Configuration Manager 发行说明Release notes for Configuration Manager

适用范围:Configuration Manager (Current Branch)Applies to: Configuration Manager (current branch)

在 Configuration Manager 中,产品发布说明仅限于紧急问题。With Configuration Manager, product release notes are limited to urgent issues. 产品中尚未解决这些紧急问题,Microsoft 支持知识库文章中也未对此进行详细介绍。These issues aren't yet fixed in the product, or detailed in a Microsoft Support knowledge base article.

特定于功能的文档包含有关影响核心方案的已知问题的信息。Feature-specific documentation includes information about known issues that affect core scenarios.

本文包含 Configuration Manager Current Branch 的发行说明。This article contains release notes for the current branch of Configuration Manager. 有关技术预览分支的信息,请参阅技术预览For information on the technical preview branch, see Technical Preview

有关不同版本引入的新功能的信息,请参阅以下文章:For information about the new features introduced with different versions, see the following articles:

若要了解桌面分析中的新功能,请参阅桌面分析的新变化For information about the new features in Desktop Analytics, see What's new in Desktop Analytics.

提示

若要在此页面更新时收到通知,请将以下 URL 复制并粘贴到 RSS 源阅读器中:https://docs.microsoft.com/api/search/rss?search=%22release+notes+-+Configuration+Manager%22&locale=en-usTo get notified when this page is updated, copy and paste the following URL into your RSS feed reader: https://docs.microsoft.com/api/search/rss?search=%22release+notes+-+Configuration+Manager%22&locale=en-us

设置和升级Set up and upgrade

所有客户端立即执行客户端自动升级Client automatic upgrade happens immediately for all clients

适用于版本 1910Applies to version 1910

若站点使用自动客户端升级,当将站点更新到版本 1910 时,站点更新成功后所有客户端立即进行升级。If your site uses automatic client upgrade, when you update the site to version 1910, all clients immediately upgrade after the site updates successfully. 唯一的随机化是客户端何时收到此策略,默认情况下是每个小时。The only randomization is when clients receive the policy, which by default is every hour. 对于拥有许多客户端的大型站点,此行为可能会占用大量网络流量和压力分发点。For a large site with many clients, this behavior can consume a significant amount of network traffic and stress distribution points.

有关受影响版本的详细信息,请参阅 Configuration Manager Current Branch(版本 1910)客户端更新For more information on affected versions, see Client update for Configuration Manager current branch, version 1910.

被动模式下的站点服务器不会更新 configuration.mofSite server in passive mode doesn't update configuration.mof

适用于版本 1910Applies to version 1910

如果站点包含处于被动模式的站点服务器,则更新站点时可能会丢失清单自定义设置。If your site includes a site server in passive mode, you may lose inventory customizations when you update the site. 当故障转移站点服务器时,站点当前不会同步 configuration.mof。The site doesn't currently synchronize the configuration.mof when you fail over the site servers.

若要解决此问题,请手动备份并还原站点的 configuration.mof。To work around this issue, manually back up and restore the site's configuration.mof.

服务器 2019 上有关域功能级别的安装程序先决条件警告Setup prerequisite warning on domain functional level on Server 2019

适用于版本 1906Applies to version 1906

在具有运行 Windows Server 2019 的域控制器的环境中安装版本 1906 的更新时,域功能级别的先决条件检查将返回以下警告:When installing the update for version 1906 in an environment with domain controllers running Windows Server 2019, the prerequisite check for domain functional level returns the following warning:

[Completed with warning]:Verify that the Active Directory domain functional level is Windows Server 2003 or later

若要解决此问题,请忽略此警告。To work around this issue, ignore the warning.

站点扩展后,Azure AD 用户发现和集合组同步不起作用Azure AD user discovery and collection group sync don't work after site expansion

适用于版本 1906Applies to version 1906

配置以下任一功能后:After you configure either of the following features:

  • Azure Active Directory 用户组发现Azure Active Directory user group discovery
  • 将集合成员身份结果同步到 Azure Active Directory 组Synchronize collection membership results to Azure Active Directory groups

如果随后将独立主站点扩展为具有管理中心站点的层次结构,则会在 SMS_AZUREAD_DISCOVERY_AGENT.log 中显示以下错误:If you then expand a standalone primary site to a hierarchy with a central administration site, you'll see the following error in SMS_AZUREAD_DISCOVERY_AGENT.log:

Could not obtain application secret for tenant xxxxx. If this is after a site expansion, please run "Renew Secret Key" from admin console.

若要解决此问题,请续订与 Azure AD 中的应用注册相关联的密钥。To work around this issue, renew the key associated with the app registration in Azure AD. 有关详细信息,请参阅续订密钥For more information, see Renew secret key.

基于角色的管理Role based administration

特定文件夹的安全作用域不会从 CA 复制到主站点Security scopes for certain folders don't replicate from CAS to primary sites

适用于版本 1910Applies to version 1910

升级到版本 1910 后,用户集合和设备集合中的文件夹安全作用域不会从 CA 复制到主站点。After upgrade to version 1910, security scopes for folders in user collections and device collections don't get replicated from the CAS to primary sites.

应用程序管理Application management

部署 Microsoft Edge 77 及更高版本时无法获取 Powershell 错误的证书Unable to get certificate for PowerShell error when deploying Microsoft Edge, version 77 and later

适用范围:Configuration Manager 版本 1910Applies to: Configuration Manager version 1910

如果在语言为瑞典语、匈牙利语或日语的操作系统上运行 Configuration Manager 控制台,则在部署 Microsoft Edge 77 及更高版本时将收到以下错误:If you are running the Configuration Manager console on an OS where the language is Swedish, Hungarian, or Japanese, you'll receive the following error when deploying Microsoft Edge, version 77 and later:

Unable to get certificate for Powershell

发生此错误的原因是瑞典语、匈牙利语或日语的 AdminConsole\bin 目录下没有 scripts 文件夹。This error occurs because a scripts folder doesn't exist under the AdminConsole\bin directory for Swedish, Hungarian, or Japanese languages. 脚本文件夹在这些操作系统语言中进行了本地化。The scripts folder is localized in these OS languages.

若要解决此问题,请在 AdminConsole\bin 目录中创建名为 scripts 的文件夹。To work around this issue, create a folder called scripts in the AdminConsole\bin directory. 将文件从本地化文件夹复制到新创建的 scripts 文件夹。Copy the files from your localized folder to the newly created scripts folder. 复制文件后,部署 Microsoft Edge 版本 77 及更高版本。Deploy Microsoft Edge, version 77 and later once the files have been copied.

OS 部署OS deployment

部署任务序列时出现客户端策略错误Client policy error when you deploy a task sequence

适用范围:Configuration Manager 版本 2006 早期更新通道Applies to: Configuration Manager version 2006 early update ring

当你将任务序列部署到客户端时,所需的任务序列不会在截止时间安装,并且可用的任务序列不会显示在软件中心中。When you deploy a task sequence to a client, a required task sequence doesn’t install at the deadline, and an available task sequence doesn’t appear in Software Center. 你将看到状态消息 10803,其说明类似于以下错误消息:You see status message 10803 with a description similar to the following error message:

客户端下载策略失败。数据传输服务返回“BITS 错误:服务器的响应无效。服务器未遵循定义的协议。(-2145386469)。The client failed to download policy. The data transfer service returned "BITS error: 'The server's response was not valid. The server was not following the defined protocol. (-2145386469).

当你将管理点配置为 HTTPS,并且设备使用 Configuration Manager 客户端版本 1906 或更低版本时,会出现此问题。This issue occurs when you configure the management point for HTTPS, and the device uses Configuration Manager client version 1906 or earlier.

若要解决此问题,请将设备上的 Configuration Manager 客户端更新到 1910 或更高版本。To work around this issue, update the Configuration Manager client on the device to version 1910 or later.

任务序列无法通过 CMG 运行Task sequences can't run over CMG

适用范围:Configuration Manager 版本 2002Applies to: Configuration Manager version 2002

在以下两个实例中,任务序列无法在通过云管理网关 (CMG) 通信的设备上运行:There are two instances in which task sequences can't run on a device that communicates via a cloud management gateway (CMG):

  • 将站点配置为增强型 HTTP,并将管理点配置为 HTTP。You configure the site for Enhanced HTTP and the management point is HTTP.

    若要解决此问题,请更新到版本 2006。To work around this issue, update to version 2006. 或者,为管理点配置 HTTPS。Alternatively, configure the management point for HTTPS.

  • 你使用用于进行身份验证的批量注册令牌安装并注册了客户端。You installed and registered the client with a bulk registration token for authentication.

    若要解决此问题,请更新到版本 2006。To work around this issue, update to version 2006. 或者,使用以下身份验证方法之一:Alternatively, use one of the following authentication methods:

    • 在内部网络上预先注册设备Pre-register the device on the internal network
    • 使用客户端身份验证证书来配置设备Configure the device with a client authentication certificate
    • 将设备加入 Azure ADJoin the device to Azure AD

软件更新Software updates

分阶段部署缺少安全角色Security roles are missing for phased deployments

适用范围:Configuration Manager 版本 1810、1902Applies to: Configuration Manager versions 1810, 1902

OS Deployment Manager 内置安全角色具有分阶段部署的权限。The OS Deployment Manager built-in security role has permissions to phased deployments. 以下角色缺少这些权限:The following roles are missing these permissions:

  • 应用程序管理员Application Administrator
  • 应用程序部署管理员Application Deployment Manager
  • 软件更新管理员Software Update Manager

“应用创建者”角色可能看起来对分阶段部署具有某些权限,但无法创建部署。The App Author role may appear to have some permissions to phased deployments, but shouldn't be able to create deployments.

具有这些角色的用户可以启动“创建分阶段部署”向导,并可以查看应用程序或软件更新的分阶段部署。A user with one these roles can start the Create Phased Deployment wizard, and can see phased deployments for an application or software update. 他们无法完成向导,也无法对现有部署进行任何更改。They can't complete the wizard, or make any changes to an existing deployment.

若要解决此问题,请创建自定义安全角色。To work around this issue, create a custom security role. 复制现有安全角色,并在“分阶段部署”对象类上添加以下权限:Copy an existing security role, and add the following permissions on the Phased Deployment object class:

  • 创建Create
  • 删除Delete
  • 修改Modify
  • 读取Read

有关详细信息,请参阅创建自定义安全角色For more information, see Create custom security roles

桌面分析Desktop Analytics

Windows 7 扩展安全更新程序导致它们显示为“无法注册”An extended security update for Windows 7 causes them to show as Unable to enroll

适用范围:Configuration Manager 版本 2002 及更低版本Applies to: Configuration Manager versions 2002 and earlier

Windows 7 的 2020 年 4 月扩展安全更新程序 (ESU) 已将 diagtrack.dll 的最低要求版本从 10586 更改为 10240。The April 2020 extended security update (ESU) for Windows 7 changed the minimum required version of the diagtrack.dll from 10586 to 10240. 此更改会导致 Windows 7 设备在桌面分析“连接运行状况”仪表板中显示为“无法注册”。This change causes Windows 7 devices to show as Unable to enroll in the Desktop Analytics Connection Health dashboard. 当你向下钻取到此状态的设备视图时,会看到 DiagTrack 服务配置属性显示以下状态:Connected User Experience and Telemetry (diagtrack.dll) component is outdated. Check requirements.When you drill down to the device view for this status, the DiagTrack service configuration property displays the following state: Connected User Experience and Telemetry (diagtrack.dll) component is outdated. Check requirements.

此问题不需要任何解决方法。No workaround is required for this issue. 请勿卸载 4 月 ESU。Don't uninstall the April ESU. 如果配置正确,Windows 7 设备仍会向桌面分析服务报告诊断数据,并仍会显示在门户中。If otherwise properly configured, the Windows 7 devices still report diagnostic data to the Desktop Analytics service, and still show in the portal.

如果将硬件清单用于分布式视图,则无法载入桌面分析If you use hardware inventory for distributed views, you can't onboard to Desktop Analytics

适用范围:包含更新汇总的 Configuration Manager 版本 1902 和版本 1906Applies to: Configuration Manager version 1902 with update rollup, and version 1906

如果你具有层次结构,并且在任何站点复制链接上启用分布式视图的硬件清单站点数据,则在 Configuration Manager 中配置桌面分析连接后,将在 M365UploadWorker.log 中显示以下错误:If you have a hierarchy, and enable Hardware inventory site data for distributed views on any site replication links, after you configure the Desktop Analytics connection in Configuration Manager you'll see the following error in M365UploadWorker.log:

Unexpected exception 'System.Data.SqlClient.SqlException' Remote access is not supported for transaction isolation level "SNAPSHOT".: at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action'1 wrapCloseInAction)

若要解决此问题,请在每个站点复制链接上禁用分布式视图的硬件清单站点数据。To work around this issue, disable Hardware inventory site data for distributed views on every site replication link.

删除集合时控制台意外关闭Console unexpectedly closes when removing collections

适用范围:包含更新汇总的 Configuration Manager 版本 1902Applies to: Configuration Manager version 1902 with update rollup

将网站连接到桌面分析后,可以选择要与桌面分析同步的特定集合。After you connect the site to Desktop Analytics, you can Select specific collections to synchronize with Desktop Analytics. 如果删除集合并应用更改,则立即添加新集合会导致未处理的异常。If you remove a collection and apply the changes, immediately adding a new collection causes an unhandled exception. 控制台意外关闭。The console unexpectedly closes.

若要解决此问题,删除集合时,请选择“确定”以关闭“属性”窗口。To work around this issue, when you remove a collection, select OK to close the properties window. 然后再次打开“属性”窗口,在“桌面分析连接”选项卡中添加新集合。Then open the properties again to add a new collection on the Desktop Analytics Connection tab.

试点状态图块显示某些设备为“未定义”Pilot status tile shows some devices as 'undefined'

适用范围:包含更新汇总的 Configuration Manager 版本 1902Applies to: Configuration Manager version 1902 with update rollup

使用 Configuration Manager 控制台来监视试点部署状态时,在该部署计划的 Windows 目标版本上处于最新状态的试点设备在试点状态图块中显示为“未定义”。When you use the Configuration Manager console to monitor your pilot deployment status, pilot devices that are up-to-date on the target version of Windows for that deployment plan show as undefined in the Pilot status tile.

对此部署计划而言,这些未定义的设备具有 OS 目标版本,处于最新状态 。These undefined devices are up-to-date with the target version of the OS for that deployment plan. 无需进一步操作。No further action is necessary.

云服务Cloud services

美国政府云 Azure 服务显示为公有云Azure service for US Government cloud shows as public cloud

适用于版本 1910Applies to version 1910

如果创建与 Azure 服务的连接,并将 Azure 环境设置为政府云,则连接属性会将环境显示为 Azure 公有云。If you create a connection to an Azure service, and set the Azure environment to the government cloud, the properties of the connection show the environment as the Azure public cloud. 此问题只是控制台的显示问题,服务位于政府云中。This issue is only a display problem in the console, the service is in the government cloud. 若要确认配置,请在站点数据库上运行以下 SQL 查询:To confirm the configuration, run the following SQL query on the site database:

Select Environment, Name, TenantID From AAD_Tenant_Ex

对于政府云,此查询的结果是针对特定租户的 2For the government cloud, the result of this query is 2 for the specific tenant.

无法从为 TLS 1.2 启用的云管理网关下载内容Can't download content from a cloud management gateway enabled for TLS 1.2

适用于版本 1906、1910 早期更新通道Applies to version 1906, 1910 early update ring

如果启用云管理网关 (CMG)“充当云分发点,并提供 Azure 存储中的内容”且“强制执行 TLS 1.2”,则可能会看到内容下载失败 。If you enable a cloud management gateway (CMG) to function as a cloud distribution point and serve content from Azure storage and Enforce TLS 1.2, you may see content downloads fail.

客户端上的 DataTransferService.log 中显示以下错误:The following errors show in the DataTransferService.log on the client:

Request to https://cmg1.contoso.com:443/downloadrestservice.svc/getcontentxmlsecure?pid=CMG00013&cid=CMG00013&tid=GUID:3fb5cf5d-28a5-4460-ab39-9184ca214369&iss=CMDP.IAAS2.CONTOSO.COM&alg=1.2.840.113549.1.1.11&st=2019-11-19T01:44:04&et=2019-11-19T09:44:04 failed with 400
Successfully queued event on HTTP/HTTPS failure for server 'cmg1.contoso.com'.
Error sending DAV request. HTTP code 400, status 'Bad Request'
GetDirectoryList_HTTP('https://cmg1.contoso.com:443/downloadrestservice.svc/getcontentxmlsecure?pid=CMG00013&cid=CMG00013&tid=GUID:3fb5cf5d-28a5-4460-ab39-9184ca214369&iss=CMDP.IAAS2.CONTOSO.COM&alg=1.2.840.113549.1.1.11&st=2019-11-19T01:44:04&et=2019-11-19T09:44:04') failed with code 0x87d0027e.
Error retrieving manifest (0x87d0027e).

服务器上的 CMGContentService.log 中显示以下错误:The following errors show in the CMGContentService.log on the server:

ERROR: Exception processing request. Microsoft.WindowsAzure.Storage.StorageException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm...

若要解决此问题,请执行以下操作:To work around this issue:

  • 将站点更新为公开发布版本 1910,该版本于 2019 年 12 月 20 日发布。Update the site to the globally available version of 1910, released on December 20, 2019. (如果之前已更新为 1910 早期更新通道,则需要在该版本可用时更新到此版本。)(If you previously updated to the 1910 early update ring, you need to update to this build when it's available.)

  • 或者,使用传统云分发点Alternatively, use a traditional cloud distribution point. 该角色不强制执行 TLS 1.2,但与需要 TLS 1.2 的客户端兼容。That role doesn't enforce TLS 1.2, but is compatible with clients that require TLS 1.2.

保护Protection

版本 1906 中显示了 BitLocker 管理BitLocker management appears in version 1906

适用于版本 1906Applies to version 1906

2019 年 11 月 21 日之后,如果你从版本 1902 或更低版本更新到版本 1906,BitLocker 管理功能将处于启用状态且可用。After November 21, 2019, if you update to version 1906 from version 1902 or earlier, the BitLocker management feature will be turned on and available. 从版本 1910 开始,此功能是一项可选功能。This feature is an optional feature starting in version 1910. 版本 1906 不支持此功能。It's unsupported in version 1906. 如果在版本 1906 中尝试使用它,可能会遇到意外结果。If you try to use it in version 1906, you may experience unexpected results. 如果不使用此功能,则不会产生任何影响。If you don't use the feature, there's no impact.

若要使用 BitLocker 管理功能,请更新到版本 1910。To use the BitLocker management feature, update to version 1910.