Let’s see the latest Fixes for SCCM 2211 KB16643863 Hotfix Update Rollup Update. Microsoft released the hotfix rollup update for Configuration Manager 2211 to address important issues.
This update KB16643863 is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using an early update ring or globally available builds of version 2211.
This update applies to those who opted in through a PowerShell script to the early update ring deployment, and who installed the globally available release.
The latest SCCM 2211 update is available globally; Admins can apply this update to the sites running on version 2107 or later.
The Configuration Manager Version 2211 includes all the previously released hotfixes and out-of-band updates. When you upgrade to SCCM 2211, you don’t need to install any of these updates before upgrading it. You can directly jump to 2211.
Summary of Hotfix KB16643863
An Update rollup is available to fix the following issues, here is the list of issues that are fixed in this update rollup for SCCM current branch, version 2211.
- SQL configuration items fail to evaluate correctly when deployed to non-English versions of Windows Server 2022. Instead of a “compliant” or “not compliant” result, the affected configuration items instead return “WMI provider error Invalid parameter [0X80041008]”.
- Group membership data is incorrectly removed if the Active Directory User Group Discover process returns error 0x8007202B (ERROR_DS_REFERRAL).
- The Monitor service state rule for a cloud management gateway updates the Azure_Service table unnecessarily. The rule leads to the unexpected growth of the SCCM_Audit table in the site database.
- In large environments, it’s possible for IIS logging on a cloud management gateway (CMG) to fill the C:\ drive. To prevent the drive from filling, a new scheduled task, CleanIISLogs, is created on the Virtual Machine Scale Set used for a CMG. This task deletes the Internet Information Services (IIS) logs older than 30 days, and runs every Sunday at 12:00 AM.
- In the recurrence schedule for a maintenance window, the Offset (days) value can now be set to a maximum value of seven days instead of the previous maximum of four. This allows for greater flexibility when configuring the offset.
- Older cipher suites that may be considered less secure, such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, are now disabled on cloud management gateway Virtual Machine Scale Sets. Existing Virtual Machine Scale Sets need to be manually updated for changes to take effect, such as by using the Synchronize Configuration button in the ribbon.
- Windows Server Update Services (WSUS) synchronization fails in environments that require strong-name verification for .NET assemblies.
Install KB16643863 Hotfix Update Rollup for SCCM 2211
Let’s follow the steps below to Install SCCM 2211 Hotfix KB16643863. The installation process is straightforward. The summary of the hotfix KB16643863 installation is given below.
- Launch the SCCM console. Navigate to Administration > Updates and Servicing.
- The update Configuration Manager 2211 Hotfix (KB16643863) is Ready to install stage.
- Right-click Configuration Manager 2211 Hotfix KB16643863 and click Install Update Pack.
The Configuration Manager 2211 Hotfix (KB16643863) includes Configuration Manager site server updates. You can check the option “Ignore any prerequisite check warnings and install the update” for prerequisite warnings. Click Next.
Select Client Update Settings. More details about the pre-prod client testing option are given in the following post – SCCM Client Upgrade – Promote Pre-Production Client To Production
I selected this option for LAB Upgrade without validating and Clicking on Next.
The next step is to Review and Accept the license for this update pack and click Next to continue.
Here you can check the Summary of the updated package installation and Click on Close to complete Configuration Manager Updates Wizard.
Success: Install Update Package Configuration Manager 2211 Hotfix Rollup (KB16643863)
Prerequisite warnings will be ignored
Test new version of the client in production
Verification of Successful Installation of KB16643863 Hotfix
Let’s check the detailed status for the Hotfix Installation, following are the verification steps for SCCM 2211 Hotfix KB16643863.
- In Configuration Manager Console, Navigate to the Monitoring workspace.
- \Monitoring\Overview\Updates and Servicing Status\Configuration Manager 2211 Hotfix (KB16643863).
You can also review the cmupdate.log to know the hotfix installation progress.
You can confirm the successful installation of Configuration Manager 2211 Hotfix (KB16643863) from the console, \Administration\Overview\Updates and Servicing.
NOTE! This update does not require a computer restart or a site reset after installation.
Console Upgrade to 5.2211.1061.1300 Version
Let’s see how to upgrade the SCCM console to the 5.2211.1061.1300 Version. After successfully installing the Hotfix Rollup (KB16643863), the console presents you with a pop-up on the upgrade.
Click on the OK button to continue with the SCCM admin console upgrade.
Read More on SCCM Versions – SCCM Versions Build Numbers Client Console Site
The following major components are updated to the versions specified:
|Configuration Manager console||5.2211.1061.1300|
A UAC prompt might appear to allow start downloading the required files. Click on Yes and wait for some time to finish the console upgrade.
SCCM Client Version
The ConfigMgr Hotfix Rollup (KB16643863) updates the production client version to 5.0.9096.1024. You can also check more details on SCCM Client Upgrade Promote Pre-Production Client to Production.
Install Hotfix Rollup KB16643863 on Secondary Server
You can follow the steps to install 2211 Hotfix Rollup (KB16643863) on ConfigMgr (a.k.a SCCM) secondary servers. The following blog posts provide more details about the secondary server installation, troubleshooting, and update installation.
- SCCM Secondary Server Hotfix Installation Guide | ConfigMgr
- Check SCCM Secondary Server Hotfix Installation Status
- SCCM Secondary Server Installation Guide | Step by Step | ConfigMgr
After installing this update on a primary site, pre-existing secondary sites must be manually updated.
To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files.
Configurations and settings for the secondary site aren’t affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.
Run the following SQL Server command on the site database to check whether the updated version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site. If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.