Tuesday, May 20, 2014

Mz Computers - CU1 for SCCM 2012 R2 - The Hotfix

The redirecting page will be displayed and immediately replaced by “MzComputers.com”. With this zero-delay, many users will not even notice the presence of the redirecting page.

This update contains fixes for various issues including Windows PowerShell, and an updated version of the Endpoint Protection client. The update can be download from KB 2938441

Issues fixed by the Hotfix
Administrator Console
  • The wrong software update for an operating system image may be selected in the list of items that are returned in the Schedule Updates Wizard after the list is sorted.
  • Adding a new computer association for an existing computer causes the following error message in the Administrator Console:
Description: "Unable to save changes"
ErrorCode: 2152205056
File = 'e:\\qfe\\nts\\sms\\siteserver\\sdk_provider\\smsprov\\sspsite.cpp":
Line = 1344
Operation = "ExecMethod"
ParameterInfo = "SMS_Site":
ProviderNamre = "WinMgmt"
StatusCode = 2147749889

  • Downloads of extensions by using the Windows Intune Connector role fail because of a message signature verification error. Entries that resemble the following are logged in the dmpdownloader.log file:
ERROR: SignData failed with exception: [Invalid algorithm specified.~~]

Mobile Device Management
  • Enrolling an Android device in both Exchange Active Sync (EAS) and Mobile Device Management causes a duplicate device to be created in the Administrator Console.
  • The "Computers with a specific application installed" report lists a computer two times if that computer is in two collections and if the user who is running the report has permission to both collections.
Application Virtualization
This cumulative update adds support for Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2). The following issues are seen only in App-V 5.0 SP2 environments earlier than CU1:
  • With App-V 5.0 SP2, when a new version of an App-V package supersedes an earlier version, and when that earlier version is being used, the package is listed as not published. Errors that resemble the following are logged in the AppEnforce.log and the AppDiscovery.log files.

Publish-AppvClientPackage : A publish operation has been scheduled, pending
the shutdown of all applications in the package or the connection group.

Publishing Package is successful but one one of the Virtual Package is currently in use. Close this Virtual Package to get the changes into effect
Performing detection of app deployment type TestApp - Microsoft Application Virtualization 5(ScopeId_0C7279F0-1490-4A0E-A7A3-32A000CEF76D/DeploymentType_d1adf427-ac14-4ee1-9e51-415af7675383, revision 2) for system.

Required component [{AppVPackageRoot}]\TestApp.exe is not published

  • With App-V 5.0 SP2, App-V packages that are being used cannot be uninstalled. Errors that resemble the following are logged in the AppEnforce.log file:
CVEWorker::UninstallConnectionGroup() failed
Internet-based clients
  • Internet-based clients cannot download content from an Internet-facing distribution point after they first encounter a failure to reach Windows Update. Additionally, the DataTransferService.log file on the client logs errors that resemble the following:
Failed to set proxy to bits job for url 'https:// site.configmgr.com:443/SMS_DP_SMSPKG$/{pkg_id}'. Error 0x87d00215
All proxy types and no proxy have been tried for times but failed.

Software Center
  • The business hours setting in the Software Center is not honored for mandatory assignments for programs and task sequences that can run independently of assignment. Instead, the programs and task sequences run immediately. The full text of this setting is "Automatically install or uninstall required software and restart the computer only outside of the specified business hours."
  • The Uninstall option may not be available in Software Center for applications that are made available through multiple deployment types. For example, if two deployment types for an application apply to a client, and if both have an Uninstall action, the Uninstall button is unavailable.
  • The "Available After" date for applications in Software Center may display a date of 1998. This problem occurs for applications that are made available through task sequences.

Operating system deployment
  • External drives, such as some USB thumb drives, are displayed as fixed disks instead of removable media. Attempts to start and install an OS image result in error messages that resemble the following in the Smsts.log file:
Booted from fixed disk
!sVolumeID.empty(), HRESULT=80004005 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,465)
!sVolumeID.empty(), HRESULT=80004005 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,465)
!sTSMDataPath.empty(), HRESULT=80070002 (e:\qfe\nts\sms\framework\tscore\resolvesource.cpp,1425)
TS::Utility::GetTSMDataPath(rsPath), HRESULT=80070002 (e:\qfe\nts\sms\client\tasksequence\bootshell\configpath.cpp,352)
Failed to find the current TS configuration path
ConfigPath::FindConfigPath(sConfigPath), HRESULT=80070002 (e:\qfe\nts\sms\client\tasksequence\bootshell\bootshell.cpp,545)
Failed to find the configuration path.
The system cannot find the file specified. (Error: 80070002; Source: Windows)
Execution failed with error 80070002.

  • Client computers that are started from Dynamic Boot Media fail to retrieve policy data if the first Management Point refuses an HTTPS connection with error code 80072efd. This does not apply to HTTP connections. This problem occurs even when there are other Management Points available. The smsts.log file contains entries that resemble the following.

    Note These entries are truncated for readability.
3 https and 1 http locations are returned from MP https://MP1.contoso.com.
'https://MP2.contoso.com' sute may be accessible and beused for redirection
'https://MP1.contoso.com' sute may be accessible and beused for redirection
'https://MP3.contoso.com' sute may be accessible and beused for redirection
'http://MP4.contoso.com' may be accessible and be used for redirection
New settings:
site=PS1,PS1, MP=https://MP2.contoso.com, ports: http=80,https=443
certificates are received from MP.
CLibSMSMessageWinHttpTransport::Send: URL: MP2.contoso.com:443 CCM_POST /ccm_system_AltAuth/request
In SSL, but with no client cert
Error. Received 0x80072efd from WinHttpSendRequest.
sending with winhttp failed; 80072efd
Will retry in 5 second(s)
socket 'connect' failed; 8007274d
sending with winhttp failed; 80072efd
End of retriesFailed to read client identity (Code 0x80072efd)
Failed to get client identity.
Exiting TSMediaWizardControl::GetPolicy.
Setting wizard error: An error occurred while retrieving policy for this computer (0x80072EFD). For more information, contact your system administrator or helpdesk operator.

  • Child sites do not process the content for a task sequence that was changed after migration from another site. The Distmgr.log file on the child site contain entries that resemble the following, and the package state does not change:
Package {Package_ID} is in Pending state and will not be processed...

Note This fix applies only to task sequences that are not yet migrated. Task sequences that were migrated before you applied CU1 should be deleted and then migrated again.
  • Applications that are deployed by using a task sequence cannot be installed if the following conditions are true:
    • The deployment purpose is defined as "Required."
    • The assignment Schedule is "As soon as possible."
    • The Download all contents locally before starting task sequence option is selected.

The Execmgr.log file on the client contains errors that resemble the following:
ContentProgressEx invalid request GUID handle
OnContentAvailable invalid request GUID handle

  • Task sequences that are migrated from Configuration Manager 2007 environments and that use Virtual Applications for Install Software package source fail to run. Errors that resemble the following are logged in the Smsts.log file:
Executing command line: smsappinstall.exe /app:ScopeId_{GUID}/Application_{GUID} /basevar: /continueOnError:
[ smsinstallapp.exe ]
ContinueOnError flag is null
Failed to parse command line arguments, hr=0x80070057
Process completed with exit code 2147942487

  • Task sequences may fail on a UEFI-based client if the "Format and Partition" task sequence step runs two times. A dialog box appears that contains the following text during the second "Format and Partition" operation:
OsdDiskPart.exe - Application Error
The instruction at {offset} referenced memory at {address}. The memory could not be read.

  • The following fixes are also included in this cumulative update for Operating System Deployment.
KB number
Application contents are duplicated in stand-alone media in System Center 2012 R2 Configuration Manager
An update is available for the "Operating System Deployment" feature of System Center 2012 R2 Configuration Manager
You cannot stage a Windows PE 3.1 boot image to a Windows XP-based computer in System Center 2012 R2 Configuration Manager
Per-computer variables for imported computers are not read in System Center 2012 R2 Configuration Manager

Endpoint Protection
  • This cumulative update includes an updated version of the Endpoint Protection client. For more information, refer to the following TechNet blogs:

Application management
  • Automated Deployment Rules do not download updates when a proxy server that uses a specific user account is defined. The PatchDownloader.log file on the software update point contains entries that resemble the following:
Downloading content for ContentID = 16777361, FileName = windows8.1-kb1234567-x64.cab.
Try username DOMAIN\Proxy_User_Account
Proxy enabled proxy server
Download http://windows8.1-kb1234567-x64_36d2001d0935b254ff87ab33e46545057ec78514.cab to C:\windows\TEMP\CABC023.tmp returns 407
ERROR: DownloadContentFiles() failed with hr=0x80070197

  • Users who are accessing the company portal cannot install or request an application that is targeted to a security group. A message that resembles the following is displayed:
Error loading details
An error occurred while attempting to load the app details.

Site systems
  • The Application Catalog website displays the error "Cannot connect to the application server" after an SSL-enabled Application Catalog is running under load for a long time (usually several days). Additionally, errors that resemble the following are logged in the ServicePortalWebSite.log file:
[127, PID:8992][02/18/2014 02:47:10] :ValidateServerCert - Validating certificate 3C8063A10002000A70DC
[127, PID:8992][02/18/2014 02:47:10] :System.TimeoutException: The request channel timed out while waiting for a reply after 00:00:59.9830000. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout.

Server stack trace:
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)

Windows PowerShell
  • The following article describes the changes that are also included in this cumulative update for Windows PowerShell.
KB number
Description of Windows PowerShell changes in Cumulative Update 1 for System Center 2012 R2 Configuration Manager