Which hotfixes should I apply to get the most of EMS

Hotfixes includes as we all know fixes to things that doesn’t work as expected but it also sometimes includes improvements and this is why I decided to write this blog post. This list is nothing official, I will list the updates that will/can impact EMS products (stability and improvements)

Note! This post will be updated as soon as I find any new hotfixes. Last update 2015-04-08

System Center 2012 R2 + Intune (also called Intune UDM)





KB3026739 (CU4)

A lot of things, please look at KB to see the whole list

All CU’s are cumulative so all fixes that were in CU1 +CU2 +CU3 is also included

This update replaces Cumulative Update 3 for System Center 2012 R2 Configuration Manager



In Microsoft SystemCenter 2012 R2 Configuration Manager, when a user becomes a cloud-managed user, a settings policy may not target the assignment for the user.

The original fix for this was included in CU2+CU3 but was broken by the installer process (script was overwritten and function reverted back to original state).

The effect of this is that users that are included in an collection will get the “fast download of a polices” but for any users added after applying CU2 or CU3 will not get the policies. 
Note 1 –There is one version of the fix for a CU2 installation and one for CU3.
Note 2 – If you installed the CU2 version and then install CU3 you need to install the CU3 version of this fix
Note 3 – After installing the hotfix, please run the script (that you can copy from the KB), this script will fix all existing deployments

   This update is included in CU4


Greatly reduces the time that’s required to execute a successful retire or wipe of a Mobile Device Management (MDM) device. These operations now run on the device in a matter of seconds, assuming the device is reachable by Windows Intune.

To apply this hotfix, you must have Cumulative Update 3

(http://support.microsoft.com/kb/2994331/ )

   This update is included in CU4

KB2994331 (CU3)

A lot of things, please look at KB to see the whole list.

All CU’s are cumulative so all fixes that were in CU1 +CU2 is also included

This update replaces Cumulative Update 2 for System Center 2012 R2 Configuration Manager

(http://support.microsoft.com/kb/2970177/ )


Kb2970177 (CU2)

The main improvement in this update is Speed. If you been working with device enrollment you probably noticed that it can take a wile for the device to receive all the profiles/policies you deployed to it.With the CU2 for SCCM 2012 R2 and the May update for the Intune backend, this has been improved a lot.

See http://blog.advisec.com/?p=694 for more information and step by step how to install it

This update replaces Cumulative Update 1

(http://support.microsoft.com/kb/2938441/ )

for System Center 2012 R2 Configuration Manager.


Enrolling an Android device in both Exchange Active Sync (EAS) and Mobile Device Management causes a duplicate device to be created in the Administrator Console.







Windows Server 2012 R2 WAP Server role






Large URI request in Web Application Proxy fails in Windows Server 2012 R2

For more information on how to use WAP in front of a NDES server see Pieter Wigleven blog http://aka.ms/ndes3. Note that this is still a “privat” fix and you need to call support to get it (no cost). This hotfix is now included in the December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2



 Windows Server – ADFS






Issues where IOS devices can logon to Company Portal

Several issues after updating ADFS servers that have security update 2843638 or 2843639 installed in Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008.



A lot of things for ADFS 2.0, please look at KB to see the whole list.

Note that this update is only for ADFS 2.0 servers

2607496 Description of Update Rollup 1 for Active Directory Federation Services (AD FS) 2.0

2681584 Description of Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0


Windows Server 2008 R2 CA Server role






Renewal request for an SCEP certificate fails in Windows Server 2008 R2 if the certificate is managed by using NDES

This update is only needed if you want to implement certificate deployment with SCEP and your CA is running on Windows Server 2008R2

If it is possible, I would recommend to upgrade to a newer server OS

CU2 for SCCM 2012 R2 is now released–Does it improve/impact Intune customers?

The CU2 update for System Center Configuration Manager 2012 R2 was just release. As with all CU’s, they include both fixes and improvements. With this blog post I want to highlight the things that are included in CU2 and will improve/impact Intune customers.

If you read the Kb2970177 you will se the following:

Mobile device management / Intune
  • Policies that apply to devices that are used together with Windows Intune may take 10 minutes or more to apply. Additionally, policies that are created before enrollment may not appear on the new device.
  • The Policy Request and Management Point fields for mobile devices may be missing from the Client Activity Details tab on the summary page for a given device.

Except for the two bug fixes it also includes one other major thing and that’s – Speed. If you been working with device enrollment you probably noticed that it can take a wile for the device to receive all the profiles/policies you deployed to it.With the CU2 for SCCM 2012 R2 and the May update for the Intune backend, this has been improved a lot.

So, if you use User Collection targeted Polices and Profiles they will be delivered to the User’s devices immediately after enrolling the devices.

The start benefit from this feature, install SCCM 2012 R2 CU 2 and test to enroll. Below you see a demonstration on the steps and the result.

  1. Install SCCM 2012 CU2

  2. Verify that your profiles/policy’s is deployed to a user collection

  3. Enroll a device and validate that the profiles/policy’s is deployed immediately

Important links from the videos:

Update 1 – If you have an existing SCEP profile you need to “manually” update it so it can be deployed during enrollment. Easiest way is to open the profile and just change the name or any other “cosmetic” change will also work. This will add a new revision on the profile and it will now work. Note that all SCEP profiles added after you applied CU2 is not affected by this issue

Monitor your VMware environment for free

If you you are using a hypervisor from VMware and using System Center Operations Manager – Veem has a FREE MP for you.

From the Veem site:

The Veeam Management Pack 10-Pack – a free VMware monitoring solution exclusively for new Veeam MP users worldwide who are using Microsoft System Center 2012.

The Veeam Management Pack 10-Pack includes:

  • A free 10-socket license of the Veeam Management Pack for deep VMware monitoring in System Center 2012
  • One full year of maintenance and support

What is Veeam Management Pack for VMware?

The Veeam Management Pack provides scalable, fault-tolerant and agentless VMware infrastructure monitoring and management directly in Microsoft System Center.

Veeam MP enables you to:

  • Protect investments in System Center with integrated VMware monitoring
  • Manage physical and virtual infrastructure from one console
  • Eliminate the cost of additional monitoring frameworks
  • More details in Solution Overview


To qualify for this offer, you must be new to the Veeam MP and have System Center 2012 or plans to deploy it soon.

Get your FREE Veem management Pack

Want to be virus free?

As we all know, a Antivirus system is a must on your computer today but unfortunately this is not always the case if you look at your friends and family computers (and even if they have one it is not updated). So here is two very good tools (and free) that will help you get some free dinners if you invite to help you friends and familySmile


Microsoft Security Essentials

A real-time protection that helps guard your home or small business PCs against viruses, spyware, and other malicious software

Note that Microsoft Security Essentials is also available for small businesses with up to 10 PCs

Download Microsoft Security Essentials


Microsoft Standalone System Sweeper

Microsoft Standalone System Sweeper Beta is a recovery tool that can help you start an infected PC and perform an offline scan to and identify and remove rootkits and other advanced malware. In addition, Microsoft Standalone System Sweeper can be used if you cannot install or start an antivirus solution on your PC.

Note that Microsoft Standalone System Sweeper is not a replacement for a full antivirus solution providing ongoing protection; it is meant to be used in situations where you cannot start your PC due to a virus or other malware infection.

Download 32-bit version

Download 64-bit version

Windows Intune will be avalable on March 23rd

Microsoft just announced that starting on March 23rd, 2011, Microsoft Windows Intune will be available for purchase or a free 30 day trial in over 35 countries. Below you find the list of countries:
Australia, Austria, Belgium, Canada, Costa Rica, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hong Kong, Hungary, India, Ireland, Israel, Italy, Japan, Luxembourg, Malaysia, Mexico, Netherlands, New Zealand, Norway, Poland, Portugal, Puerto Rico, Romania, Singapore, Spain, Sweden, Switzerland, Trinidad & Tobago, United Kingdom and United States.

MVP renewal – 2010

Today I got my MVP renewal letter that informed me that I was re-awarded as Most Valuable Professional and therefore receiving the Microsoft MVP award for the fourth year in a row for doing a great job in serving the community by helping out on forums and other community events.

I would also like to congratulate my friends Anders Bengtsson, Joachim Nässlander, Martin Lidholm and Magnus Björk who also got the MVP award renewed this year!

Link to my MVP Profile

System Center Operations Manager 2007 R2 Cumulative Update 1 is now released

Yesterday Microsoft released the Cumulative Update 1 for System Center Operations Manager 2007 R2. This update included allot of fixes and is also a requirement if you plan to use the Exchange 2010 MP (Note that if you are using System Center Operations Manager 2007 SP1, you should download and install the 971541 update)

Issues that is fixed in Cumulative Update 1:

  • The Product Knowledge tab is displayed as the Company Knowledge tab after you import a language pack for System Center Operations Manager 2007 R2.
  • An agent cannot be removed successfully from a Windows Cluster service node.
  • The Heathservice.exe process on a Windows Cluster service passive node may have excessive CPU utilization.
  • The Healthservice.exe process may crash when it uses the OLE DB module.
  • The workflows that use the OLE DB data source may unload themselves if the underlying provider returns a null string or an empty string.
  • An instance of the MonitoringHost.exe process may cause a memory leak in nonpaged pool memory.
  • The notification subscriptions do not work if they are configured to parse a CustomField field or an AlertOwner field.
  • The Operations console loses the status as the current object that is in focus when a search filter is applied.
  • The SRSUpdateTool.exe process returns an error that states “Failed while updating registry entry for reporting code MSI component” when you try to upgrade SQL Reporting Services 2005 to SQL Reporting Services 2008.
  • The Operations Manager UI may crash when the Connector column and the Forwarding Status column are added to an Alert view.
  • The agents may re-process old Windows event log entries and then incorrectly generate alerts for these events that are not new.
  • Health state reliability fixes and improvements.
  • The Operations Manager Audit Collection Service (ADTServer.exe) does not start on an ACS Collector if the operating system is upgraded to Windows Server 2008 R2.
  • In a performance report that is exported, the list of object instances is not displayed

    NOTE! This update need to be applied to all roles (RMS, MS, Gateway, Web, ACS and agents). Please read the technote for recommended installation order

    NOTE! There is two steps that require manual configuration after you installed the update. Please read the technote for details


    Download the Cumulative Update 1 update from Microsoft