Update for Microsoft Endpoint Configuration Manager version 2010, early update ring

Applies to: Configuration Manager (current branch, version 2010)

Summary of KB4594176

An update is available to administrators who opted in through a PowerShell script to the early update ring deployment for Microsoft Endpoint Configuration Manager current branch, version 2010. You can access the update in the Updates and Servicing node of the Configuration Manager console.

This update addresses important, late-breaking issues that were resolved after version 2010 became available globally. This article summarizes the most significant changes.

This update does not apply to sites that downloaded version 2010 on December 12, 2020, or a later date. Therefore, it will not be listed in the Configuration Manager console for those sites.

Installation Note

To avoid a potential timing-related exception between the Configuration Manager console and the SMS Provider it is recommended to restart the console prior to installing this update. Refer to the following article for additional detail: KB 4599924 Console terminates unexpectedly in Configuration Manager current branch, version 2010

Issues that are fixed

  • After creating multiple orchestration groups, only the first group works as expected. Clients that belong to other orchestration groups beyond the first will receive incorrect policy, resulting in unexpected results such as not installing software.

  • Users can only delete a collection if they have the Full Administrator security role, even if they own the collection and otherwise would have authority to perform the deletion.

  • If you have a highly available site server, when you update to version 2010, the site server in passive mode fails to update. This issue is due to a change in the Microsoft Monitoring Agent (MMA) for Microsoft Defender Advanced Threat Protection. The required MMA files aren't copied to all necessary locations.

  • The Configuration Manager console terminates unexpectedly when viewing the preview of query results with a large result set.

  • The Configuration Manager console terminates unexpectedly if there is a zero-byte ConsoleUsage-{date}-{time}.xml file under %USERPROFILE%\AppData\Local\Microsoft\ConfigMgr10. If this issue occurs, check for and delete the zero-byte file.

  • After onboarding to Desktop Analytics, The Importance value of apps does not appear in the Apps tab of the Microsoft Endpoint Manager admin center. Additionally, apps deployed with Configuration Manager may not be listed on the Apps tab at all.

  • For version 2010 early update ring, if you use a PKI-based certificate for operating system boot media, configure it for SHA256 with the Microsoft Enhanced RSA and AES provider. For later releases, including globally available version 2010, this certificate configuration is recommended but not required. The certificate can be a v3 (CNG) certificate.

  • Device compliance status on the Software Update Dashboard may show an incorrect count of devices and incorrect compliance percentage.

Update information for Microsoft Endpoint Configuration Manager, version 2010 early update ring

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using the publicly available early update ring builds of version 2010. These builds were available for download between November 26, 2020 and December 11, 2020.

To verify which first wave build is installed, look for a package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. This update applies to first wave installations of version 2010 from packages that have the following GUIDs:

  • 8DD2203C-3250-4FEA-996E-CBB17B96BB7E
  • D5054056-F41C-4E61-90A7-4F135B76F806 *
    • Note the client version will not change for customers that installed early update ring with this package GUID.

The following package GUID does not require this update, as no changes were made between this build and declaration of the globally available release on December 12, 2020. AC764035-EEE2-4E87-A5D2-1F666A328A8D

Update replacement information

This update does not replace any previously released updates.

Restart information

This update does not require a computer restart but will initiate a site reset after installation.

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.

If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

Version information

The following major components are updated to the versions specified:

Component Version
Site 5.00.9040.1000
Configuration Manager console 5.2010.1093.1900
Client 5.00.9040.1015

File information

File information is available in the downloadable KB4594176_FileList.txt text file.


Updates and servicing for Configuration Manager