased network traffic or failure to download content. Errors that resemble the following are recorded in the Smsdpprov.log:
    Begin to select client certificateUsing certificate selection criteria ‘CertHashCode:’.
    There are no certificate(s) that meet the criteria.
    Failed in GetCertificate(…): 0x87d00281
    Failed to find certificate ” from store ‘MY’. Error 0x87d00281
    UpdateIISBinding failed with error – 0x87d00281

    The distribution points certificates are valid when you view them in the SecurityCertificates node of the Configuration Manager console, but the SMS Issuing certificate will appear to be expired.
    Renewing the certificate from the console has no effect. After you apply this update, the SMS Issuing certificate and any distribution point certificates will automatically renew as required.

  • A management point may return an HTTP Error 500 in response to client user policy requests. This can occur if Active Directory User Discovery is not enabled. The instance of Dllhost.exe that hosts the Notification Server role on the management point may also continue to consume memory as more user policy requests arrive.
  • Content downloads from a cloud-based distribution point fail if the filename contains the percent sign (%) or other special characters. An error entry that resembles the following is recorded in the DataTransferService.log file on the client:AddUntransferredFilesToBITS : PathFileExists returned unexpected error 0x8007007b
    The DataTransferService.log may also record error code 0x80190194 when it tries to download the source file. One or both errors may be present depending on the characters in the filename.
  • After you update to Configuration Manager current branch, version 1902, the Data Warehouse Synchronization Service (Data_Warehouse_Service_Point) records error status message ID 11202. An error entry that resembles the following is recorded in the Microsoft.ConfigMgrDataWarehouse.log file:
    View or function ‘v_UpdateCIs’ has more column names specified than columns defined.
    Could not use view or function ‘vSMS_Update_ComplianceStatus’ because of binding errors.
  • User collections may appear to be empty after you update to Configuration Manager current branch, version 1902. This can occur if the collection membership rules query user discovery data that contains Unicode characters, such as ä.
  • The Delete Aged Log Data maintenance task fails if it is run on a Central Administration Site (CAS). Errors that resemble the following are recorded in the Smsdbmon.log file on the server.
    TOP is not allowed in an UPDATE or DELETE statement against a partitioned view. : spDeleteAgedLogData
    An error occurred while aging out DRS log data.
  • When you select the option to save PowerShell script output to a task sequence variable, the output is incorrectly appended instead of replaced.
  • The SMS Executive service on a site server may terminate unexpectedly after a change in operating system machine keys or after a site recovery to a different server. The Crash.log file on the server contains entries that resemblie the following.
    Note Multiple components may be listed, such as SMS_DISTRIBUTION_MANAGER, SMS_CERTIFICATE_MANAGER, or SMS_FAILOVERMANAGER. The following Crash.log entries are truncated for readability.
    EXCEPTION INFORMATION
    Service name = SMS_EXECUTIVE
    Thread name = SMS_FAILOVER_MANAGER
    Exception = c00000fd (EXCEPTION_STACK_OVERFLOW)Description = “The thread used up its stack.”
  • Old status messages may be overwritten by new messages after promoting a passive site server to active.
  • User targeted software installations do not start from Software Center after you update to Configuration Manager current branch, version 1902. The client displays an “Unable to make changes to your software” error message. Errors entries that resemble the following are recorded in the ServicePortalWebSitev3.log::GetDeviceIdentity – Could not convert 1.0,GUID:{guid} to device identity because the deviceId string is either null or larger than the allowed max size of input
    :System.ArgumentException: DeviceId
    at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.PortalContextUtilities.GetDeviceIdentity(String deviceId)
    at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.Connection.ServiceProxy.InstallApplication(UserContext user, String deviceId, String applicationId)
    at Microsoft.ConfigurationManager.SoftwareCatalog.Website.ApplicationViewService.InstallApplication(String applicationID, String deviceID, String reserved)

    This issue occurs if the PKI certificates that are used have a key length that is greater than 2,048 bits.

  • Audit status messages are not transmitted to the site server in an environment with a remote SMS provider.
  • The Management Insights rule “Enable the software updates product category for Windows 10, version 1809 and later” does not work as expected for Windows 10, version 1903.

SCCM Hotfix rollup KB4500571 additional changes

Further improvements and additional functional changes to SCCM included in the KB4500571 hotfix are;

  • Manager and the Microsoft Desktop Analytics service.
  • Multiple improvements are made to support devices that are managed by using both Configuration Manager and a thirty-party MDM service.
  • Client computers that use IPv6 over UDP (Teredo tunneling) may generate excessive traffic to management points. This, in turn, can also increase load on the site database.
    This traffic occurs because of the frequent network changes that are associated with the Teredo refresh interval. After you apply this update, this data is filtered by default and is no longer passed to the notification server on the management point. This filtering can be customized by creating the following registry string under HKEY_LOCAL_MACHINESoftwareMicrosoftCCM:
    Type: String
    Name: IPv6IFTypeFilterList
    Value: If the string is created without any data (blank), the pre-update behavior applies and no filtering occurs.
    The default behavior of filtering Teredo tunnel data (interface type IF_TYPE_TUNNEL, 131) is overwritten if new values are entered. Multiple values should be separated by semicolons.
  • The Configuration Manager client now handles a return code of 0x800f081f (CBS_E_SOURCE_MISSING) from the Windows Update Agent as a retriable condition. The result will be the same as the retry for return code 0x8024200D (WU_E_UH_NEEDANOTHERDOWNLOAD).
  • The SMSTSRebootDelayNext task sequence variable is now available. For more information, see the “Improvements to OS deployment” section of Features in Configuration Manager technical preview version 1904.
  • SQL database performance is improved for operations that involve a configuration item (CI) that has associated file content by the addition of a new index on the CI_Files table.

How to update your SCCM to Hotfix rollup KB4500571

Now we get to the nitty gritty of the update process for KB4500571.

  1. Open your SCCM Console, and navigate to Administration, then highlight Updates and Servicing.
    KB4500571 Administration
  2. Now with Updates and Servicing highlighted in main window you should hopefully see the KB4500571 update has downloaded and is ready to install.
    (If you cant see it downloaded, right click on Updates and Servicing and choose Check for Updates.)
    KB4500571 Downloaded
  3. Firstly we need to run the prerequisite check for SCCM KB4500571 to ensure your environment is ready for the update.
    Right Click the downloaded update and choose Run Prerequisite Check.
    KB4500571 PrerequisiteCheck
  4. The prerequisite check will take around 10 minutes or so to complete the check.
    You can use the ConfigMgrPrereq.log located in the root of the SCCM server’s C Drive to see the status and it’s completion.
    SCCM KB4500571 Prerequisite Check
  5. Now on to the fun bit, let’s start the installation of SCCM KB4500571. Again right click the update in the main window and choose Install Update Pack.
    SCCM KB4500571 Install Update Pack
  6. The first window of the Configuration Manager Updates Wizard pops up. Choose Next to continue the installation
    SCCM KB4500571 Updates Wizard
  7. The Client Updates Settings window lets you choose whether you want to validate the update against a pre-production collection. We wont bother with that here as this is our test environment. Choose Next to continue when ready to do so.SCCM KB4500571 Client Update Settings
  8. Accept the License Terms – only if you are happy with them 🙂 – and click Next.
    SCCM KB4500571 License Terms
  9. Now the Summary tab of the Configuration Manager Updates Wizard details the installation settings you have chosen. If you are happy to proceed with the installation click Next.
    This did take some time in the SmiKar SCCM lab environment, so best go make yourself a cup of coffee and come back. 🙂
    SCCM KB4500571 Install Confirmation
  10. Hopefully all went well with your upgrade to SCCM KB4500571 and you are presented with a screen similar to this.
    SCCM KB4500571 Completed
  11. If you had any issues or want to view the status (rather than look in the logs) go to Monitoring, then high Updates and Servicing Status. Highlight and Right Click the update and choose Show Status.
    SCCM KB4500571 Updates and Servicing Status
MICROSOFT’S March 2017 PATCH RELEASES

MICROSOFT’S March 2017 PATCH RELEASES

MICROSOFT’S March 2017 PATCH RELEASES

Well after an absence last month of the usual Microsoft Patch Tuesday releases, Microsoft have bundled more in to this months release, with 18 Windows Updates for the month of March 2017.

March 2017 Patch Tuesday

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS17-006 – Critical

Cumulative Security Update for Internet Explorer (4013073)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS17-007 – Critical

Cumulative Security Update for Microsoft Edge (4013071)
This security update resolves vulnerabilities in Microsoft Edge. These vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited these vulnerabilities could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS17-008 – Critical

Security Update for Windows Hyper-V (4013082)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an authenticated attacker on a guest operating system runs a specially crafted application that causes the Hyper-V host operating system to execute arbitrary code. Customers who have not enabled the Hyper-V role are not affected.

MS17-009 – Critical

Security Update for Microsoft Windows PDF Library (4010319)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views specially crafted PDF content online or opens a specially crafted PDF document.

MS17-010 – Critical

Security Update for Microsoft Windows SMB Server (4013389)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

MS17-011 – Critical

Security Update for Microsoft Uniscribe (4013076)
This security update resolves vulnerabilities in Windows Uniscribe. The most severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS17-012 – Critical

Security Update for Microsoft Windows (4013078)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if an attacker runs a specially crafted application that connects to an iSNS Server and then issues malicious requests to the server.

MS17-013 – Critical

Security Update for Microsoft Graphics Component (4013075)
This security update resolves vulnerabilities in Microsoft Windows, Microsoft Office, Skype for Business, Microsoft Lync, and Microsoft Silverlight. The most severe of these vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS17-014 – Important

Security Update for Microsoft Office (4013241)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS17-015 – Important

Security Update for Microsoft Exchange Server (4013242)
This security update resolves a vulnerability in Microsoft Exchange Outlook Web Access (OWA). The vulnerability could allow remote code execution in Exchange Server if an attacker sends an email with a specially crafted attachment to a vulnerable Exchange server.

MS17-016 – Important

Security Update for Windows IIS (4013074)
This security update resolves a vulnerability in Microsoft Internet Information Services (IIS). The vulnerability could allow elevation of privilege if a user clicks a specially crafted URL which is hosted by an affected Microsoft IIS server. An attacker who successfully exploited this vulnerability could potentially execute scripts in the user’s browser to obtain information from web sessions.

MS17-017 – Important

Security Update for Windows Kernel (4013081)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker runs a specially crafted application.

MS17-018 – Important

Security Update for Windows Kernel-Mode Drivers (4013083)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS17-019 – Important

Security Update for Active Directory Federation Services (4010320)
This security update resolves a vulnerability in Active Directory Federation Services (ADFS). The vulnerability could allow information disclosure if an attacker sends a specially crafted request to an ADFS server, allowing the attacker to read sensitive information about the target system.

MS17-020 – Important

Security Update for Windows DVD Maker (3208223)
This security update resolves an information disclosure vulnerability in Windows DVD Maker. The vulnerability could allow an attacker to obtain information to further compromise a target system.

MS17-021 – Important

Security Update for Windows DirectShow (4010318)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow an information disclosure if Windows DirectShow opens specially crafted media content that is hosted on a malicious website. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.

MS17-022 – Important

Security Update for Microsoft XML Core Services (4010321)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases an attacker would have no way to force a user to click a specially crafted link. An attacker would have to convince a user to click the link, typically by way of an enticement in an email or Instant Messenger message.

MS17-023 – Important

Security Update for Adobe Flash Player (4014329)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.


Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Cloner – Quickly and easily clone your Azure VMs, you can even migrate your VMs between ARM and ASM.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

SCCM update 1610 Hotfix KB4010155

SCCM update 1610 Hotfix KB4010155

SCCM update 1610 Hotfix KB4010155

If you are using Microsoft’s System Center Configuration Manager (SCCM), you may have experienced known bugs and issues. Fortunately, Microsoft released a hotfix on February 16, 2017, to fix them. In this article, we will discuss the hotfix, its features, and how it addresses some of SCCM’s known issues.

Fixing Known Bugs and Issues The following are some of the known bugs and issues that are fixed by this update rollup:

SCCM update 1610 Hotfix KB4010155

An update has been released for Microsoft’s System Centre Configuration Manager on the 16 of February 2017.

This update rollup for SCCM is to fix the following known bugs and issues;

Component Bug/Issue
Client
Internet-only clients can’t connect to management points or distribution points when proxy auto-configuration is used, and they change networks without restarting.
Client
The Content Transfer Manager component of the Configuration Manager client repeatedly checks for content after the client roams to a location without available distribution points.
Microsoft Intune and Mobile Device Management
Communication between a Configuration Manager site server and the Microsoft Intune service may fail randomly.
Microsoft Intune and Mobile Device Management
After integrating Lookout mobile threat protection with Microsoft Intune, Windows devices are incorrectly displayed in the Device Threat Protection Compliance Status (iOS/Android) charts in the Administrator Console.
Site systems
The Microsoft.Management.Services.ClientManagementService.Host.exe process doesn’t start if the Process ID (PID) assigned by Windows is greater than 32,767.
Site systems
After you upgrade to Configuration Manager current branch, version 1610, the cloud management gateway connection point doesn’t start.
Site systems
When you configure the SQL Server Service Broker for a database replica server, execution of the sp_BgbConfigSSBForRemoteService stored procedure fails.
Site systems
Installing the Service Connection Point on a computer that’s not a site server triggers CPU usage of 100%.
Operating system deployment
Deployment of the Windows 10 Anniversary Update (1607) to Windows 10 clients triggers a “0x80091007 (Hash value is not correct)” error.
Software distribution and content management
The transfer of package contents between sites over slow network connections fails intermittently.
Software distribution and content management
Every time content is sent to a distribution point, site control data is updated unnecessarily.
Administrator console
After you add a new boundary to the Default-Site-Boundary-Group, that group is no longer listed on the Boundary Groups tab of the boundary properties.
Administrator console
Individual threat details are not displayed as expected on the Device Threat Protection Details tab of the Devices screen in the Administrator console.
Administrator console
The UpdatesDeployment.log file contains errors that resemble the following: Failed to get SDM CI for update (Site_{guid} SUM_{guid}) from type store, error = 0x80070002 Failed to GetSupersededUpdatesFromDigest for the update
Administrator console
After you upgrade to Configuration Manager current branch, version 1610, resolving conflicting records fails for non-mobile device clients.
Software updates
When an Alternate Content Provider encounters an error or retry condition while downloading an Office 365 job, the client does not fall back to the default download system as expected.
Software updates
After you start installation of Office updates from Software Center, users do not receive a notification message to exit all open Office 365 applications.
Software updates
The Allow clients to use Microsoft Update as a fallback source option doesn’t work as expected when you use it in a software update deployment or automatic deployment rule (ADR).

How to install KB4010155 update rollup for SCCM 1610

 Now that you have learnt about what are the fixes for this update rollup, now lets look at how to install this next. It is quite a simple process and should take you no longer than 30 minutes.


Step 1 – Open your SCCM console.

Open your SCCM console and navigate to Administration, then expand Cloud Services and finally highlight Updates and Servicing. Your SCCM should have downloaded the update and have it ready to deploy to your SCCM infrastructure.

KB4010155 SCCM step 1


Step 2 – Run Prerequisite Check

Highlight the Configuration Manager 1610 Hotfix (KB4010155), then right click and choose Run Prerequisite Check. 

KB4010155 SCCM step 2

The prerequisite check should take no longer than five minutes as sn the background, SCCM will run and verify that you are able to install this hotfix.

KB4010155 SCCM step 3

Refresh your console until you see that the Prerequisite check passed notification.

KB4010155 SCCM step 4


Step 3 – Install Update Pack (KB4010155)

Hopefully the KB4010155 update pack is compatible with your SCCM environment and you are now ready for the installation. Again, highlight the update pack, right click and choose Install Update Pack.

KB4010155 SCCM step 2

Now the Configuration Manager Updates Wizard starts up. Click Next to proceed.

KB4010155 SCCM step 5

On the Client Updates Options window, you have the option to Upgrade without Validating or to Validate in pre-production collection. In this example, Im choosing to go ahead and update without validation. Click Next when ready to proceed.

KB4010155 SCCM step 6

The next window is the License Agreement window. You have to check the checkbox to accept the license terms and privacy statement before you can continue to install. Once you have done so, click Next to continue.

KB4010155 SCCM step 7

The Summary window details your installation options. Confirm these are correct before clicking on Next and continuing and then the installation will not start.

KB4010155 SCCM step 8

Now KB4010155 will install and update your SCCM environment. Once complete you will be presented with the following screen and KB4010155 will install in the background. Keep refreshing your SCCM console to confirm when it has udpated. You can additionally view the installation progress by looking at the CMUPDATE.LOG.

 KB4010155 SCCM step 9

Conclusion

In summary, Microsoft released an update for System Center Configuration Manager (SCCM) on February 16, 2017, to address various known bugs and issues. These issues include problems with client connectivity, increased CPU activity, communication failures between Configuration Manager and Microsoft Intune, and errors during the deployment of Windows 10 Anniversary Update (1607) to Windows 10 clients. Other issues addressed by the update include software distribution and content management, problems with the Administrator console, and software updates. The update aims to resolve these issues to improve the performance and functionality of SCCM.

KB3209501 Update for SCCM 1610

KB3209501 Update for SCCM 1610

How to update to KB3209501 for Microsoft SCCM 1610

If you’re experiencing issues with Microsoft SCCM 1610, the recently released update KB3209501 might just be the fix you need. This update resolves various problems related to Configuration Manager version 1606 to version 1610 upgrade, Software Center, BITS for Windows Express Update Files, Task Sequences, and more. In this article, we’ll guide you through the process of updating SCCM 1610 to KB3209501, step-by-step.

KB3209501 FAQs

Question Answer

What is KB3209501?

KB3209501 is an update for Microsoft SCCM 1610 that was released in December 2016. It fixes various issues with SCCM 1610.

What issues does KB3209501 fix?

KB3209501 fixes issues such as the SMS Agent Host process using 100% of available CPU time, Task sequence deployments failing, and more.

How do I update to KB3209501 for Microsoft SCCM 1610?

To update to KB3209501, open your SCCM console, navigate to Administration > Cloud Services > Update and Servicing, and follow the steps.

Should I install updates in preproduction prior to production?

It is always good practice to install any updates in preproduction prior to production.

Is KB3209501 installation time-consuming?

Yes, KB3209501 installation may take some time to finish, so be prepared to be patient.

 Update to KB3209501

So now that you know what KB3209501 fixes now just follow the below tasks to update your SCCM environment.

Open your SCCM console and navigate to Administration, Cloud Services and highlight Update and Servicing

KB3209501 Installing


Next, highlight update KB3209501, then right click and choose Run Prerequisite Check.

KB3209501 prerequisite check


Give the prerequisite checks sometime to complete.

KB3209501 checking prerequisites

Keep refreshing the console to see when it has completed.

KB3209501 prerequisite passed


Once the KB3209501 prerequisite checks have passed, again highlight the update and then right click and choose Install Update Pack.

KB3209501 Install


You are now presented with the Configuration Manager Updates Wizard. Select whether you want to ignore any prerequisite check warnings if you received them or not and then click Next.

KB3209501 Install 2


On the Client Update Options tab, you can select to update without validating against your preproduction environment before updating your production environment. As this is one of our many labs, I have chosen to go ahead without validating. While this is a lab, not everyone can has his luxury, so remember It is always good practice to install any updates in preproduction prior to production.

KB3209501 Install 3


On the License Tab page, confirm you accept the license terms and privacy statement and then click Next.

KB3209501 Install 4


Confirm what is shown is on the Summary Tab is correct and then click Next.

KB3209501 Install 5


The installation will no be performed in the background, so on the Completion Tab click Close.

KB3209501 Install 6


As you can see, KB3209501 is installing in the background. For my lab, it did take some time to finish so prepare to be patient.

KB3209501 Installing

Updating SCCM 1610 to KB3209501 is a straightforward process that can help you resolve a range of issues and improve the overall performance of your Configuration Manager environment. By following the steps outlined above, you can ensure a smooth and successful update. Don’t forget to install updates in pre-production first to avoid potential conflicts

MICROSOFT’S December 2016 PATCH RELEASES

MICROSOFT’S December 2016 PATCH RELEASES

MICROSOFT’S December 2016 PATCH RELEASES

patch tuesday aliens

Microsoft have released 12 new Patch Tuesday releases for deployment this month of December.

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS16-144 – Critical

Cumulative Security Update for Internet Explorer (3204059)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-145 – Critical

Cumulative Security Update for Microsoft Edge (3204062)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-146 – Critical

Security Update for Microsoft Graphics Component (3204066)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-147 – Critical

Security Update for Microsoft Uniscribe (3204063)
This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-148 – Critical

Security Update for Microsoft Office (3204068)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-149 – Important

Security Update for Microsoft Windows (3205655)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

MS16-150 – Important

Security Update for Secure Kernel Mode (3205642)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).

MS16-151 – Important

Security Update for Windows Kernel-Mode Drivers (3205651)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-152 – Important

Security Update for Windows Kernel (3199709)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.

MS16-153 – Important

Security Update for Common Log File System Driver (3207328)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.

MS16-154 – Critical

Security Update for Adobe Flash Player (3209498)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-155 – Important

Security Update for .NET Framework (3205640)
This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.


Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.