Update for Microsoft Endpoint Configuration Manager version 2103, early update ring

Applies to: Configuration Manager (current branch, version 2103)

Summary of KB9603111

An update is available to administrators who opted in through a PowerShell script to the early update ring deployment for Microsoft Endpoint Configuration Manager current branch, version 2103. You can access the update in the Updates and Servicing node of the Configuration Manager console.

This update addresses important, late-breaking issues that were resolved after version 2103 became available globally. This article summarizes the most significant changes.

This update does not apply to sites that downloaded version 2103 on April 19, 2021, or a later date. Therefore, it will not be listed in the Configuration Manager console for those sites.

Issues that are fixed

  • Configuration Manager Azure Active Directory (AAD) joined clients that are also using PKI issued certs can get into a high CPU utilization situation that impacts the end-user. This occurs because of an issue with the SMS Agent Host (ccmexec.exe) attempting to continually renew the "self-prove" token with the Management Point (MP).
  • During reassignment from one site to another, clients are unable to evaluate policy or communicate via the notification channel. Errors resembling the following are recorded in the ccmexec.log file.
    Error registering hosted class '{Class_GUID}'. Code 0x80040111
    Error processing notification query for endpoint '{Endpoint_Name}'. Query='wqlns:root\microsoft\... Code =0x8004100e
    Sending State Message with topic type = 2100, state id = 1, run state = 0, and error code = 0x66109940
    Sending State Message with topic type = 2100, state id = 1, run state = 0, and error code = 0x68617800
    
  • The report Compliance 4 - Updates by vendor month year does not contain expected data.
  • App usage data is stale or unavailable for devices in the Desktop Analytics portal in the Microsoft Endpoint Manager admin center. This only affects notebook computers that run for multiple days without restarting. An error resembling the following is recorded in the SensorManagedProvider.log file on affected devices.
    Other exception - Value was either too large or too small for an Int32.,    at System.Number.ParseInt32(String s, NumberStyles style, NumberFormatInfo info)
    at System.Convert.ToInt32(String value, IFormatProvider provider)
    at Microsoft.ConfigurationManagement.SensorFramework.SrumUtilHelper.ImportCsvToDataTable[T](String filePath)
    
  • After updating to Configuration Manager current branch, version 2103, a backlog of .MEP (machine extended policy) files occurs in the PolicyPV inbox on the site server. This backlog also causes delays in processing site reassignment data.
  • Devices upgrade to the 2103 version of the client faster than expected after promoting the upgrade from pre-production. In addition the WebView 2 client component is installed repeatedly.
  • State message processing hangs when encountering a corrupt file instead of discarding the file as expected. Errors resembling the following are recorded in the statesys.log file.
    Thread 'State Message Processing Thread #0" id:14888 terminated abnormally
    A state message processing thread ended with a fatal error, backing off...
    STATMSG: ID=6101 SEV=E LEV=M SOURCE='SMS Server' COMP='SMS_STATE_SYSTEM'...
    
  • State message processing fails for some cloud management gateway messages. Errors resembling the following are recorded in the statesys.log file.
    SQL MESSAGE: dbo.spProcessStateReport - Error: Record 1 returned an 'invalid record' return code and failed processing with error 8115: ERROR 8115, Level 16, State 2, Procedure dbo.spProcessProxyIdentityReport, Line 2, Message: Arithmetic overflow error converting expression to data type int.
    
  • A new console extension created for the community hub for version 2103 will fail to load if a prior console extension modifies the same node with the same action.
  • The SQL Server move process fails after a highly available site is failed over to the passive site server. This occurs due to a certificate problem that resembled the following in the ConfigMgrSetup.log file.
    ERROR: Failed to decrypt SQL Server machine serialized pfx certificate (LastError=0)
    
  • The Wake on LAN feature does not function as expected after a central administration site (CAS) is removed due to a missing site control property value.
  • The SMS Agent Host service may terminate unexpectedly due to a policy agent issue.
  • CMPivot queries do not run on computers configured with the Japanese system locale.
  • After removing a central administration site, packages are distributed to all distribution points (DP) when adding them to just a single new DP.
  • Failover from an active to a passive site fails in an environment with a large number of orphaned package status data records.

Update information for Microsoft Endpoint Configuration Manager, version 2103 early update ring

This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using the publicly available early update ring builds of version 2103. These builds were available for download between April 5 and April 19, 2021.

To verify which build is installed, look for a package GUID by adding the Package GUID column to the details pane of the Updates and Servicing node in the console. This update applies to first wave installations of version 2103 from packages that have the following GUIDs:

  • 41F02C4C-BB4B-4B8D-9299-059860339DAB
  • ADADCCD5-B406-4752-91C1-C67F3024A8BD
  • A052B360-A8CF-43CE-BFF8-D5DF4D14DAEC
  • 6232ED65-9931-4C7D-9A6B-DD99B56478DB
  • A682F854-A8AF-4F25-83B0-D9CFDFAFE659

Restart information

This update does not require a computer restart but will initiate a site reset after installation.

Update replacement information

This update does not replace any previously released update.

Additional installation information

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration -> Site Configuration -> Sites -> Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')

If the value 1 is returned, the site is up to date with all the hotfixes applied on its parent primary site.

If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

Version information

The following major components are updated to the versions specified:

Component Version
Site 5.00.9049.1000
Configuration Manager console 5.2103.1059.1800
Client 5.00.9049.1010

File information

File information is available in the downloadable KB9603111_FileList.txt text file.

References

Updates and servicing for Configuration Manager

Summary of changes in 2103