Update for Microsoft Endpoint Configuration Manager version 2103, early update ring
Applies to: Configuration Manager (current branch, version 2103)
Summary of KB9603111
An update is available to administrators who opted in through a PowerShell script to the early update ring deployment for Microsoft Endpoint Configuration Manager current branch, version 2103. You can access the update in the Updates and Servicing node of the Configuration Manager console.
This update addresses important, late-breaking issues that were resolved after version 2103 became available globally. This article summarizes the most significant changes.
This update doesn't apply to sites that downloaded version 2103 on April 19, 2021, or a later date. Therefore, it will not be listed in the Configuration Manager console for those sites.
Issues that are fixed
- Configuration Manager Microsoft Entra joined clients that are also using PKI issued certs can get into a high CPU utilization situation that impacts the end-user. This occurs because of an issue with the SMS Agent Host (
ccmexec.exe) attempting to continually renew the "self-prove" token with the Management Point (MP). - During reassignment from one site to another, clients are unable to evaluate policy or communicate via the notification channel. Errors resembling the following are recorded in the
ccmexec.logfile.Error registering hosted class '{Class_GUID}'. Code 0x80040111 Error processing notification query for endpoint '{Endpoint_Name}'. Query='wqlns:root\microsoft\... Code =0x8004100e Sending State Message with topic type = 2100, state id = 1, run state = 0, and error code = 0x66109940 Sending State Message with topic type = 2100, state id = 1, run state = 0, and error code = 0x68617800 - The report "Compliance 4 - Updates by vendor month year" doesn't contain expected data.
- App usage data is stale or unavailable for devices in the Desktop Analytics portal in the Microsoft Intune admin center. This only affects notebook computers that run for multiple days without restarting. An error resembling the following is recorded in the
SensorManagedProvider.logfile on affected devices.Other exception - Value was either too large or too small for an Int32, at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info) at System.Convert.ToInt32(String value, IFormatProvider provider) at Microsoft.ConfigurationManagement.SensorFramework.SrumUtilHelper.ImportCsvToDataTable[T](String filePath) - After updating to Configuration Manager current branch, version 2103, a backlog of
.MEP(machine extended policy) files occurs in the PolicyPV inbox on the site server. This backlog also causes delays in processing site reassignment data. - Devices upgrade to the 2103 version of the client faster than expected after promoting the upgrade from pre-production. In addition the WebView 2 client component is installed repeatedly.
- State message processing hangs when encountering a corrupt file instead of discarding the file as expected. Errors resembling the following are recorded in the statesys.log file.
Thread 'State Message Processing Thread #0" id:14888 terminated abnormally A state message processing thread ended with a fatal error, backing off... STATMSG: ID=6101 SEV=E LEV=M SOURCE='SMS Server' COMP='SMS_STATE_SYSTEM'... - State message processing fails for some cloud management gateway messages. Errors resembling the following are recorded in the statesys.log file.
SQL MESSAGE: dbo.spProcessStateReport - Error: Record 1 returned an 'invalid record' return code and failed processing with error 8115: ERROR 8115, Level 16, State 2, Procedure dbo.spProcessProxyIdentityReport, Line 2, Message: Arithmetic overflow error converting expression to data type int. - A new console extension created for the community hub for version 2103 will fail to load if a prior console extension modifies the same node with the same action.
- The SQL Server move process fails after a highly available site is failed over to the passive site server. This occurs due to a certificate problem that resembled the following in the ConfigMgrSetup.log file.
ERROR: Failed to decrypt SQL Server machine serialized pfx certificate (LastError=0) - The Wake on LAN feature doesn't function as expected after a central administration site (CAS) is removed due to a missing site control property value.
- The SMS Agent Host service may terminate unexpectedly due to a policy agent issue.
- CMPivot queries don't run on computers configured with the Japanese system locale.
- After removing a central administration site, packages are distributed to all distribution points (DP) when adding them to just a single new DP.
- Failover from an active to a passive site fails in an environment with a large number of orphaned package status data records.
Update information for Microsoft Endpoint Configuration Manager, version 2103 early update ring
This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using the publicly available early update ring builds of version 2103. These builds were available for download between April 5 and April 19, 2021.
To verify which build is installed, look for a package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. This update applies to first wave installations of version 2103 from packages that have the following GUIDs:
- 41F02C4C-BB4B-4B8D-9299-059860339DAB
- ADADCCD5-B406-4752-91C1-C67F3024A8BD
- A052B360-A8CF-43CE-BFF8-D5DF4D14DAEC
- 6232ED65-9931-4C7D-9A6B-DD99B56478DB
- A682F854-A8AF-4F25-83B0-D9CFDFAFE659
Restart information
This update doesn't require a computer restart but will initiate a site reset after installation.
Update replacement information
This update doesn't replace any previously released update.
Additional installation information
After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration -> Site Configuration -> Sites -> Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.
Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
If the value 1 is returned, the site is up to date with all the hotfixes applied on its parent primary site.
If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.
Version information
The following major components are updated to the versions specified:
| Component | Version |
|---|---|
| Site | 5.00.9049.1000 |
| Configuration Manager console | 5.2103.1059.1800 |
| Client | 5.00.9049.1010 |
File information
File information is available in the downloadable KB9603111_FileList.txt text file.
References
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for