SCCM 1902 Known Issues List and Fixes

I’m trying to help the SCCM community with this list of SCCM known issues with the latest version of SCCM 1902. Many of these issues are already fixed before the 1902 slow ring general availability. Let’s check out the list of SCCM 1902 Known Issues. Keep commenting if you find any SCCM 1902 known issue below this post.

##Latest Update – SCCM 2107 Known issues are documented SCCM 2107 known issues and fixes

[Related Post – SCCM 1902 Upgrade Step by Step Guide & SCCM 1902 Production Upgrade Video Guide]

Patch My PC

List of SCCM 1902 Fixes KB Articles

SCCM 1902 Roll up update KB 4500571 is released for SCCM 1902 production version.

  • SCCM KB 4509484 – Error 80070070 during content distribution to a CMG or cloud DP in SCCM (When you have the BranchCache feature installed)
  • SCCM KB 4509132 – FIX Content Distribution Issues – “IDispatch error #3603” when you distribute content to DPs
  • SCCM 1902 KB 4508760 – “Function sequence error” repeatedly logged in Smsdbmon.log
  • SCCM 1902 KB 4508759 Initialize CA Error with Device enrollment profile
  • SCCM Roll up update KB 4500571 released on 17th June 2019
  • KB4498910 (Information article) – This KB won’t be available in SCCM console.
  • SCCM 1902 KB4500232 – Management points (MP) do not reinstall in SCCM (Applicable only for FAST Ring SCCM 1902) – This issue is fixed in the latest SCCM 1902 builds.
  • SCCM 1902 KB 4503578 for reporting service issue.
  • KB 4503442 for SCCM CMG issue

SCCM 1902 Issues Fixed with KB 4500571

  • The Download Package Content task sequence action fails and the OsdDownload.exe process terminates unexpectedly. When this occurs, the following exit code is recorded in the Smsts.log on the client: Process completed with exit code 3221225477
  • Screenshots that are submitted through the Send a Smile or Send a Frown product feedback options cannot be deleted until the SCCM console is closed.
  • Hardware inventory data that relies on the MSFT_PhysicalDisk class reports incomplete information on computers that have multiple drives. This is because the ObjectId property is not correctly defined as a key field.
  • Client installation fails on workgroup computers in an HTTPS-only environment. Communication with the management point fails, indicating that a client certificate is required even after one has been provisioned and imported.
  • A “success” return code of 0 is incorrectly reported as an error condition when you monitor deployment status in the SCCM console.
  • When the option to show a dialog window is selected for app deployments that require a computer restart, that window is not displayed again if it is closed before the restart deadline. Instead, a temporary (toast) notification is displayed. This can cause unexpected computer restarts.
  • If it is previously selected, the “When software changes are required, show a dialog window to the user instead of a toast notification” check box is cleared after you make property changes to a required application deployment.
  • Expired Enhanced HTTPS certificates that are used for distribution points are not updated automatically as expected. When this occurs, clients cannot retrieve content from the distribution points. This can cause increased network traffic or failure to download content. Errors that resemble the following are recorded in the Smsdpprov.log:
Begin
to select client certificate
Using certificate selection criteria 'CertHashCode:<HASH>'.
There are no certificate(s) that meet the criteria.
Failed in GetCertificate(...): 0x87d00281
Failed to find certificate '<THUMBPRINT>' from store 'MY'. Error 0x87d00281
UpdateIISBinding failed with error - 0x87d00281
  • The distribution points certificates are valid when you view them in the Security\Certificates node of the SCCM console, but the SMS Issuing certificate will appear to be expired.
  • Renewing the certificate from the console has no effect. After you apply this update, the SMS Issuing certificate and any distribution point certificates will automatically renew as required.
  • A management point may return an HTTP Error 500 in response to client user policy requests. This can occur if Active Directory User Discovery is not enabled. The instance of Dllhost.exe that hosts the Notification Server role on the management point may also continue to consume memory as more user policy requests arrive.
  • Content downloads from a cloud-based distribution point fail if the filename contains the percent sign (%) or other special characters. An error entry that resembles the following is recorded in the DataTransferService.log file on the client:
AddUntransferredFilesToBITS
: PathFileExists returned unexpected error 0x8007007b
  • The DataTransferService.log may also record error code 0x80190194 when it tries to download the source file. One or both errors may be present depending on the characters in the filename.
  • After you update to SCCM 1902, the Data Warehouse Synchronization Service (Data_Warehouse_Service_Point) records error status message ID 11202. An error entry that resembles the following is recorded in the Microsoft.ConfigMgrDataWarehouse.log file:
View
or function 'v_UpdateCIs' has more column names specified than columns
defined.<br />Could not use view or function
'vSMS_Update_ComplianceStatus' because of binding errors.
  • User collections may appear to be empty after you update to SCCM 1902. This can occur if the collection membership rules query user discovery data that contains Unicode characters, such as ä.
  • The Delete Aged Log Data maintenance task fails if it is run on a Central Administration Site (CAS). Errors that resemble the following are recorded in the Smsdbmon.log file on the server.
TOP
is not allowed in an UPDATE or DELETE statement against a partitioned view. :
spDeleteAgedLogData
An error occurred while aging out DRS log data.
  • When you select the option to save PowerShell script output to a task sequence variable, the output is incorrectly appended instead of replaced.
  • The SMS Executive service on a site server may terminate unexpectedly after a change in operating system machine keys or after a site recovery to a different server. The Crash.log file on the server contains entries that resemblie the following.

Note Multiple components may be listed, such as SMS_DISTRIBUTION_MANAGER, SMS_CERTIFICATE_MANAGER, or SMS_FAILOVERMANAGER. The following Crash.log entries are truncated for readability.

EXCEPTION INFORMATION
Service name = SMS_EXECUTIVE
Thread name = SMS_FAILOVER_MANAGER
Exception = c00000fd (EXCEPTION_STACK_OVERFLOW) Description = "The thread used up its stack."
  • Old status messages may be overwritten by new messages after promoting a passive site server to active.
  • User targeted software installations do not start from Software Center after you update to SCCM 1902. The client displays an “Unable to make changes to your software” error message. Errors entries that resemble the following are recorded in the ServicePortalWebSitev3.log:
:GetDeviceIdentity
- Could not convert 1.0,GUID:{guid} to device identity because the
deviceId string is either null or larger than the allowed max size of input
:System.ArgumentException: DeviceId
   at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.PortalContextUtilities.GetDeviceIdentity(String deviceId)
   at Microsoft.ConfigurationManager.SoftwareCatalog.Website.PortalClasses.Connection.ServiceProxy.InstallApplication(UserContext user, String deviceId, String applicationId)
   at Microsoft.ConfigurationManager.SoftwareCatalog.Website.ApplicationViewService.InstallApplication(String applicationID, String deviceID, String reserved)
  • This issue occurs if the PKI certificates that are used have a key length that is greater than 2,048 bits.
  • Audit status messages are not transmitted to the site server in an environment with a remote SMS provider.
  • The Management Insights rule “Enable the software updates product category for Windows 10, version 1809 and later” does not work as expected for Windows 10, version 1903.

1810 Issues Fixed with SCCM 1902

Microsoft released a support article to explain what are the fixes available in SCCM 1902. As per the SCCM support article, there are fixes and feature improvements.

1E Nomad

Microsoft confirmed that all the issues listed in SCCM 1810 Rollup 2 for fixed in SCCM 1902 slow ring version itself. And that itself is a good indication that Microsoft is recommending SCCM 1902 version.

Most of the known issues of SCCM 1810 are fixed in the 1902 version of SCCM. I can see Twenty Nine (29) known issues got fixed in SCCM 1902 Slow ring version as per the following article.

SCCM 1902 Known Issues

I added a section in my SCCM 1902 step by step upgrade guide about known issues. I will be moving that section to this post later. I could track three (3) known problems which are publicly confirmed by Microsoft.

Phased Deployment Issues – RBAC Related

In SCCM 1902, the following built-in security roles don’t have Phased Deployment permission. This issue is because of some missing permissions in the following built-in security roles.

  • Application Administrator
  • Application Deployment Manager
  • Software Update Manager
  • Application Author

SCCM 1902 Task Sequence Editor Issue?

I have seen some reports of Task Sequence editor issues with SCCM 1902 version.

  • Add – MDT – Install Roles and Features – Select the operating system for which roles are to be installed – Server 2012 R2 Core.
  • When you click APPLY button, it goes back to Windows server 2019.
  • When you click OK button, it stays with the selected operating system.

But, I feel it’s not an SCCM issue? I could see this issue with 1810 – MDT 8456 settings as well. Does it happen only for the first time in the environment?.

I can confirm the behavior and tested this. More details available in the tweet.

Error 403 when SCCM clients try to communicate with CMG

Microsoft released new KB 4503442 for SCCM CMG issue. Microsoft SCCM clients can’t communicate together with the CMG. An error message that resembles one of the following is logged in the LocationServices.log file:

[CCMHTTP] ERROR: URL=https://cmgsccm.contoso.com/CCM_PROXY_MUTUALAUTH/3456/SMS_MP/.sms_aut?SITESIGNCERT, Port=443, Options=31, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
[CCMHTTP] ERROR INFO: StatusCode=403 StatusText=CMGConnector_Clientcertificaterequired    

[CCMHTTP] ERROR: URL=https://cmgsccm.contoso.com/CCM_PROXY_MUTUALAUTH/3456/SMS_MP/.sms_aut?SITESIGNCERT, Port=443, Options=31, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE  
[CCMHTTP] ERROR INFO: StatusCode=403 StatusText=CMGConnector_Forbidden 

SCCM 1902 and OneDrive Known Issues

Another great tip from Panu on Twitter. The SCCM OneDrive for Business KFM profile works only if the user has an existing OneDrive for Business profile. For the new OneDrive for Business profile, he recommends to use the following configuration.

If you add SilentAccountConfig = 1 value (e.g. with a CI), the profile will be automatically created.

New OneDrive for Business Settings Issue with SCCM 1902
New OneDrive for Business Settings

SCCM Reports Stop Working after Mocing Reporting Services Point or Enable TLS 1.2

Microsoft released another KB article for SCCM 1902 and 1810 related issue. Check out SCCM 1902 KB 4503578 for more details.

SCCM reporting Stops working with SCCM 1902 and 1810 Microsoft, after moving the reporting services point role to a new SCCM site system server, or you enable TLS 1.2 on the site servers.

The following error messages are logged in the Srsrp.log file on the SCCM 1902 reporting services point:

Successfully created srsserver SMS_SRS_REPORTING_POINT 
Reporting Services URL from Registry [https://<ServerName>.contoso.com/SCCMReportServer/ReportService2005.asmx] SMS_SRS_REPORTING_POINT 
The underlying connection was closed: An unexpected error occurred on a receive. SMS_SRS_REPORTING_POINT 
(!) SRS not detected as running SMS_SRS_REPORTING_POINT 
Failures reported during periodic health check by the SRS Server [<ServerName>.contoso.com]. SMS_SRS_REPORTING_POINT

“Disappearing” IIS on SCCM 1902 DPs

I don’t think this disappearing IIS on SCCM DP is 1902 issue (error code 0x80070bc9). Microsoft MVP colleague Panu shared this issue with SCCM 1902 and Server 2019. Earlier he reported the same problem with Server 2016 as well.

More details on IIS disappearing issue on SCCM 1902 DP is in his tweet. He also noted in the tweet that the SCCM 1902 DP works fine until the first restart!

NOTE! – The solution for the above issue is re-installation of IIS.

Issues with SCCM 1902 Network Access Account Password

Panu also shared an issue with SCCM 1902 NAA (Network Access Account) password in the tweet. As per his testing, when you have “+” character in SCCM Network access account, you will get “Bad Password” error on the DP Server (Event ID – 4625).

NOTE! – The solution for this issue at the moment is NOT to use “+” character in SCCM 1902 NAA passwords.

SCCM 1902 Prerequisite Check Failed Error

NOTE! – This issue is already FIXED in the SLOW ring of SCCM 1902.

I did a blog post on third(3rd) April 2019 to report another known issue. This issue will prevent you from SCCM 1902 upgrade. I don’t think, this issue would be widely spread as this is related to SCCM NAP policies.

I would recommend reading the following blog post to get more details about SCCM 1902 prerequisite check failed error. SCCM 1902 Prerequisite Error Network Access Protection (NAP) is No Longer Supported.

NOTE! – Do you have any other SCCM 1902 prerequisite checks failure issue? I would recommend going through the article here.

Remote Console Installation Error – SCCM 1902

NOTE! – This was an user error. No need to Worry.

I heard a report about SCCM remote console installation errors when you try to deploy SCCM 1902 console version. The twitter user Russ Gee reported this issue here.

The following error in SCCM 1902 console notification bar – A required component of the console is missing. Install the new console version.

When you deploy remote SCCM console to restricted (helpdesk support ) users via the Software center, then you might get the following error 0x87D00206(-2016411130).

Solution! – Russ Gee noticed the in console upgrade was also downloading configmgr.ac_extension.amd64.cab, configmgr.ac_extension.amd64.cab, configmgr.ac_extension.i386.cab, configmgr.ac_extension.i386.cab, and UIManifest.xml. He added the above files to the package and the SCCM console remote installation started working.

SCCM 1902 Rollup Updates

SCCM 1902 rollup update is Not Yet Released for production version.

NOTE! – SCCM 1902 TAP Rollup update released for SCCM 1902 Fast Ring Customers.

SCCM KB 4494066 is only applicable for SCCM 1902 TAP versions.

Resources