New SCCM 2203 KB14244456 Hotfix Update Rollup
KB14244456 is the latest hotfix update rollup released for SCCM 2203. The SCCM 2203 KB14244456 Hotfix update includes two previously released hotfixes KB13953025 and KB14480034.
The SCCM 2203 hotfix KB14244456 update applies both to customers who opted in through a PowerShell script to the early update ring deployment, and customers who installed the globally available release.
There are multiple SCCM 2203 issues fixed in KB14244456 and this update is available in the Updates and Servicing node of the Configuration Manager console. To install the SCCM 2203 hotfix KB 14244456, you must first upgrade to SCCM 2203.
Fixes included in SCCM 2203 KB14244456 Hotfix
Here are the list of fixes included with the latest KB14244456 Hotfix rollup for Configuration Manager 2203:
- The Application approvals through email don’t work with a cloud management gateway due to a missing Azure Active Directory token.
- Metadata revisions to previously published metadata-only updates aren’t synchronized to Windows Server Update Services (WSUS) as expected.
- The Task Sequence Editor running on Windows Server 2022 fails to apply changes to a task sequence if the window is left open for several minutes. The following error is displayed onscreen when this issue occurs: Error connecting to provider, smsprov.log may show more details.
- BitLocker’s compliance status won’t be accurate for a brief period of time if the Client checking status frequency (minutes) value is set below 60.
- When adding a CMPivot query as a favorite it is split into two lines and characters are removed.
- When searching Software Update Groups in the Configuration Manager console, the Name criteria isn’t available.
- The Browse button for Content location in the properties for a deployment returns an empty location instead of the value previously shown.
- An application that is targeted to a device collection but deployed in the context of the user won’t honor the implicit uninstall setting.
- A misleading error message (false negative) is generated on a target distribution point that is co-located with a site server which happens during content distribution from a parent site to a child site. The misleading error in distmgr.log resembles this entry: ~RDC:Failed to set access security on \\SMSSIG$\.1.tar for package signature file
The list of above fixes is documented by ConfigMgr product team on hotfix KB14244456 article.
Hotfixes Included in ConfigMgr 2203 KB14244456 Hotfix
The KB14244456 hotfix update rollup includes two previously release hotfixes:
- KB 13953025 – Update for Microsoft Endpoint Configuration Manager version 2203, early update ring
- KB 14480034 – Registration fails for PKI clients after updating to Configuration Manager current branch, version 2203
Note: This KB14244456 hotfix doesn’t require a computer restart but will initiate a site reset after installation.
Install SCCM 2203 KB14244456 Hotfix Update Rollup
On your SCCM 2203 server, you can install KB14244456 hotfix rollup with following steps:
- Launch the SCCM console.
- Go to Administration\Overview\Updates and Servicing.
- Right-click Configuration Manager 2203 Hotfix Rollup KB14244456 and click Install Update Pack.
The Configuration Manager 2203 Hotfix (KB14244456) includes the updates for site server, console and clients. If you are installing the KB14244456 hotfix on the ConfigMgr 2203 server running in production, you must run the prerequisite check first.
After you run a prerequisite check, it takes a while to actually begin the prerequisite check. You can monitor the prerequisite checks in Monitoring workspace. In addition, you can also review the ConfigMgrPreReq.log to know the status of prerequisite check. Take a look at a list of all the SCCM log files.
In case the hotfix update gets stuck in downloading state, here is a post to help you – https://www.prajwaldesai.com/fix-sccm-update-stuck-downloading-state/.
Since I am installing the hotfix on my server running in lab, I am going to ignore the prerequisite check warnings and install the update. Click Next.
On the License Terms page, review and click I accept these license terms and privacy statement for the hotfix KB 14244456. Click Next.
Review the settings on Summary page and on Completion window, click Close. KB14244456 Hotfix update rollup for ConfigMgr 2203 installation begins now.
Console Upgrade
The console upgrade window appears at the end of the update installation. It is mandatory to perform the console upgrade on both the SCCM server and clients installed with ConfigMgr console.
A new version of console is available 5.2203.1063.2400. Click OK to close the console and install the new version now. The old version of console 5.2203.1063.1500 will be uninstalled. Click OK to begin the console upgrade.
The console number will be updated to latest version. Refer to the following article to find more details about the SCCM build numbers and console version numbers.
You must also upgrade the client agents after installing the SCCM 2203 hotfix KB14244456. The hotfix updates the client agents to latest version 5.00.9078.1025.
Updating the Secondary Site with Hotfix KB14244456
After you install SCCM 2203 hotfix KB14244456 update on a primary site, pre-existing secondary sites must be manually updated. Read more about secondary site installation in SCCM.
To update a secondary site in the Configuration Manager console, select Administration > Site Configuration> Sites > Recover Secondary Site, and then select the secondary site.
Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')
- If the value 1 is returned, the site is up-to-date, with all the hotfixes applied on its parent primary site.
- If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the Recover Secondary Site option to update the secondary site.
What would the process be to get updates offline. All of my servers on isolated networks with no access to the internet. I don’t see any easy way to get the updates.