New SCCM 2207 KB15152495 Hotfix Update Rollup and Fixes
Microsoft has released the SCCM 2207 KB15152495 hotfix update rollup to fix important problems with the 2207. This article will walk you through installing the hotfix and look at the issues that the KB15152495 hotfix update rollup fixes.
This Configuration Manager 2207 hotfix rollup KB15152495 applies both to customers who opted in through a PowerShell script to the early update ring deployment and to customers who installed the globally available release. The Updates and Servicing node of the Configuration Manager console is where you can find this update.
If you are using SCCM 2203 or an older version of Configuration Manager, ensure you upgrade to SCCM 2207 to get the latest hotfixes and security updates. Configuration Manager 2207 brings a set of new features and improvements over the previous release, which makes it worth upgrading to version 2207. Check out all the new features of SCCM 2207 and how to use them.
Note that KB14959905 is the first hotfix released by Microsoft for Configuration Manager 2207 to resolve the issues and add improvements. Later, Microsoft released KB15599094 NTLM client installation update and KB15498768 NTLM connection fallback update.
Refer to the article by the Microsoft ConfigMgr team on Update rollup for Microsoft Endpoint Configuration Manager version 2207. This article describes issues that are fixed in the KB 15152495 update rollup for Microsoft Endpoint Configuration Manager current branch, version 2207.
The package GUID of the KB15152495 hotfix update is A476FD3B-8F5F-4D76-8302-3079C01DE2BE. The KB15152495 hotfix update rollup doesn’t require a computer restart but will initiate a site reset after installation.
Issues Fixed in KB15152495 hotfix update rollup
The following issues are fixed in the SCCM 2207 KB15152495 hotfix update rollup release.
Issue 1: The distribution upgrade process on remote distribution points can stall, resulting in content distribution failures. When this issue occurs, messages resembling the following are recorded in the distmgr.log file.
DP Thread: Attempting to add or update package {Package_ID} on DP ["Display=\{distribution_point}\"]MSWNET:["SMS_SITE=PR1"]\{distribution_point}\
The distribution point ["Display=\{distribution_point}\"]MSWNET:["SMS_SITE=PR1"]\{distribution_point}\ is not installed or upgraded yet.
The following entries are logged in the smsdpprov.log on affected distribution points which resemble the following.
DoUpdatePortsInIIS::update root command: set site /site.name... Successfully updated the port list in IIS. DoUpdatePortsInIIS:: start site command: start site ""
Issue 2: The Configuration Manager OneTrace log viewing tool is revised to include multiple improvements. Changes include improvements to log file group handling, status message viewing, and general error handling.
Issue 3: Azure Application Insights data can still be uploaded from sites that aren’t using any cloud or tenant attach features. Additional information on data that was previously collected is available in the Tenant attach data collection document.
Issue 4: After installing SCCM 2207, administrators are unable to perform offline servicing of Windows 11 22H2-based images as no updates appear to be available. Installing the KB15152495 hotfix update resolves this critical issue.
Issue 5: The New-CMOperatingSystemImageUpdateSchedule PowerShell cmdlet is unable to apply relevant updates to Microsoft Windows Server 2022-based images. A message resembling the following is displayed after running the cmdlet: “WARNING: 0 of # Software Updates will be added to the update schedule.”
Issue 6: A small handle leak in the CCMExec.exe process on a management point is corrected in this hotfix release. This leak occurred during the client registration process.
Issue 7: After installing the SCCM version 2207, the Configuration Manager console may terminate unexpectedly under any of the following conditions:
- When the computer resumes from a sleep or standby state.
- After entering sign-in credentials during creation of a new cloud management gateway. The SMSAdminUI.log file contains a reference to a “Microsoft.Identity.Client.MsalUiRequiredException” error condition.
- After selecting a folder with a non-default security scope that was created by another administrator.
List of Hotfixes that are included in this KB15152495 update
The following hotfixes are included with the KB15152495 hotfix update.
- KB 15498768 NTLM connection fallback update for Microsoft Endpoint Configuration Manager
- KB 15599094 NTLM client installation update for Microsoft Endpoint Configuration Manager
- KB 14959905 Update for Microsoft Endpoint Configuration Manager version 2207, early update ring
This means if you haven’t installed any of the above three hotfixes for SCCM 2207, you can skip them and directly install the KB15152495 hotfix for SCCM 2207. After the KB15152495 hotfix is installed, the console will no longer show any previous updates that have already been installed.
Install SCCM 2207 KB15152495 Hotfix Update Rollup
You can install the Configuration Manager 2207 hotfix rollup KB15152495 using following steps:
- Launch the Configuration Manager console.
- Browse to Administration\Overview\Updates and Servicing.
- Ensure the status of KB15152495 hotfix rollup update shows as Ready to Install.
- Right-click Configuration Manager 2207 Hotfix Rollup KB15152495 and select Install Update Pack.
The Configuration Manager 2207 hotfix KB15152495 includes site server updates, console updates, and client updates. For prerequisite warnings, you can enable the option “ignore any prerequisite check warnings and install the update” on your production server running SCCM 2207. Click Next.
Client update options allow you to upgrade your client immediately or validate the most recent client version in the pre-production collection before upgrading all of your Configuration Manager clients. Select the appropriate option for your setup and click Next.
On the License Terms page, you must review the license terms and accept them. Click “Next” to continue.
Review the KB15152495 hotfix installation settings on Summary page and click Next. Close the Configuration Manager updates wizard. This completes the steps to install KB15152495 hotfix for ConfigMgr 2207.
Monitor the KB15152495 Hotfix Update Rollup Installation Progress
On your SCCM 2207 environment, you can monitor the hotfix KB15152495 installation progress by reviewing the cmupdate.log on the site server. Any errors that you encounter while installing the hotfix KB15152495 should be logged in cmupdate.log. Alternatively, even Monitoring workspace in the Configuration Manager console allows you to monitor the progress of hotfix installation. Take a look at the list of all the helpful SCCM Log Files related to hotfix updates.
The hotfix KB15152495 required a total of just 30 minutes to install on SCCM server, and there were no errors encountered at any point in the installation process. There will be a SCCM site reset after the installation of the hotfix even though it doesn’t require a restart of the computer.
KB15152495 Hotfix Console Upgrade
The KB15152495 hotfix update requires a console upgrade and this step should be performed on all the systems installed with Configuration Manager console. Microsoft recommends upgrading the console to the latest version on site server. The hotfix installation will usually prompt for the console upgrade, you can proceed with the upgrade by clicking on the install link. The console upgrade window also appears when you close and re-open the SCCM console. Click OK to begin the console upgrade.
The KB15152495 Hotfix update rollup upgrades the existing console version to 5.2207.1048.2600. During the console upgrade, review the console admin upgrade log files in case you encounter any errors.
During the console upgrade, the files required to upgrade the console are downloaded from Microsoft and installed. If the console upgrade window doesn’t show up, restart the SCCM server once and launch the console again. After the upgrade is complete, the console should launch automatically for you.
Verify the KB15152495 Installation on SCCM Server
It is important that you check and verify if the KB15152495 hotfix is installed correctly on the SCCM server. There are multiple ways to confirm the hotfix installation and the easiest method being directly from the console. Launch the Configuration Manager console and go to Administration\Overview\Updates and Servicing, here we see the hotfix KB15152495 update shows as Installed. This confirms the KB15152495 hotfix installation is successful, and you can begin to use the console for administrative tasks.
Updating the Secondary Sites with Hotfix KB15152495
After you install SCCM 2207 hotfix KB15152495 update on a primary site, pre-existing secondary sites must be manually updated. Read more about secondary site installation in SCCM to get an idea on how to install secondary sites in SCCM.
To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
- If the value 1 is returned, the site is up-to-date, with all the hotfixes applied on its parent primary site.
- If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.
Upgrade the Client Agents (5.00.9088.1025)
The ConfigMgr hotfix rollup KB15152495 updates the production client version to 5.0.9088.1025. You must upgrade the client agents to latest version and to accomplish that you can use the automatic client upgrade feature. To perform the SCCM 2207 KB15152495 client upgrade, go to the site hierarchy settings properties and switch to Client Upgrade tab. Here enable the option “upgrade all clients in the hierarchy using production client“. Enabling this option will upgrade the client agents on all computers to version 5.00.9088.1025.
After installing the KB15152495 hotfix for SCCM 2207, the following major components are updated to the versions specified in the below table. Take a look at history of SCCM build version numbers along with console and client versions.
| Configuration Manager Component | Version |
|---|---|
| Configuration Manager console | 5.2207.1048.2600 |
| Client Agent | 5.0.9088.1025 |
Thank you for the great overview on the KB15152495 hotfix rollup. I was able to install the update successfully, and the console is reporting the update installed; however, Nessus is still reporting this as a vulnerability. I was wondering if others who have patched and use Nessus can report if they a similar issue or not.
The Nessus plug-in crawls the registry entries in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall and HKLM\SOFTWARE\Microsoft\Updates. I’m assuming since the version reported in Add/Remove Programs is 5.00.9088.1000 this is throwing a flag for Nessus, but I was just curious what others are experiencing.
After the HotFix Installed to Primary Server, I’m getting Errors on all DPs Failling to install IIS, Non Zero Error Code 8, Permissions, Http Firewall or RDC identified as possible causes.
We have been adjusting our Service account and Admin account group memberships could we have inadvertently caused this?
What can I check?
We are having the same problem and I’ve done everything I can think of to resolve it. IIS is definitely installed, I ran the powershell from another of Prajwal’s articles and it completes successfully.
The correct accounts are admin on the DP’s, they always have been. I have double checked several times.
All necessary firewall rules are enabled to allow traffic and always have been. I have double checked these too.
We had an issue after going from 2203 to 2207 that was listed here in this guide above, so, we installed the hotfix figuring it would fix it. It didn’t.
I have the failed to install vcredist message. I even installed it myself (even though it was already there) and I still get the error. I removed it and re-added it, still get the error.
I also have “Distribution Manager has not tried to install IIS component of operating system to distribution point. You should install and configure IIS manually. Please ensure RDC is also enabled.” These are all existing DP’s that have been in service since 2017 so I don’t understand what it’s really trying to do when IIS is already installed. On one of them I removed the DP role, uninstalled IIS, removed it from SCCM altogether, then brought it back in as though it were new. Same errors. And the other two that I didn’t remove still say that they have not tried to install IIS component (even though they have it), they fail to install vcredist (again, they have it), and on the one I wiped out it also says “The distribution point is not installed or upgraded yet.” I’m at the end of my rope and there doesn’t seem to be any other way to get support other than to post here or on Reddit.
Can you send the logs so that I can examine this issue further?.
Distribution Manager failed to install distribution point [“Display=\\xxxxxxxx.yyy.local\”]MSWNET:[“SMS_SITE=SC1”]\\xxxxxxxx.yyy.local\ on computer xxxxxxxx.yyy.LOCAL.
Possible cause: Distribution Manager does not have sufficient rights to the computer.
Solution: Verify that the site server computer account is an administrator on the distribution point computer.
———–
Distribution Manager failed to process package “Configuration Manager Client Package” (package ID = SC100028).
Possible cause: Distribution Manager does not have access to either the package source directory or the distribution point.
Solution: Verify that distribution manager can access the package source directory/distribution point.
Possible cause: The package source directory contains files with long file names and the total length of the path exceeds the maximum length supported by the operating system.
Solution: Reduce the number of folders defined for the package, shorten the filename, or consider bundling the files using a compression utility.
Possible cause: There is not enough disk space available on the site server computer or the distribution point.
Solution: Verify that there is enough free disk space available on the site server computer and on the distribution point.
Possible cause: The package source directory contains files that might be in use by an active process.
Solution: Close any processes that maybe using files in the source directory. If this failure persists, create an alternate copy of the source directory and update the package source to point to it.
———-
Logs have rolled over. I’ve been getting VcRedist and IIS errors every since.
Failed to install IIS
Distribution Manager Attempted to run a tool to install IIS component of operating sytem to distribution point “xxxxxxxx.yyy.local”. The tool returned non-zero error code 8. Reboot or Manual installation of IIS might be required to complete the configuration of IIS component of operating system. Also please ensure that the http(s) traffic is not blocked on this machine by firewall settings and RDC is Enabled.
Has anyone solved this issue yet? We are getting the same errors after updating from 2203 to 2211.
Having the same issue, almost identical steps followed.
Primary, CMG and a remote DP do not have issue, but the 3 onsite DP do have the issue.
Hi Prajwal,
doyou still have any Windows 7 OS clients in your environment? if yes, was the agent version upgraded successfully.
I still have some Windows 7 OS and the upgrade failed.
any advise?
Thanks,
regards,
Wissam
Windows 7 isn’t supported any more. You must upgrade to Windows 10 or Windows 11.
Great… after the console was updated properly I thought everything went fine. Unfortunately, I had a problem that the client version was not updated to a newer one and the stagingclient directory is still the previous. Has anyone had such issue? Is there a place where I can download the client 5.0.9088.1025?
What is the client version that you see under the Autoupgrade client settings?.
Hey Prajwal,
thanks for the quick response, I assume you want me to make sure _NOT_ to run ConsoleSetup.exe from the …\cd.latest folder?
Best Regards!
That’s correct. Run the setup from the adminconsole folder that has list of folders containing the console setups.
Hello,
I’ve got the same problem after applying this hotfix.
It is not possible to upgrade the admin console.
I followed your advice, but nothing changed.
Currently, the only option is to open it with the older version, but there is the warning about damaged data.
Thank you in advance for your support.
Best regards,
Update :
The problem remains after rebooting server.
Checking the log files, I saw the following error in “ConfigMgrAdminUISetup.log” :
“Installation failed with error code 1638”.
And, in “ConfigMgrAdminAdminUISetupVerbose.log”, it indicates that another version of this product is already installed, and the installation of this version cannot continue.
Hope this can help to find a solution.
Thanks again for your support.
Please send me the log files for investigation.
Hello,
I also applied the hotfix and have got the same problem with the upgrade of admin console.
As you mentioned, i rebooted the server, open the console, launched the upgrade ; but nothing happens.
I waited 30 minutes before writing this message.
Thanks for the help.
This is something that even I experienced after the hotfix installation. Server reboot trick worked for me.
Thank you for your prompt reply.
Hey Prajwal,
i have updated and installed the newest patch inside the sccm.
after installation the console wants an update and i installed the console update. the console installer opens but it does not update. what can i do?
also i cant connect to with console on the server.
How can i download the newest console, outside from the server?
Try restarting the server once and then open the console and perform the upgrade.
Hey Daniel,
hey Prajwal,
I have the same issue on our site server. I’m wondering whether I can just install the console from the \\sccmsiteserver\SMS_XYZ\tools\ConsoleSetup directory again. On any other machine I would just go for it, but on the site server I’m a bit more careful.
Best Regards!
You can do that but ensure you are running the setup from correct folder.