SCCM 1902 Known Issues List and Fixes

I’m trying to help the SCCM community with this list of SCCM known issues with the latest version of SCCM 1902. Many of these issues are already fixed before the 1902 slow ring general availability.

Let’s check out the list of SCCM 1902 Known Issues. Keep commenting if you find any SCCM 1902 known issue below this post.

##Latest Update – SCCM 2107 Known issues are documented SCCM 2107 known issues and fixes

[Related Post – SCCM 1902 Upgrade Step by Step Guide & SCCM 1902 Production Upgrade Video Guide]

Patch My PC

List of SCCM 1902 Fixes KB Articles

SCCM 1902 Roll-up update KB 4500571 is released for SCCM 1902 production version.

  • SCCM KB 4509484 – Error 80070070 during content distribution to a CMG or cloud DP in SCCM (When you have the BranchCache feature installed)
  • SCCM KB 4509132 – FIX Content Distribution Issues – “IDispatch error #3603” when you distribute content to DPs
  • SCCM 1902 KB 4508760 – “Function sequence error” repeatedly logged in Smsdbmon.log
  • SCCM 1902 KB 4508759 Initialize CA Error with Device enrollment profile
  • SCCM Roll up update KB 4500571 released on 17th June 2019
  • KB4498910 (Information article) – This KB won’t be available in the SCCM console.
  • SCCM 1902 KB4500232 – Management points (MP) do not reinstall in SCCM (Applicable only for FAST Ring SCCM 1902) – This issue is fixed in the latest SCCM 1902 builds.
  • SCCM 1902 KB 4503578 for reporting service issue.
  • KB 4503442 for the SCCM CMG issue

SCCM 1902 Issues Fixed with KB 4500571

  • The Download Package Content task sequence action fails,,, and the OsdDownload.exe process terminates unexpectedly. When this occurs, the following exit code is recorded in the Smsts.log on the client: Process completed with exit code 3221225477
  • Screenshots submitted through the Send a Smile or Send a Frown product feedback options cannot be deleted until the SCCM console is closed.
  • Hardware inventory data that relies on the MSFT_PhysicalDisk class reports incomplete information on computers with multiple drives. The ObjectId property is not correctly defined as a key field.
  • Client installation fails on workgroup computers in an HTTPS-only environment. Communication with the management point fails, indicating that a client certificate is required even after one has been provisioned and imported.
  • A “success” return code of 0 is incorrectly reported as an error condition when monitoring deployment status in the SCCM console.
  • When the option to show a dialog window is selected for app deployments requiring a computer restart, that window is not displayed again if closed before the restart deadline. Instead, a temporary (toast) notification is displayed. This can cause unexpected computer restarts.
  • If previously selected, the “When software changes are required, show a dialog window to the user instead of a toast notification” check box is cleared after making property changes to the required application deployment.
  • Expired Enhanced HTTPS certificates used for distribution points are not updated automatically as expected. When this occurs, clients cannot retrieve content from the distribution points. This can cause increased network traffic or failure to download content. Errors that resemble the following are recorded in the Smsdpprov.log:
to select client certificate
Using certificate selection criteria 'CertHashCode:<HASH>'.
There are no certificate(s) that meet the criteria.
Failed in GetCertificate(...): 0x87d00281
Failed to find certificate '<THUMBPRINT>' from store 'MY'. Error 0x87d00281
UpdateIISBinding failed with error - 0x87d00281
  • The distribution points certificates are valid when you view them in the Security\Certificates node of the SCCM console, but the SMS Issuing certificate will expire.
  • Renewing the certificate from the console has no effect. After applying this update, the SMS Issuing certificate and any distribution point certificates will automatically renew as required.
  • A management point may return an HTTP Error 500 in response to client user policy requests. This can occur if Active Directory User Discovery is not enabled. The instance of Dllhost.exe that hosts the Notification Server role on the management point may also continue to consume memory as more user policy requests arrive.
  • Content downloads from a cloud-based distribution point fail if the filename contains the percent sign (%) or other special characters. An error entry that resembles the following is recorded in the DataTransferService.log file on the client:
: PathFileExists returned unexpected error 0x8007007b
  • The DataTransferService.log may also record error code 0x80190194 when it tries to download the source file. One or both errors may be present depending on the characters in the filename.
  • After you update SCCM 1902, the Data Warehouse Synchronization Service (Data_Warehouse_Service_Point) records the error status message ID 11202. An error entry that resembles the following is recorded in the Microsoft.ConfigMgrDataWarehouse.log file:
or function 'v_UpdateCIs' has more column names specified than columns
defined.<br />Could not use view or function
'vSMS_Update_ComplianceStatus' because of binding errors.
  • User collections may appear to be empty after you update to SCCM 1902. This can occur if the collection membership rules query user discovery data that contains Unicode characters, such as ä.
  • The Delete Aged Log Data maintenance task fails if run on a Central Administration Site (CAS). Errors that resemble the following are recorded in the Smsdbmon.log file on the server.
is not allowed in an UPDATE or DELETE statement against a partitioned view. :
An error occurred while aging out DRS log data.
  • When you select the option to save PowerShell script output to a task sequence variable, the output is incorrectly appended instead of replaced.
  • The SMS Executive service on a site server may terminate unexpectedly after a change in operating system machine keys or after a site recovery to a different server. The Crash.log file on the server contains entries that resemble the following.

Note Multiple components may be listed, such as SMS_DISTRIBUTION_MANAGER, SMS_CERTIFICATE_MANAGER, or SMS_FAILOVERMANAGER. The following Crash.log entries are truncated for readability.

Service name = SMS_EXECUTIVE
Exception = c00000fd (EXCEPTION_STACK_OVERFLOW) Description = "The thread used up its stack."
  • Old status messages may be overwritten by new messages after promoting a passive site server to active.
  • User-targeted software installations do not start from Software Center after you update to SCCM 1902. The client displays an “Unable to make changes to your software” error message. Errors entries that resemble the following are recorded in the ServicePortalWebSitev3.log:
- Could not convert 1.0,GUID:{guid} to device identity because the
deviceId string is either null or larger than the allowed max size of input
:System.ArgumentException: DeviceId
   at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.PortalContextUtilities.GetDeviceIdentity(String deviceId)
   at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.Connection.ServiceProxy.InstallApplication(UserContext user, String deviceId, String applicationId)
   at Microsoft.ConfigurationManager.SoftwareCatalog.Website.ApplicationViewService.InstallApplication(String applicationID, String deviceID, String reserved)
  • This issue occurs if the PKI certificates have a key length greater than 2,048 bits.
  • Audit status messages are not transmitted to the site server in an environment with a remote SMS provider.
  • The Management Insights rule “Enable the software updates product category for Windows 10, version 1809 and later” does not work as expected for Windows 10, version 1903.

1810 Issues Fixed with SCCM 1902

Microsoft released a support article to explain the fixes available in SCCM 1902. As per the SCCM support article, there are fixes and feature improvements.

Microsoft confirmed that all the issues listed in SCCM 1810 Rollup 2 were fixed in the SCCM 1902 slow ring version. And that itself is a good indication that Microsoft is recommending SCCM 1902 version.


Most of the known issues of SCCM 1810 are fixed in the 1902 version of SCCM. I can see that Twenty Nine (29) matters known were set in the SCCM 1902 Slow ring version as per the following article.

SCCM 1902 Known Issues

I added a section in my SCCM 1902 step-by-step upgrade guide about known issues. I will be moving that section to this post later. I could track three (3) known problems that Microsoft publicly confirms.

Phased Deployment Issues – RBAC Related

In SCCM 1902, the following built-in security roles don’t have Phased Deployment permission. This issue is because of some missing permissions in the following built-in security roles.

  • Application Administrator
  • Application Deployment Manager
  • Software Update Manager
  • Application Author

SCCM 1902 Task Sequence Editor Issue?

I have seen some Task Sequence editor issues reports with the SCCM 1902 version.

  • Add – MDT – Install Roles and Features – Select the operating system for which roles will be installed – Server 2012 R2 Core.
  • When you click APPLY button, it goes back to Windows server 2019.
  • When you click the OK button, it stays with the selected operating system.

But I feel it’s not an SCCM issue? I could see this issue with 1810 – MDT 8456 settings as well. Does it happen only for the first time in the environment?.

I can confirm the behavior and test this. More details are available in the tweet.

Error 403 when SCCM clients try to communicate with CMG

Microsoft released new KB 4503442 for SCCM CMG issue. Microsoft SCCM clients can’t communicate together with the CMG. An error message that resembles one of the following is logged in the LocationServices.log file:

[CCMHTTP] ERROR: URL=, Port=443, Options=31, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
[CCMHTTP] ERROR INFO: StatusCode=403 StatusText=CMGConnector_Clientcertificaterequired    

[CCMHTTP] ERROR: URL=, Port=443, Options=31, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE  
[CCMHTTP] ERROR INFO: StatusCode=403 StatusText=CMGConnector_Forbidden 

SCCM 1902 and OneDrive Known Issues

Another great tip from Panu on Twitter. The SCCM OneDrive for Business KFM profile works only if the user has an existing OneDrive for Business profile.

He recommends using the following configuration for the new OneDrive for Business profile.

The profile will be automatically created if you add SilentAccountConfig = 1 value (e.g., with a CI).

New OneDrive for Business Settings Issue with SCCM 1902
New OneDrive for Business Settings 4

SCCM Reports Stop Working after Moving Reporting Services Point or Enable TLS 1.2

Microsoft released another KB article for SCCM 1902 and 1810-related issues. Check out SCCM 1902 KB 4503578 for more details.

SCCM reporting Stops working with SCCM 1902 and 1810 Microsoft after moving the reporting services point role to a new SCCM site system server, or you enable TLS 1.2 on the site servers.

The following error messages are logged in the Srsrp.log file on the SCCM 1902 reporting services point:

Successfully created srsserver SMS_SRS_REPORTING_POINT 
Reporting Services URL from Registry [https://<ServerName>] SMS_SRS_REPORTING_POINT 
The underlying connection was closed: An unexpected error occurred on a receive. SMS_SRS_REPORTING_POINT 
(!) SRS not detected as running SMS_SRS_REPORTING_POINT 
The SRS Server reported failures during periodic health checks [<ServerName>]. SMS_SRS_REPORTING_POINT

“Disappearing” IIS on SCCM 1902 DPs

I don’t think this disappearing IIS on SCCM DP is a 1902 issue (error code 0x80070bc9). Microsoft MVP colleague Panu shared this issue with SCCM 1902 and Server 2019. Earlier, he reported the same problem with Server 2016 as well.

His tweet shows more details on the IIS disappearing issue on SCCM 1902 DP. He also noted in the tweet that the SCCM 1902 DP works fine until the first restart!

NOTE! – The solution for the above issue is the re-installation of IIS.

Issues with SCCM 1902 Network Access Account Password

In the tweet, Panu also shared a problem with SCCM 1902 NAA (Network Access Account) password. As per his testing, when you have a “+” character in the SCCM Network access account, you will get a “Bad Password” error on the DP Server (Event ID – 4625).

NOTE! – The solution for this issue is NOT to use the “+” character in SCCM 1902 NAA passwords.

SCCM 1902 Prerequisite Check Failed Error

NOTE! – This issue is already FIXED in the SLOW ring of SCCM 1902.

I did a blog post on the third(3rd) of April 2019 to report another known issue. This issue will prevent you from SCCM 1902 upgrade. I don’t think this issue would be widely spread as this is related to SCCM NAP policies.

I recommend reading the following blog post to get more details about the SCCM 1902 prerequisite check failed error. SCCM 1902 Prerequisite Error Network Access Protection (NAP) is No Longer Supported.

NOTE! – Do you have any other SCCM 1902 prerequisite check failure issues? I would recommend going through the article.

Remote Console Installation Error – SCCM 1902

NOTE! – This was a user error—no need to Worry.

I heard a report about SCCM remote console installation errors when you try to deploy SCCM 1902 console version. The Twitter user Russ Gee reported this issue on Twitter.

The following error in SCCM 1902 console notification bar – A required component of the console is missing. Install the new console version.

When you deploy a remote SCCM console to restricted (helpdesk support ) users via the Software center, you might get the following error 0x87D00206(-2016411130).

Solution! – Russ Gee noticed the in-console upgrade was also downloading,,,, and UIManifest.xml. He added the above files to the package, and the SCCM console remote installation started working.

SCCM 1902 Rollup Updates

SCCM 1902 rollup update is Not Yet Released for a production version.

NOTE! – SCCM 1902 TAP Rollup update released for SCCM 1902 Fast Ring Customers.

SCCM KB 4494066 is only applicable for SCCM 1902 TAP versions.


15 thoughts on “SCCM 1902 Known Issues List and Fixes”

  1. We may have a new 1902 issue where SCCM imaged Surface systems create 2 records with the same host name. One with the client, the other without.

  2. I seem to have an issue when moving the site database to a SQL AG. After following the MS documentation, I run the setup.exe and specify the SQL AG listener FQDN, I get an error stating Incorrect syntax near ‘)’.

    Any help appreciated.

    • Can you share more details about your sccm version and setup of AG pls ?
      Are you using SCCM 1902 version ?

      I have two SQL Availability group setup working with 1810 sccm version.

      Are you using asynchronous or Synchronization replication for SQL AG ?

      • Hi Anoop

        I hope it is ok to post this here, I suspected it may be a 1902 issue.

        This is a new install of SCCM 1902 from the base media. SQL is 2014 build 12.0.6024.0 with synchronous commit availability mode, manual failover and readable secondary.

        The ConfigMgrSetupWizard log file contains the following:
        10/07/2019 09:49:49: ConfigMgrSetupWizard Information: 1 : Sql connection is established.
        10/07/2019 09:49:49: ConfigMgrSetupWizard Information: 1 : Detected instance name: SCCMS
        10/07/2019 09:49:49: ConfigMgrSetupWizard Information: 1 : Detected default data path: M:\SCCM_Data\MDF\
        10/07/2019 09:49:49: ConfigMgrSetupWizard Information: 1 : Detected default log path: M:\SCCM_Log\LDF\
        10/07/2019 09:49:49: ConfigMgrSetupWizard Information: 1 : Is SQL clustered?: True
        10/07/2019 09:49:49: ConfigMgrSetupWizard Information: 1 : Is SQL availability group?: True
        10/07/2019 09:49:49: ConfigMgrSetupWizard Error: 1 : Exception message: [Incorrect syntax near ‘)’.], Exception details: [System.Data.SqlClient.SqlException (0x80131904): Incorrect syntax near ‘)’.

        Server stack trace:
        at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
        at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
        at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
        at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()
        at System.Data.SqlClient.SqlDataReader.get_MetaData()
        at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption, Boolean shouldCacheForAlwaysEncrypted)
        at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)
        at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)
        at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)
        at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)
        at System.Data.SqlClient.SqlCommand.ExecuteReader()
        at Microsoft.SystemCenter.ConfigMgr.Setup.DatabaseUtility.GetSqlInformation(String serverName, String instanceName, String siteDatabaseName)
        at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
        at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

        Exception rethrown at [0]:
        at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)
        at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)
        at Microsoft.SystemCenter.ConfigMgr.Setup.GetSqlInformationAsync.EndInvoke(IAsyncResult result)
        at Microsoft.SystemCenter.ConfigMgr.Setup.DatabasePage.ValidatePage()
        at Microsoft.SystemCenter.ConfigMgr.SetupFramework.WizardForm.ActivatePage(String pageId, Boolean goingNext)
        at System.Windows.EventRoute.InvokeHandlersImpl(Object source, RoutedEventArgs args, Boolean reRaised)
        at System.Windows.UIElement.RaiseEventImpl(DependencyObject sender, RoutedEventArgs args)
        at System.Windows.Controls.Primitives.ButtonBase.OnClick()
        at System.Windows.Controls.Button.OnClick()
        at System.Windows.Input.AccessKeyManager.ProcessKey(List`1 targets, String key, Boolean existsElsewhere, Boolean userInitiated)
        at System.Windows.Input.AccessKeyManager.OnKeyDown(KeyEventArgs e)
        at System.Windows.Input.InputManager.RaiseProcessInputEventHandlers(ProcessInputEventHandler postProcessInput, ProcessInputEventArgs processInputEventArgs)
        at System.Windows.Input.InputManager.ProcessStagingArea()
        at System.Windows.Input.InputManager.ProcessInput(InputEventArgs input)
        at System.Windows.Input.InputProviderSite.ReportInput(InputReport inputReport)
        at System.Windows.Interop.HwndKeyboardInputProvider.ReportInput(IntPtr hwnd, InputMode mode, Int32 timestamp, RawKeyboardActions actions, Int32 scanCode, Boolean isExtendedKey, Boolean isSystemKey, Int32 virtualKey)
        at System.Windows.Interop.HwndKeyboardInputProvider.ProcessKeyAction(MSG& msg, Boolean& handled)
        at System.Windows.Interop.HwndSource.CriticalTranslateAccelerator(MSG& msg, ModifierKeys modifiers)
        at System.Windows.Interop.HwndSource.OnPreprocessMessage(Object param)
        at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Int32 numArgs)
        at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Int32 numArgs, Delegate catchHandler)
        Error Number:102,State:1,Class:15].
        10/07/2019 09:53:51: ConfigMgrSetupWizard Verbose: 1 : Exiting SetupWPF.exe.

      • I’m still wondering whether there is any issues with the SETUP of SQL availability group or it’s a known issue with 1902?. As I mentioned before, I already have 1902 version SQL replica running fine without any issue.
        High level decisions and actions you need to make as per my experience:
        Asynchronous AlwaysOn availability Group Vs Synchronous AlwaysOn availability group
        Which version of SQL?
        Install the Windows Failover Clustering feature
        Create a Network Share for the File Share
        Create the cluster itself
        Check out the new record created for the Cluster Name
        Do we need a new IP or which IP will get resolved for new cluster name?
        Select the SQL collation, used for backwards compatibility radio button, change the collation to SQL_Latin1_General_CP1_CI_AS
        Add the computer account of the Primary Site server to the local Administrator group on new SQL server
        Stop and disable the following services in this order:
        ConfigMgr Task Sequence Agent
        Configuration Manager Remote Control
        SMS Agent Host (If installed)
        Create backup of SCCM DB from SQL mgmt. studio
        Configure SQL engine all nodes
        Restore SQL DB
        Change Recovery Model from SIMPLE to FULL
        Set SA owner on DB
        Set TRUSTWORTHY bit on DB
        Enable SERVICEBROKER on DB
        SQL Security for Primary server
        Enable SQL Always On Feature
        Create a SQL Always On Availability Group
        Set the SQL SPNs with new Server details?
        Change Availability Group Automatic Failover mode to manual failover mode
        Availability group Listener FQDN – Is this same cluster FQDN mentioned in the following mail ?
        SCCM database is to put it into the FULL recovery model?
        Reconfigure SCCM via Setup.exe if we need to use SQL AlwaysOn SQL FQDN to connect to SCCM DB?
        More details

  3. Hi Anoop

    I can’t see anything wrong with the setup. I am suspecting a bug of some kind.
    I have a support call logged with MS, so I will let you know.


    • I was about to advice the same. Because, my experience with SQL AG & SCCM setup is not very easy when you are an SCCM admin (like me) without SQL and Server skills 🙂
      If you are confident about the setup. Yes, that (raising a support case) is the best way to move forward.
      Can you please report back here once issue is resolved so that it can benefit the community
      Thank you

      • Hi Anoop
        I have just finished a call with MS regarding this issue. They tell me that this is a known issue with SCCM 1902.
        Here is a copy of the resulting email sent by my contact at MS:

        “Hi Gary,
        As discussed over the phone call regarding the subjected case number that the issue that you were facing with (Migrating the SCCM SQL Database onto the SQL 2014 AG) has been a known issue and Microsoft is well aware about it. The work around for the same is mentioned below:
        a) Either upgrading the SQL Ver. 2014 to SQL Ver. 2016 or
        b) Upgrading the SCCM 1902 to 1906 (Which will be released within next couple of weeks)”

        As a result, I think we will wait for 1906, I cant see the business upgrading to SQL 2016 any time soon (even if they should). There is only internal MS information about this at the moment, so they tell me.

        I hope this may help the community. As the base media may not be updated anytime soon, this will be a process change in getting the DB into a SQL AG if using SQL 2014.

        1. Install 1902 on non-AG SQL instance
        2. Upgrade SCCM to 1906 via in-console update
        3. Then move DB to a SQL AOAG


  4. Upgraded to 1902 incuding hotfix

    OSD Applications no longer install and Apps deployed to Software Center – has anyone else experienced this? we have had issues with PXE as well which i am slowly resolving.

    We have raised a premier support ticket with microsoft.

  5. Hi matt, just upgraded to 1902 including hotfix too.
    seems we got same issues, problem with osd app and sofware center (not appearing on device deployment, appearing on user deployment but can’t install…)
    from what i’ve seen so far, it seems it’s related to global condition.
    did you managed to fix it ?
    is your support ticket still ongoing ?


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.