Update rollup available to resolve Client issue downloading ccmsetup content from cloud DP (CMG)–KB4575790

Microsoft has released another update rollup (KB4575790) to fix client setup content download issue from CMG distribution point.

The following listed issues and the rollup update is available in updates and servicing node only if you have installed the recently released update rollup KB 4578605 for Configuration Manager 2006 build.

If you have not installed KB 4578605, then you will not see this update in the updates and servicing console.

Issues:

1. If you have configured cloud management gateway along with cloud DP and running the ccmsetup.exe (client installation) , the client will failed to download the client installation file (ccmsetup.cab) from Azure blob storage.

The following is the error code seen from the ccmsetup.log:

[CCMHTTP] ERROR: URL=https://{Azure_blob_storage}:443/content-l0000003/ccmsetup.cab?..., Port=443, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
[CCMHTTP] ERROR INFO: StatusCode=400 StatusText=Authentication information is not given in the correct format. Check the value of Authorization header.

2. If you have clients that ONLY use PKI for authentication, then they also failed to upgrade or install the client.

This occurs if the option Use PKI client certificate (client authentication capability) when available is disabled on the Communication Security tab of Site Properties. Errors resembling the following are recorded in the ccmsetup.log file on the client.

Client is not allowed to use PKI issued certificate or not able to use AAD token or ContentToken thus can not talk in HTTPS.
Failed to download client files by BITS. Error 0x8000ffff

In my case, I did not install the applicable update KB 4578605 hence the update KB4575790 is not visible in the console.

image

If you have installed the KB 4578605, you will see KB4575790 in updates and servicing node.

image

This update include site server and client updates.

image

Once you install the update (if applicable to your site), you don't have to restart the site server and no need to update the console version.

The client patch (.MSP file) contained in this update supersedes the versions that shipped with update rollup KB 4578605 and update KB 4575787. Therefore, only one client upgrade is required.

The client update (.msp) is located in <SCCM Installdir:>\Microsoft Configuration Manager\Client\i386\ClientUpdate

Following screenshot for KB4578605

image

After you install KB4575790, it will replace KB4578605

image

Now you need to update your clients to the latest patch . You can do this by enabling client upgrade in hierarchy settings.

Client version with this rollup update :5.00.9012.1056

Here is the collection query to find list of clients older than this version:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,
SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion not in ("5.00.9012.1056")

You also need to update your boot images to match the client version.

image

If you dont get your boot images to match the client version, you may encounter issues like me.

image

Hoe you found this article useful.

Leave a Reply