Configuration Manager Current Branch 2006 向けロールアップ リリース (KB4578605)


今回は、Microsoft Endpoint Configuration Manager (MECM, SCCM, Configuration Manager) Current Branch 2006 向けの更新プログラム (ロールアップ) について紹介したいと思います。


<更新プログラム (ロールアップ) の詳細>

KB4578605 (

  • During client policy download, the execmgr.log repeats the following log entry multiple times every minute.

    This results in potentially valuable troubleshooting information being overwritten.

  • Client computers that are performing a PXE boot to install a new operating system are unable to find the boot WIM file. This occurs when the WIM file is stored in a content library split across multiple drives. Errors resembling the following are recorded in the SMSPXE.log file.

  • Computers are unexpectedly removed from orchestration groups. This occurs if the site has the option Use this boundary group for site assignment enabled, but the target computers are not in that boundary group.
  • Clients are unable to communicate over a custom port for a management point when other communications changes are made to the site. For example, enabling HTTPS communication for a site causes previously defined custom HTTP ports to stop working.
  • State messages from clients may not be properly recorded if the client computer restarts within 10 seconds of state message generation. This results in inconsistent or unexpected state message values, affecting the accuracy of task sequence and software deployment reporting.
  • Clients incorrectly attempt to use PKI certificates for communication, even if the option Use PKI client certificate (client authentication capability) when available is disabled on the Communication Security tab of Site Properties.
  • Intranet clients will not fall back to another management point (MP) if the preferred MP is also a cloud management gateway.
  • After updating to Configuration Manager current branch, version 2006, client installation using the PROVISIONTS property fails if the “Allow access to cloud distribution point” device setting is set to “No”.  The client is unable to download content, and an error resembling the following is recorded in the tsagent.log file.

  • Installation of a passive site server fails if orphaned .JOB files are present in the \inboxes\ folder. A message resembling the following is repeated in the FailOverMgr.log file.

  • Adding a passive site into a Configuration Manager infrastructure with at least 1 secondary site and client language packs installed will trigger a re-installation of all secondary sites.
  • The Configuration Manager client installed on a Windows Embedded device stays in servicing mode if the maximum run time of a deployment is greater than the duration of the maintenance window.
  • Improvements are made to the download process in the case of a timeout when the Download delta content when available client setting is enabled.
  • The content download step of a task sequence may fail to download files to clients. This occurs if the BranchCache Windows feature is enabled, and the environment is using enhanced HTTP for communication with distribution points. The clients will retry the download step, but overall completion is delayed. Errors resembling the following are recorded in the smsts.log on the client.

  • Improvements are made to the synchronization and processing of policy assignments and policy data between the Microsoft Endpoint admin center and the Configuration Manager console. This prevents issues such as creating a policy in the admin center that is not visible in the on-premises console.
  • The Configuration Manager console may generate an exception resembling the following when attempting to complete the Co-management Configuration Wizard.

    This occurs after removing previously created settings.

  • Configuration Manager clients deployed to Mac computers receive duplicate GUIDs. This occurs if the same user name is provided as a parameter to the CMEnroll tool during client installation.
  • Clients may receive the incorrect policy, including scripts or settings, when multiple orchestration groups are present. Consider the following scenario:
    Client 1 is a member of orchestration group 1.
    Client 2 is a member of orchestration group 2.
    Client 1 may receive policy from orchestration group 2, causing it to run the pre- and post-scripts intended for group 2 when installing an update intended for group 1.
    Note: Any affected orchestration groups must be deleted and recreated after installing this update to correct the policy issue.
  • The setting Allow access to cloud distribution points is not configured when clients are deployed using the Autopilot service and the PROVISIONTS parameter.  This causes Install Application and Install Software Updates task sequence steps to fail.
  • Client connections to a cloud management gateway may fail when multiple clients perform full software update scans in a short amount of time. Errors resembling the following are recorded in the SMS_Cloud_ProxyConnector.log file.

  • After installing the Windows update KB 4579311, Configuration Manager clients are unable to download Office 365 updates. Errors resembling the following are recorded in the PatchDownloader.log located in the temp directory on the client.

  • Windows 10 feature updates may fail to install on client computers using fast physical hardware. Errors resembling the following are recorded in the UpdatesHandler.log.

  • Clients may randomly fail to install an update, or series of updates, due to a timing condition when they are deployed to a software update group. Errors resembling the following are recorded in the UpdatesHandler.log.

    Messages resembling the following are recored in the WUAHandler.log at the same time as the UpdateHandler errors.





<Office 365 (Microsoft 365 Apps) の更新プログラムのダウンロードが失敗する問題について>

上記のロールアップの修正項目にも記載されていますが、2020 年 10 月にリリースされた Windows の累積更新プログラムを適用したコンピューターにおいて、Configuration Manager コンソールを用いて、Microsoft 365 Apps (Office 365 ProPlus) の更新プログラムをダウンロードするとエラーが発生します。本ロールアップでは、下記の問題にも対処しています。

After installing the Windows update KB 4579311, Configuration Manager clients are unable to download Office 365 updates. Errors resembling the following are recorded in the PatchDownloader.log located in the temp directory on the client.

具体的には、下記のスクリーン ショットのようにエラーが発生します。

[エラー メッセージ]

エラー: コンテンツ ID 17994266 をダウンロードできませんでした。エラー: 証明書の署名が無効です

[ログ (PatchDownloader.log)]

Downloading content for ContentID = 18027359, FileName = office\data\16.0.13328.20356\
FileHash value is NULL. Hash verification for this file will not be performed.
Proxy is enabled for download, using registry settings or defaults.
Connecting – Adding file range by calling HttpAddRequestHeaders, range string = “Range: bytes=0-”
Download in progress: 28 percent complete
Download in progress: 56 percent complete
Download in progress: 84 percent complete
Download in progress: 100 percent complete
Download to C:\Windows\TEMP\CAB21DC.tmp returns 0
Using machine settings for CRL checking.
Cert revocation check is disabled so cert revocation list will not be checked.
To enable cert revocation check use: UpdDwnldCfg.exe /checkrevocation
Verifying file trust C:\Windows\TEMP\CAB21DC.tmp
Authentication of file C:\Windows\TEMP\CAB21DC.tmp failed, error 0x800b0004
ERROR: DownloadUpdateContent() failed with hr=0x80073633


エラー コード : 0X87D20417

Microsoft Endpoint Configuration Manager サポート チームの記事も公開されています。

Microsoft Endpoint Configuration Manager において、 Microsoft 365 Apps 更新プログラムのダウンロードが「証明書の署名が無効です」エラーとなる事象について

<更新プログラム (ロールアップ) のインストール>

対象環境の Configuration Manager コンソールには、下記のように KB4578605 が表示されています。特段理由がない場合は早期にアップデートすることをお勧めいたします。