Create a large number of applications, deployment types, deploy them to a collection and trigger machine policy receive cycle with a PowerShell script

Here is a sample on how to create a  large number of applications , the deployment types, deploy the apps to a collection and refresh policy on those clients (for testing purposes)

 

# Import CM module

Import-Module -Name “$(split-path $Env:SMS_ADMIN_UI_PATH)\ConfigurationManager.psd1”

#Set the COnfig Mgr path (site code). e.g.

Set-Location -Path R2S:

 

#Use a name basis for the appllications

$appname= “TestApp”

 

#create a loop with the needed number of steps (in this sample 500)

for($i=1

$i -le 500

$i++)

{

#edit the name for the current step in the loop to have the application names different e.g. TestApp1, TestApp2…TestApp500

$appnamef= $appname +  $i

#create a new Application

New-CMApplication -Name $appnamef -Description “TestApp created ” -SoftwareVersion “1.51” -AutoInstall $true

 

#Add the Deployment type automatically from the MSI

Add-CMDeploymentType -ApplicationName $appnamef -InstallationFileLocation “\\sourceshare\Sources\Apps\SomeApp.msi” -MsiInstaller -AutoIdentifyFromInstallationFile -ForceForUnknownPublisher $true -InstallationBehaviorType InstallForSystem

 

#Distribute the Content to the DP Group

Start-CMContentDistribution -ApplicationName $appnamef -DistributionPointName “DPName” -Verbose

}

 

#start the Deployment

#a loop with the same number of steps as applications created

for($i=1

$i -le 500

$i++)

{

#edit the name for the current step in the loop to have the application names matching the ones above

$appnamef= $appname +  $i

#create a deployment for the curent step/ app in the loop

Start-CMApplicationDeployment -CollectionName “Test Deploy” -Name  $appnamef -DeployAction Install -DeployPurpose Available -UserNotification DisplayAll -AvaliableDate (get-date) -AvaliableTime (get-date) -TimeBaseOn LocalTime  -Verbose

}

 

#refresh the Machine Policy on the Members of the Collection

Invoke-CMClientNotification -DeviceCollectionName “Test Deploy” -NotificationType RequestMachinePolicyNow -Verbose

 

 

#Run the Deployment Summarization

Invoke-CMDeploymentSummarization -CollectionName “Test Deploy” -Verbose

Summary of changes in System Center Configuration Manager current branch, version 1606

Summary

Release version 1606 of System Center Configuration Manager Current Branch contains many changes that are intended to prevent issues and improve features. The “Issues that are fixed” list is not inclusive of all changes but instead captures what our product development team believes is most relevant to our broad customer base. Many of these changes are the result of customer feedback on product issues and ideas for product improvement. Version 1606 is available as an in-console update to be installed at the top-most site in a hierarchy. For more information, see Checklist for installing update 1606 for System Center Configuration Manager.

Issues that are fixed

Administrator Console

  • The Administrator Console may exit unexpectedly when you use the Group By option to reorder columns and then refresh the current view.
  • Users who have the ConfigMgr Report Users role assigned will receive the following error message when they click the Subscribe link on a SQL Reporting Services report page:
    You do not have permission to access this page
  • Windows 10 is deselected as a client platform in package and task sequence requirements after the upgrade to Configuration Manager current branch. This update prevents this issue when you upgrade to version 1606 but does not re-select Windows 10 as a platform for any previously affected packages or task sequences.
  • The information reported in the Compliance Status, Client Version, and Last Detail Message values of the device compliance view in the Administrator Console are inconsistent. For example, a client may still be marked as compliant when reporting different versions, one value in Client Version and a different value in Last Detail Message.
  • An incorrect value for the client installation process is recorded in the Compliance Last Error column of device reporting for Assets and Compliance. For example, a state message that states a failure to download a file shows the Compliance Last Error value “Success.” This leads to inaccurate compliance state reporting.
  • The Production and Pre-production client deployment nodes of the Administrator Console generate an error that resembles the following when viewed by an administrative user who has permissions scoped to a built-in security role.
    The SMS Provider reported an error.
    Microsoft.ConfigurationManagement.ManagementProvider.SmsException
    There is error in WQL query

    This does not occur when an un-restricted administrative user views the same information.

  • The Rate Limit column incorrectly shows Yes for distribution points when they are displayed in the Administrator Console, even when no rate limit is configured.
  • Selecting the option to wipe and retire a Windows or Android mobile device from Configuration Manager results in an incorrect dialog box for Apple Activation Lock displayed in the Administrator Console.
  • The Administrator Console may exit unexpectedly when you toggle between different rules when you create or edit a compliance policy. The following error message is displayed in the console:
    This control has already been added to the validator

Software distribution and content management

  • After you upgrade to Configuration Manager current branch, audit status message 30152 is not generated as expected when you create, delete, or modify an application.
  • The Application Details pane in software center incorrectly shows a status of “Installing” instead of an error condition. This issue occurs when a user manually initiates application installation while another installation is in progress.
  • The drill-down data from the Count of all instances of software registered with Add or Remove programs option incorrectly lists products together regardless of version.
  • All content distribution can stall if one distribution point is in a problem state. For example, if the IIS Admin Service (inetinfo.exe) is hanging on one distribution point, all other distribution points will wait for the problematic distribution point to come back online. A message pattern resembling the following is logged in the distmgr.log file on the site server, repeating approximately every two minutes:
    There are still 1 DP threads active for package ABC00139, waiting for them to complete. SMS_DISTRIBUTION_MANAGER 12608 (0x3140)
    There are still 1 DP threads active for package PRI00290, waiting for them to complete. SMS_DISTRIBUTION_MANAGER 14128 (0x3730)
    There are still 1 DP threads active for package ABC0013B, waiting for them to complete. SMS_DISTRIBUTION_MANAGER 8348 (0x209C)
    There are still 2 DP threads active for package ABC000C4, waiting for them to complete.
  • If the Configuration Manager Content Library (SCCMContentLib) spans multiple drives and one of those drives is full, content distribution may fail. Errors that resemble the following are recorded in the distmgr.log file:
    ~Use drive D for storing the compressed package.
    CContentBundle::AddContentDefinitionItems failed; 0x80070003
    CDistributionManager::AddContentToBundle failed; 0x80070003
    CDistributionManager::CreatePackageBundle failed; 0x80070003
    ~Error creating package bundle to send copy of package ABC000A2 to site PRI.
    STATMSG: ID=2333 SEV=I LEV=M SOURCE=”SMS Server” COMP=”SMS_DISTRIBUTION_MANAGER”
  • Redistributing a software update package with a large (600+) number of updates will cause the SMS Agent Host (ccmexec.exe) service on a pull distribution point to stop responding.
  • Software distribution content is not extracted to a secondary drive when the primary drive of a distribution point has insufficient free space. Errors that resemble the following are recorded in the despooler.log on the site server:
    Extracting content ABC00001.1
    ::DeleteFileW failed for H:\SCCMContentLib\FileLib\…
    RemoveFile failed; 0x80070002
    CFileLibrary::AddFile failed; 0x80070002
    CContentBundle::ExtractContentBundle failed; 0x80070002
    ~Failed to extract contents to the content library. 0x80070002
    ~Failed to extract package contents from E:\SCCM\INBOXES\DESPOOLR.BOX\RECEIVE\{PKG_File}. Error = 2

Asset management

  • A computer or user who is a member of both a parent and a child Active Directory group will only be listed as a member of the child group after a delta Active Directory group discovery cycle.
  • The “Device Online Status” criteria returns no results when it is used to filter the members of a collection.

Site Systems

  • The Pre-production client folder (\Microsoft Configuration Manager\StagingClient) is not backed up if the client version for a site has not been moved to production use. Therefore, later site restorations will result in the Hierarchy Manager component failing to update that folder. The client installation will then fail until both the \Client and \StagingClient folders contain the correct client versions. This update corrects the backup process to include the appropriate files but will not alter any prior site backups.
  • Custom permissions that are applied to the v_R_System view are removed after the SMS Executive service is restarted.
  • The Site System Status Summarizer component no longer checks for the Availability State registry key on Distribution Points. This prevents the summarizer’s polling cycle from timing out in environments that have many (thousands) of distribution points.
  • Replication Traffic reports may contain incomplete data after the Delete Aged Replication Summary task has run on the Central Administration Site (CAS) in a Configuration Manager hierarchy. For example, one link will show 7 days of data, one or two other links will show 1 day of data, and the rest will show no data.
  • Status message 3353 that indicates that the SQL Server ports are not active in a firewall exception is generated incorrectly when the firewall is disabled on the SQL server.

Client

  • Low-rights users can initiate the installation of required software manually on Windows 10 devices with the Unified Write Filter (UWF) enabled. The installations fail when initiated by the user but still succeed during automated installation when the deadline is reached.
  • The SMS Agent Host process (ccmexec.exe) unnecessarily requests the process_terminate permission on some occasions. This can result is false positive messages from antivirus/anti-malware applications.
  • The information for an Internet-facing Fallback Service Point (FSP) is overwritten incorrectly with that of an intranet-facing FSP when a client connects to a corporate network. This disrupts future communication to the Internet-facing FSP when the client is no longer on the corporate network.
  • The size of the cache on disk (CCMCache) for a configuration manager client may exceed what is defined in the Administrator Console if packages 4 GB or larger are distributed. For example, if the client cache is left at the default value of 5 GB, a client could have 6 GB of data that is stored on the disk.

Endpoint Protection

  • Windows Defender file exclusions are written to the registry by Configuration Manager Endpoint Protection as DWord values instead of String (REG_SZ). Trying to generate the resultant set of policy (RSOP) for Group Policy data will fail, as Group Policy writes this data in a string format.

Microsoft Intune and mobile device management

  • Exchange Server connector synchronization fails in an environment where the same user name exists in two domains in the same forest, for example, user1@contoso.com and user1@domain2.contoso.com. Errors that resemble the following are recorded in the EasDisc.log file:
    ERROR: [MANAGED] Exception: An item with the same key has already been added.
    ERROR: Failed to check status of discovery thread of managed COM. error = The parameter is incorrect.
    INFO: Total number of devices discovered 0
  • After you change a Microsoft Intune subscription, the SC_Online_Issuing certificate is not updated to reflect the new subscription. This interferes with future enrollment efforts. Errors that resemble the following are recorded in the Dmpdownloader.log and Dmpuploader.log files:
    Dmpdownloader.log
    ERROR: FastDownload Exception:
    [Microsoft.Management.Services.Common.SecurityTokenValidationException: An error has occurred – Operation ID (for customer support):
    Certmgr has not installed certificate yet, sleep for 1 minutes. Check whether the site has Intune subscription.

    Dmpuploader.log
    WARNING: Cannot find a suitable certificate.
    ERROR: Exception occurred while calling REST UserAuth Location service The Dmp Connector failed to read the connector certificate.
    ERROR: StartUpload exception: [Failed to read any connector certificate]

Operating system deployment

  • Trying to move more than 100 drivers from one folder to another in the Administrator Console results in an SMS Provider error.
  • The Last PXE Advertisement details are deleted for a device if it was imported at a CAS instead of a child primary site. This can result in OS Deployment Task Sequences running again.
  • Windows devices, such as the Surface Pro 3, may incorrectly enter a Connected Standby power state during an OS Deployment. This results in an incomplete deployment.
  • The Install Application task sequence step will fail if a time change is made on the client while the task sequence is running.
  • The command line used to upgrade drivers in a Windows 10 Upgrade Package task sequence contains an incorrect trailing backslash in the /installdrivers parameter.

Settings management

  • The encoded data section of remediation scripts created in the Administrator Console is missing. This results in a failure of the signed script to run.

Software updates

  • Software Update Compliance reports include information on updates for devices that have provided no data as “Not Required” instead of “Unknown.” This causes incorrect compliance results.
  • Software updates are expired incorrectly based on their creation date instead of their supersedence date.
  • A duplicate deployment is created for any Windows 10 Servicing plan every time that the associated deployment rule is evaluated.

Additional changes that are included in version 1606

Supported operating systems

The following operating systems can now be targeted for application and settings management:

  • Solaris 10
  • CentOS 7
  • Ubuntu 14.04

Vulnerability assessment

Application management

  • The installation of applications published in the Software Center can now be retried for a prior failure. For example, if the installation failed because of insufficient disk space, the Install button will be available as soon as requirements are met.

Client settings

  • The Hardware Inventory Max Random Delay Minutes option is now available in client agent settings.

Operating system deployment

  • When you perform a USMT offline state capture with hardlinking by using the Capture in off-line mode (Windows PE only) and Capture locally by using links instead of copying files options in the Capture User State task, the drive where the offline Windows is located is not stored in a Task Sequence variable. This makes it difficult to determine on which drive to put the new Windows install later at the Apply Operating System Image stage.
  • The SMSTSSoftwareUpdateScanTimeout task sequence variable is now available. This lets the time out value for the Install Software Update task sequence step to be controlled. The value should be entered in seconds. The default time out value, if nothing is specified, is 1800 seconds (30 minutes).
  • The TFTP Window Size used during operating system deployment can now be customized to handle different network requirements. Configuring RamDiskTFTPWindowSize on PXE-enabled distribution points can increase the download speed of operating system image files. The default value is 4. But it can be altered by using the following RamDiskTFTPBlockSize registry subkey on the PXE-enabled distribution point:
    Location:

    HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\DP

    DWORD name: RamDiskTFTPWindowSize
    Value:<the desired window size> (Default value is 4.)

  • When a computer in the Unknown Computers collections has both 32-bit and 64-bit operating system images deployed to it by using PXE, the image that matches the CPU architecture of the client is selected.

Content management

  • In large environments, distribution points and pull-distribution points will no longer start to upgrade at the same time when a site update or upgrade is installed. Instead, only some of the distribution points will apply an update. This prevents large-scale interruptions in content distribution. For more information, see DPUpgradeThreadLimit in the following article in the Microsoft Knowledge Base:
    3025353 Distribution point installations or upgrades may take longer than expected in System Center 2012 Configuration Manager

Updates and servicing

  • The Service Connection Tool now allows for uploading of usage data from multiple sites at the same time.

Hotfixes that are included in this update

The following hotfixes released for version 1602 are included in System Center Configuration Manager version 1606:

  • 3155482 Update rollup for System Center Configuration Manager current branch, version 1602
  • 3174008 Software update installation freezes on System Center Configuration Manager clients
  • 3180992 Update for System Center Configuration Manager version 1606, early wave
  • 3145401 Service connection point does not connect in System Center Configuration Manager

Description of Update Rollup 1 for System Center Configuration Manager current branch, version 1606

Issues that are fixed

Administrator Console

  • The System Architecture section of the Choose Updates pane in the Schedule Updates Wizard incorrectly shows x86 as the platform instead of x64.

Updates and servicing

  • Update packages installed through the Updates and Servicing node of the console show a status of “In progress” for installation when there are no redistributable files to validate.

Client

  • Software center incorrectly displays a status of Waiting to install when it should display “Waiting for next available maintenance schedule.”
  • Clients installed through Configuration Manager Operating System deployment may take longer than expected to start to install device-targeted deployments. This issue occurs if the SMS Agent Host (ccmexec.exe) restarts after installation while policy data is being downloaded. Messages that resemble the following are recorded in the PolicyAgent.log file on the client:
    Policy […]is pointing to invalid DTS job [{GUID}]. Will attempt to re-download
  • Configuration Manager Clients installed on Windows Embedded POS Ready 2009 computers cannot download content for application deployments. Errors that resemble the following are recorded in the ExecMgr.log file on the client:
    CoCreateInstance ContentAccessService failed 0x80040154
  • Inventory data that is received from a Mac client computer may not be processed as expected on the site server. This issue occurs when the inventory data contains an unexpected carriage return. Additionally, error messages that resemble the following are logged in the SMS_DM.log file, even though the client certificate is correct:
    Send status message: DMPMSG_ERROR_CLIENT_CERTIFICATE_PROBLEM
    An existing device CN=User_name needs to re-register.

Software updates

  • Attempts to service a server group (cluster patching) on a child primary site that has a remote management point result in errors. Error messages that resemble the following are logged in the MP_ClientID.log file:
    CMPDBConnection::ExecuteSQL(): ICommandText::Execute() failed with 0x80040E09
    MPDB ERROR – EXTENDED INFORMATION
    MPDB Method : ExecuteSP()
    MPDB Method HRESULT : 0x80040E09
    Error Description : The EXECUTE permission was denied on the object ‘spGetLockState’, database ‘CM_PRI’, schema ‘dbo’.
  • A software update group that contains Microsoft Office updates may not always replicate to a secondary site. Messages that resemble the following are recorded in the PkgXferMgr.log file on the site server:
    Invalid object name ‘v_UpdateContents’

    Note This issue only affects the delta replication of Office updates.

Site Systems

  • Inventory views are not updated to reflect the removal of applications uninstalled from mobile devices.

Operating System Deployment

  • Task sequences that contain the Install Software Update step cannot be imported in Configuration Manager, version 1606. Additionally, you receive an error message that resembles the following, and the error is recorded in the SMSAdminUI.log file:
    System.NullReferenceException
    Object reference not set to an instance of an object.
  • The Install Application task sequence step, when it is applied to pre-staged media, downloads content from a distribution point instead of using the content that is stored on the media. This issue increases the time for task sequence execution from pre-staged media.

Windows Store for Business

  • Offline license information for Windows Store for Business applications is not replicated in a Configuration Manager hierarchy.
    ,
  • When you click the Content Status link for the deployment of an online Windows Store for Business application, you receive the following error message in the Administrator Console:
    system.NullReferenceException
  • Not all expected applications are synchronized during synchronization of applications from the Windows Store for Business. Errors that resemble the following are recorded in the WsfbSyncWorker.log file:
    There was a problem with the configuration for Windows Store for Business.
    Exception: [System.ArgumentException: Content location does not exist or user does not have access.
  • The Create Date field in the Administrator Console is empty for Online Windows Store for Business applications.

Software distribution and content management

  • Redistributing a package to a remote distribution point at a secondary site results in all distribution points for that site receiving the package. This issue occurs when the secondary site was recovered, and the original database was lost.

Endpoint Protection

  • .EPP files remain in the \EpMgr.box\process folder after all files are successfully processed into the database. Additionally, errors that resemble the following are recorded in the EPMgr.log file on the site server:
    Failed to check if file \\?\E:\Microsoft Configuration Manager\inboxes\epmgr.box\process\\mi26ckw8.EPP exists with error 123
  • The Windows Defender Advanced Threat Protection feature incorrectly requires consent to use, even though it is not a pre-release feature.

Additional changes included in this update

  • Windows Server 2016 is now available in the supported platform list for Content Distribution, Software Update Management, and Settings Management.
  • The following fix is included in this update rollup:
    3184153 Can’t create, edit, or delete rules for a compliance policy in System Center Configuration Manager version 1606

Update information for System Center Configuration Manager, version 1606

This update is available for installation in the Updates and Servicing node of the Configuration Manager console. If the service connection point is in offline mode, you have to re-import the update so that it is listed in the Configuration Manager console. Refer to Install Updates for System Center Configuration Manager for details.

After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, click Administration, click Site Configuration, click Sites, click Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.

Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:

select dbo.fnGetSecondarySiteCMUpdateStatus (‘SiteCode_of_secondary_site‘)

When the return is 1, the site is up to date with all the hotfixes applied on its parent primary site.

When the return is 0, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.

Restart information

You do not have to restart the computer after you apply this update.

Update replacement information

This update does not replace any previously released update.

File information

The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For System Center Configuration Manager, version 1606
File name File version File size Date Time Platform
Adminui.appmanfoundation.dll 5.0.8412.1307 121,008 04-Aug-2016 01:55 x86
Adminui.common.dll 5.0.8412.1307 1,785,520 04-Aug-2016 01:55 x86
Adminui.uiresources.dll 5.0.8412.1307 8,821,424 04-Aug-2016 01:55 x86
All_x64_windows_server_2016.xml Not Applicable 3,024 04-Aug-2016 01:55 Not applicable
All_x64_windows_server_2016_and_higher.xml Not Applicable 3,099 04-Aug-2016 01:55 Not applicable
Basesvr.dll 5.0.8412.1307 3,778,224 04-Aug-2016 01:55 x64
Baseutil.dll 5.0.8412.1307 1,381,552 04-Aug-2016 01:55 x64
Certmgr.dll 5.0.8412.1307 404,144 04-Aug-2016 01:55 x64
Ciagent.dll 5.0.8412.1307 1,584,304 04-Aug-2016 01:55 x64
Cmupdate.exe 5.0.8412.1307 19,244,208 04-Aug-2016 01:55 x64
Configmgr1606-client-kb3186654-x64.msp Not Applicable 7,020,544 04-Aug-2016 01:55 Not applicable
Contentaccess.dll 5.0.8412.1307 953,520 04-Aug-2016 01:55 x64
Createmedia.exe 5.0.8412.1307 317,616 04-Aug-2016 01:55 x64
Createtsmediaadm.dll 5.0.8412.1307 2,369,200 04-Aug-2016 01:55 x64
Dcmagent.dll 5.0.8412.1307 1,033,904 04-Aug-2016 01:55 x64
Dcmobjectmodel.dll 5.0.8412.1307 2,739,376 04-Aug-2016 01:55 x86
Defaultcategories.dll 5.0.8412.1307 9,392 04-Aug-2016 01:55 x64
Deploytovhd.exe 5.0.8412.1307 584,880 04-Aug-2016 01:55 x64
Distmgr.dll 5.0.8412.1307 1,040,048 04-Aug-2016 01:55 x64
Dmp.msi Not Applicable 5,722,112 04-Aug-2016 01:55 Not applicable
Endpointprotectionendpoint.dll 5.0.8412.1307 459,952 04-Aug-2016 01:55 x64
Epmgr.dll 5.0.8412.1307 48,816 04-Aug-2016 01:55 x64
Execmgr.dll 5.0.8412.1307 1,082,544 04-Aug-2016 01:55 x64
Licensemgr.dll 5.0.8412.1307 96,944 04-Aug-2016 01:55 x64
Mcs.msi Not Applicable 10,924,032 04-Aug-2016 01:55 Not applicable
Microsoft.configurationmanagement.applicationmanagement.webappinstaller.dll 5.0.8412.1307 28,848 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.win8installer.dll 5.0.8412.1307 83,120 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.winphone8installer.dll 5.0.8412.1307 42,160 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.wsfb.appconverter.dll 5.0.8412.1307 35,504 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.wsfb.businessappprocessworker.dll 5.0.8412.1307 28,848 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.wsfb.metadata.dll 5.0.8412.1307 50,352 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.wsfb.sync.dll 5.0.8412.1307 81,584 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.exe 5.0.8412.1307 411,824 04-Aug-2016 01:55 x86
Microsoft.configurationmanager.mobile.proxyengine.sessionmanager.dll 5.0.8412.1307 154,288 04-Aug-2016 01:55 x86
Modelfactory.dll 5.0.8412.1307 165,040 04-Aug-2016 01:55 x86
Mp.msi Not Applicable 10,674,176 04-Aug-2016 01:55 Not applicable
Osdbitlocker_wtg.exe 5.0.8412.1307 1,877,168 04-Aug-2016 01:55 x64
Osdimageproperties.dll 5.0.8412.1307 494,768 04-Aug-2016 01:55 x64
Osdsetuphook.exe 5.0.8412.1307 2,906,800 04-Aug-2016 01:55 x64
Policyagentendpoint.dll 5.0.8412.1307 1,346,224 04-Aug-2016 01:55 x64
Pulldp.msi Not Applicable 9,502,720 04-Aug-2016 01:55 Not applicable
Pulldpcmgr.dll 5.0.8412.1307 756,400 04-Aug-2016 01:55 x64
Replicationconfiguration.xml Not Applicable 100,586 04-Aug-2016 01:55 Not applicable
Setupcore.dll 5.0.8412.1307 20,593,840 04-Aug-2016 01:55 x64
Sitecomp.exe 5.0.8412.1307 715,440 04-Aug-2016 01:55 x64
Smsappinstall.exe 5.0.8412.1307 291,504 04-Aug-2016 01:55 x64
Softwarelibrary.objectserialization.dll 5.0.8412.1307 1,393,840 04-Aug-2016 01:55 x86
Tsbootshell.exe 5.0.8412.1307 2,672,816 04-Aug-2016 01:55 x64
Tscore.dll 5.0.8412.1307 2,803,376 04-Aug-2016 01:55 x64
Tsprogressui.exe 5.0.8412.1307 1,703,088 04-Aug-2016 01:55 x64
Update.sql Not Applicable 25,636 04-Aug-2016 01:55 Not applicable
Vpnconnectionsettings.xml Not Applicable 113,006 04-Aug-2016 01:55 Not applicable
Webapphostingtechnology.xml Not Applicable 9,320 04-Aug-2016 01:55 Not applicable
Windows8apphostingtechnology.xml Not Applicable 4,994 04-Aug-2016 01:55 Not applicable
Adminui.appmanfoundation.dll 5.0.8412.1307 121,008 04-Aug-2016 01:55 x86
Adminui.common.dll 5.0.8412.1307 1,785,520 04-Aug-2016 01:55 x86
Adminui.compliancepolicy.dll 5.0.8412.1307 238,768 04-Aug-2016 01:55 x86
Adminui.devicesetting.dll 5.0.8412.1307 1,932,464 04-Aug-2016 01:55 x86
Adminui.networkpolicy.dll 5.0.8412.1307 372,400 04-Aug-2016 01:55 x86
Adminui.osimage.dll 5.0.8412.1307 229,552 04-Aug-2016 01:55 x86
Adminui.ps.appman.dll 5.0.8412.1307 306,352 04-Aug-2016 01:55 x86
Adminui.ps.common.dll 5.0.8412.1307 261,808 04-Aug-2016 01:55 x86
Adminui.uiresources.dll 5.0.8412.1307 8,821,424 04-Aug-2016 01:55 x86
Baseutil.dll 5.0.8412.1307 955,056 04-Aug-2016 01:55 x86
Ciagent.dll 5.0.8412.1307 1,050,288 04-Aug-2016 01:55 x86
Configmgr1606-adminui-kb3186654-i386.msp Not Applicable 94,040,064 04-Aug-2016 01:55 Not applicable
Configmgr1606-client-kb3186654-i386.msp Not Applicable 5,021,696 04-Aug-2016 01:55 Not applicable
Contentaccess.dll 5.0.8412.1307 716,976 04-Aug-2016 01:55 x86
Createmedia.exe 5.0.8412.1307 256,688 04-Aug-2016 01:55 x86
Createtsmediaadm.dll 5.0.8412.1307 1,682,096 04-Aug-2016 01:55 x86
Dcmagent.dll 5.0.8412.1307 710,320 04-Aug-2016 01:55 x86
Dcmobjectmodel.dll 5.0.8412.1307 2,739,376 04-Aug-2016 01:55 x86
Deploytovhd.exe 5.0.8412.1307 397,488 04-Aug-2016 01:55 x86
Endpointprotectionendpoint.dll 5.0.8412.1307 334,512 04-Aug-2016 01:55 x86
Execmgr.dll 5.0.8412.1307 816,816 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.webappinstaller.dll 5.0.8412.1307 28,848 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.win8installer.dll 5.0.8412.1307 83,120 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.winphone8installer.dll 5.0.8412.1307 42,160 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.wsfb.appconverter.dll 5.0.8412.1307 35,504 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.wsfb.businessappprocessworker.dll 5.0.8412.1307 28,848 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.wsfb.metadata.dll 5.0.8412.1307 50,352 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.applicationmanagement.wsfb.sync.dll 5.0.8412.1307 81,584 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.exe 5.0.8412.1307 411,824 04-Aug-2016 01:55 x86
Microsoft.configurationmanagement.migration.configmgr2012.dll 5.0.8412.1307 1,118,896 04-Aug-2016 01:55 x86
Modelfactory.dll 5.0.8412.1307 165,040 04-Aug-2016 01:55 x86
Osdbitlocker_wtg.exe 5.0.8412.1307 1,247,408 04-Aug-2016 01:55 x86
Osdsetuphook.exe 5.0.8412.1307 2,060,464 04-Aug-2016 01:55 x86
Policyagentendpoint.dll 5.0.8412.1307 906,928 04-Aug-2016 01:55 x86
Pulldp.msi Not Applicable 6,979,584 04-Aug-2016 01:55 Not applicable
Pulldpcmgr.dll 5.0.8412.1307 578,224 04-Aug-2016 01:55 x86
Smsappinstall.exe 5.0.8412.1307 218,288 04-Aug-2016 01:55 x86
Softwarelibrary.objectserialization.dll 5.0.8412.1307 1,393,840 04-Aug-2016 01:55 x86
Tsbootshell.exe 5.0.8412.1307 1,800,880 04-Aug-2016 01:55 x86
Tscore.dll 5.0.8412.1307 2,031,280 04-Aug-2016 01:55 x86
Tsprogressui.exe 5.0.8412.1307 1,125,552 04-Aug-2016 01:55 x86
Webapphostingtechnology.xml Not Applicable 9,320 21-Jun-2016 03:06 Not applicable
Windows8apphostingtechnology.xml Not Applicable 4,994 21-Jun-2016 03:07 Not applicable

Can’t create, edit, or delete rules for a compliance policy in System Center Configuration Manager version 1606

Can’t create, edit, or delete rules for a compliance policy in System Center Configuration Manager version 1606

This hotfix is available for installation in the Updates and Servicing node of the Configuration Manager console for version 1606.

Symptoms

On the Specify the rules for a compliant device page of the Create Compliance Policy Wizard, you discover that the buttons to create, edit, and delete rules are unavailable (appear dimmed). This issue occurs after you upgrade from System Center Configuration Manager version 1602 to version 1606. Additionally, you cannot add a rule that uses the “Network firewall on” condition to an existing compliance policy.

File information

The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

For System Center Configuration Manager version 1606
File name File version File size Date Time Platform
Adminui.compliancepolicy.dll 5.0.8412.1205 238,768 04-Aug-2016 01:20 x86
Configmgr1606-adminui-kb3184153-i386.msp Not Applicable 4,800,512 04-Aug-2016 01:20 Not Applicable
Microsoft.configurationmanagement.exe 5.0.8412.1205 411,824 04-Aug-2016 01:20 x86

Update for System Center Configuration Manager version 1606, early wave

More info about the fix can be found here.

This hotfix is available for installation in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using Technology Adoption Program (TAP) or early wave (Fast Ring) builds of version 1606 before August 3, 2016.

Administrators who opted-in to the early wave deployment for System Center Configuration Manager current branch, version 1606, have an update available in the Updates and Servicing node of the Configuration Manager console. This update was made available on August 5, 2016, and it addresses critical, late-breaking issues that were discovered during the final release process for version 1606. It does not apply to sites that update or install version 1606 after August 3, 2016

Issues that are fixed

  • When you select the Update all clients in the hierarchy using production client option on the Client Upgrade tab of Hierarchy Settings Properties, an exception occurs. The exception details resemble the following:
    ConfigMgr Error Object:
    instance of SMS_ExtendedStatus
    Description = “Failed to save current auto-update configuration”
    ErrorCode = 2147500037
  • 3174008 Software update installation freezes on System Center Configuration Manager clients
  • The Production and Preproduction Client Deployment dashboards show inaccurate client counts.
  • The Device Compliance section of the Software Center application may incorrectly show a state of Compliant. This affects only the user interface and not the actual compliance state of the device.
  • After you upgrade a site to version 1606, the Service Connection Point incorrectly shows an error state that indicates the role is not available. If the Service Connection Point is already showing this error state, the following additional steps are required after you install this update:
    1. Change the Availability State registry value from 1 to 4 under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Operations Management\SMS Server Role\SMS Dmp Connector.
    2. Restart the SMS Executive service on the site server.
  • The SMS Agent Host (ccmexec.exe) process consumes excessive CPU resources on Pull Distribution Points after you update to version 1606.
  • When you distribute a software update package that contains many updates (500 or more) to a Pull Distribution Point, the SMS Agent Host process (ccmexec.exe) stops responding. On examination, the ccmexec.exe thread count, as seen through Task Manager or other tools, shows that approximately 512 threads that are used.

Support for System Center Configuration Manager current branch versions and Servicing Update

 

https://blogs.technet.microsoft.com/enterprisemobility/2014/03/24/configuration-manager-servicing-update/

With seven Cumulative Updates (CU’s) for System Center 2012 Configuration Manager and System Center 2012 Configuration Manager SP1 released to date, and more on the way, we thought now would be a good time to revisit and clarify our servicing strategy.

New CU’s ship approximately every quarter. The “release timer” starts with the General Availability date of a new product, or the date the previous CU shipped. We maintain a flexible release schedule to accommodate customer demand and improve coordination with internal teams. This helps us to improve the quality of the end product.

Cumulative Update 1 for System Center 2012 R2 Configuration Manager is in development now, and expected to ship in the 2nd quarter of calendar year 2014.

Each CU is considered a large hotfix. Therefore, the general guidance is to install it if you are encountering, or believe you may encounter, one of the issues fixed by current CU (or a prior one).  However, a CU also represents a new servicing baseline; In the event we release a critical on-demand hotfix for Configuration Manager it will require the latest released CU be installed first. This doesn’t happen often, but may affect your test and deployment strategy.

Our Cumulative Updates are truly cumulative; SP1 CU4 contains all of the fixes from SP1 CU1 through CU3. You do not need to install them in sequence, only install the latest.

From a servicing perspective, consider System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager as two separate products. In other words there is no dependency between SP1 CUs and R2 CUs, and SP1 CUs are not a prerequisite for R2 CUs.  There may be issues common to both SP1 and R2, and if so we will document any fixes as needed.

https://technet.microsoft.com/en-us/library/mt734376.aspx

Microsoft plans to release updates for System Center Configuration Manager current branch a few times per year with each update version supported for twelve (12) months from its general availability (GA) release date. Technical support will be provided for the entire twelve (12) months. However, our support structure is now dynamic, evolving into two distinct servicing phases that depend on the availability of the latest current branch version.

  • Security and Critical Updates servicing phase – When running the latest current branch version of Configuration Manager, you will receive both Security and Critical updates.
  • Security Updates (Only) servicing phase – After a new current branch version is released, support for older branches will reduce to Security updates only for the remainder of the twelve (12) month support lifecycle (shown in figure 1).

CM_Servicing_support_timeline
Figure 1. Example of current branch servicing support.

System_CAPS_ICON_note.jpg Note
The latest current branch version is always in the Security and Critical Updates servicing phase. This means that in the event that you encounter a code defect that warrants a critical update, you must have the latest current branch version installed in order to receive a fix. All other supported current branch versions will only be eligible to receive security updates. All support ends after the twelve (12) month lifecycle for a current branch version has expired. At that time, customers must update to a supported current branch version.

Version History

Version Availability Date Support End Date
1511 12/8/2015 12/8/2016
1602 3/11/2016 3/11/2017

Important SCEP MAPS (SpyNet) URI changes

https://blogs.technet.microsoft.com/configmgrteam/2016/05/31/important-changes-to-microsoft-active-protection-service-maps-endpoint/

 

A service endpoint name change for the MAPS (aka Spynet) service will be rolled out over the next two months, with a complete switch planned by July 30 2016.

The change is automatically configured by the product via normal definition updates, there is no need for the user or administrator to take any direct action in the product.

 

The new endpoint URI domain begins with “https://wdcp.microsoft.com”, so any filtering by domain name that omits this from an allow list will break connectivity to MAPS.

 

Breaking connectivity to MAPS can result in loss of protection delivered by our real-time signature delivery service that uses this channel.

System Center Configuration Manager