SCCM Hotfix rollup KB4500571 bug fix overview

Microsoft has released yet another update for SCCM, hotfix rollup KB4500571.

First off, we will cover the update fixes issues with SCCM including; (how to update your SCCM environment to Hotfix rollup KB4500571 is further down the page)

• The Download Package Content task sequence action fails and the OsdDownload.exe process terminates unexpectedly. When this occurs, the following exit code is recorded in the Smsts.log on the client:
  Process completed with exit code 3221225477
• Screenshots that are submitted through the Send a Smile or Send a Frown product feedback options cannot be deleted until the Configuration Manager console is closed.
• Hardware inventory data that relies on the MSFT_PhysicalDisk class reports incomplete information on computers that have multiple drives. This is because the ObjectId property is not correctly defined as a key field.
• Client installation fails on workgroup computers in an HTTPS-only environment. Communication with the management point fails, indicating that a client certificate is required even after one has been provisioned and imported.
• A “success” return code of 0 is incorrectly reported as an error condition when you monitor deployment status in the Configuration Manager console.
• When the option to show a dialog window is selected for app deployments that require a computer restart, that window is not displayed again if it is closed before the restart deadline. Instead, a temporary (toast) notification is displayed. This can cause unexpected computer restarts.
• If it is previously selected, the “When software changes are required, show a dialog window to the user instead of a toast notification” check box is cleared after you make property changes to a required application deployment.
• Expired Enhanced HTTPS certificates that are used for distribution points are not updated automatically as expected. When this occurs, clients cannot retrieve content from the distribution points. This can cause increased network traffic or failure to download content. Errors that resemble the following are recorded in the Smsdpprov.log:
  Begin to select client certificate

  Using certificate selection criteria ‘CertHashCode:’.
  There are no certificate(s) that meet the criteria.
  Failed in GetCertificate(…): 0x87d00281
  Failed to find certificate ” from store ‘MY’. Error 0x87d00281
  UpdateIISBinding failed with error – 0x87d00281

  The distribution points certificates are valid when you view them in the Security\Certificates node of the Configuration Manager console, but the SMS Issuing certificate will appear to be expired.
  Renewing the certificate from the console has no effect. After you apply this update, the SMS Issuing certificate and any distribution point certificates will automatically renew as required.

• A management point may return an HTTP Error 500 in response to client user policy requests. This can occur if Active Directory User Discovery is not enabled. The instance of Dllhost.exe that hosts the Notification Server role on the management point may also continue to consume memory as more user policy requests arrive.
• Content downloads from a cloud-based distribution point fail if the filename contains the percent sign (%) or other special characters. An error entry that resembles the following is recorded in the DataTransferService.log file on the client:
  

  AddUntransferredFilesToBITS : PathFileExists returned unexpected error 0x8007007b
  The DataTransferService.log may also record error code 0x80190194 when it tries to download the source file. One or both errors may be present depending on the characters in the filename.

• After you update to Configuration Manager current branch, version 1902, the Data Warehouse Synchronization Service (Data_Warehouse_Service_Point) records error status message ID 11202. An error entry that resembles the following is recorded in the Microsoft.ConfigMgrDataWarehouse.log file:
  View or function ‘v_UpdateCIs’ has more column names specified than columns defined.
  Could not use view or function ‘vSMS_Update_ComplianceStatus’ because of binding errors.

• User collections may appear to be empty after you update to Configuration Manager current branch, version 1902. This can occur if the collection membership rules query user discovery data that contains Unicode characters, such as ä.
• The Delete Aged Log Data maintenance task fails if it is run on a Central Administration Site (CAS). Errors that resemble the following are recorded in the Smsdbmon.log file on the server.
  TOP is not allowed in an UPDATE or DELETE statement against a partitioned view. : spDeleteAgedLogData
  An error occurred while aging out DRS log data.

• When you select the option to save PowerShell script output to a task sequence variable, the output is incorrectly appended instead of replaced.
• The SMS Executive service on a site server may terminate unexpectedly after a change in operating system machine keys or after a site recovery to a different server. The Crash.log file on the server contains entries that resemblie the following.
  Note Multiple components may be listed, such as SMS_DISTRIBUTION_MANAGER, SMS_CERTIFICATE_MANAGER, or SMS_FAILOVERMANAGER. The following Crash.log entries are truncated for readability.
  EXCEPTION INFORMATION
  Service name = SMS_EXECUTIVE
  Thread name = SMS_FAILOVER_MANAGER
  Exception = c00000fd (EXCEPTION_STACK_OVERFLOW)

  Description = “The thread used up its stack.”

• Old status messages may be overwritten by new messages after promoting a passive site server to active.

• User targeted software installations do not start from Software Center after you update to Configuration Manager current branch, version 1902. The client displays an “Unable to make changes to your software” error message. Errors entries that resemble the following are recorded in the ServicePortalWebSitev3.log:
  

  :GetDeviceIdentity – Could not convert 1.0,GUID:{guid} to device identity because the deviceId string is either null or larger than the allowed max size of input
  :System.ArgumentException: DeviceId
  at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.PortalContextUtilities.GetDeviceIdentity(String deviceId)
  at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.Connection.ServiceProxy.InstallApplication(UserContext user, String deviceId, String applicationId)
  at Microsoft.ConfigurationManager.SoftwareCatalog.Website.ApplicationViewService.InstallApplication(String applicationID, String deviceID, String reserved)

  This issue occurs if the PKI certificates that are used have a key length that is greater than 2,048 bits.

• Audit status messages are not transmitted to the site server in an environment with a remote SMS provider.
• The Management Insights rule “Enable the software updates product category for Windows 10, version 1809 and later” does not work as expected for Windows 10, version 1903.

SCCM Hotfix rollup KB4500571 additional changes

Further improvements and additional functional changes to SCCM included in the KB4500571 hotfix are;

• Manager and the Microsoft Desktop Analytics service.
• Multiple improvements are made to support devices that are managed by using both Configuration Manager and a thirty-party MDM service.
• Client computers that use IPv6 over UDP (Teredo tunneling) may generate excessive traffic to management points. This, in turn, can also increase load on the site database.
  This traffic occurs because of the frequent network changes that are associated with the Teredo refresh interval. After you apply this update, this data is filtered by default and is no longer passed to the notification server on the management point. This filtering can be customized by creating the following registry string under HKEY_LOCAL_MACHINE\Software\Microsoft\CCM:
  Type: String
  Name: IPv6IFTypeFilterList
  Value: If the string is created without any data (blank), the pre-update behavior applies and no filtering occurs.
  The default behavior of filtering Teredo tunnel data (interface type IF_TYPE_TUNNEL, 131) is overwritten if new values are entered. Multiple values should be separated by semicolons.
• The Configuration Manager client now handles a return code of 0x800f081f (CBS_E_SOURCE_MISSING) from the Windows Update Agent as a retriable condition. The result will be the same as the retry for return code 0x8024200D (WU_E_UH_NEEDANOTHERDOWNLOAD).
• The SMSTSRebootDelayNext task sequence variable is now available. For more information, see the “Improvements to OS deployment” section of Features in Configuration Manager technical preview version 1904.
• SQL database performance is improved for operations that involve a configuration item (CI) that has associated file content by the addition of a new index on the CI_Files table.

How to update your SCCM to Hotfix rollup KB4500571

Now we get to the nitty gritty of the update process for KB4500571.

1. Open your SCCM Console, and navigate to Administration, then highlight Updates and Servicing.
   
   
2. Now with Updates and Servicing highlighted in main window you should hopefully see the KB4500571 update has downloaded and is ready to install.
   (If you cant see it downloaded, right click on Updates and Servicing and choose Check for Updates.)
   
   
3. Firstly we need to run the prerequisite check for SCCM KB4500571 to ensure your environment is ready for the update.
   Right Click the downloaded update and choose Run Prerequisite Check.
   
   
4. The prerequisite check will take around 10 minutes or so to complete the check.
   You can use the ConfigMgrPrereq.log located in the root of the SCCM server’s C Drive to see the status and it’s completion.
   
5. Now on to the fun bit, let’s start the installation of SCCM KB4500571. Again right click the update in the main window and choose Install Update Pack.
   
6. The first window of the Configuration Manager Updates Wizard pops up. Choose Next to continue the installation
   
7. The Client Updates Settings window lets you choose whether you want to validate the update against a pre-production collection. We wont bother with that here as this is our test environment. Choose Next to continue when ready to do so.
8. Accept the License Terms – only if you are happy with them 🙂 – and click Next.
   
9. Now the Summary tab of the Configuration Manager Updates Wizard details the installation settings you have chosen. If you are happy to proceed with the installation click Next.
   This did take some time in the SmiKar SCCM lab environment, so best go make yourself a cup of coffee and come back. 🙂
   
10. Hopefully all went well with your upgrade to SCCM KB4500571 and you are presented with a screen similar to this.
    
11. If you had any issues or want to view the status (rather than look in the logs) go to Monitoring, then high Updates and Servicing Status. Highlight and Right Click the update and choose Show Status.