Which hotfixes should I apply to get the most of EMS

Hotfixes includes as we all know fixes to things that doesn’t work as expected but it also sometimes includes improvements and this is why I decided to write this blog post. This list is nothing official, I will list the updates that will/can impact EMS products (stability and improvements)

Note! This post will be updated as soon as I find any new hotfixes. Last update 2015-04-08

System Center 2012 R2 + Intune (also called Intune UDM)





KB3026739 (CU4)

A lot of things, please look at KB to see the whole list

All CU’s are cumulative so all fixes that were in CU1 +CU2 +CU3 is also included

This update replaces Cumulative Update 3 for System Center 2012 R2 Configuration Manager



In Microsoft SystemCenter 2012 R2 Configuration Manager, when a user becomes a cloud-managed user, a settings policy may not target the assignment for the user.

The original fix for this was included in CU2+CU3 but was broken by the installer process (script was overwritten and function reverted back to original state).

The effect of this is that users that are included in an collection will get the “fast download of a polices” but for any users added after applying CU2 or CU3 will not get the policies. 
Note 1 –There is one version of the fix for a CU2 installation and one for CU3.
Note 2 – If you installed the CU2 version and then install CU3 you need to install the CU3 version of this fix
Note 3 – After installing the hotfix, please run the script (that you can copy from the KB), this script will fix all existing deployments

   This update is included in CU4


Greatly reduces the time that’s required to execute a successful retire or wipe of a Mobile Device Management (MDM) device. These operations now run on the device in a matter of seconds, assuming the device is reachable by Windows Intune.

To apply this hotfix, you must have Cumulative Update 3

(http://support.microsoft.com/kb/2994331/ )

   This update is included in CU4

KB2994331 (CU3)

A lot of things, please look at KB to see the whole list.

All CU’s are cumulative so all fixes that were in CU1 +CU2 is also included

This update replaces Cumulative Update 2 for System Center 2012 R2 Configuration Manager

(http://support.microsoft.com/kb/2970177/ )


Kb2970177 (CU2)

The main improvement in this update is Speed. If you been working with device enrollment you probably noticed that it can take a wile for the device to receive all the profiles/policies you deployed to it.With the CU2 for SCCM 2012 R2 and the May update for the Intune backend, this has been improved a lot.

See http://blog.advisec.com/?p=694 for more information and step by step how to install it

This update replaces Cumulative Update 1

(http://support.microsoft.com/kb/2938441/ )

for System Center 2012 R2 Configuration Manager.


Enrolling an Android device in both Exchange Active Sync (EAS) and Mobile Device Management causes a duplicate device to be created in the Administrator Console.







Windows Server 2012 R2 WAP Server role






Large URI request in Web Application Proxy fails in Windows Server 2012 R2

For more information on how to use WAP in front of a NDES server see Pieter Wigleven blog http://aka.ms/ndes3. Note that this is still a “privat” fix and you need to call support to get it (no cost). This hotfix is now included in the December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2



 Windows Server – ADFS






Issues where IOS devices can logon to Company Portal

Several issues after updating ADFS servers that have security update 2843638 or 2843639 installed in Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008.



A lot of things for ADFS 2.0, please look at KB to see the whole list.

Note that this update is only for ADFS 2.0 servers

2607496 Description of Update Rollup 1 for Active Directory Federation Services (AD FS) 2.0

2681584 Description of Update Rollup 2 for Active Directory Federation Services (AD FS) 2.0


Windows Server 2008 R2 CA Server role






Renewal request for an SCEP certificate fails in Windows Server 2008 R2 if the certificate is managed by using NDES

This update is only needed if you want to implement certificate deployment with SCEP and your CA is running on Windows Server 2008R2

If it is possible, I would recommend to upgrade to a newer server OS

New Community Effort! Whiteboard Wednesday

My friend Maarten Goet, a System Center Cloud and Datacenter Management MVP in Netherland has started a new cool community effort – Whiteboard Wednesday

The goal is to provide visitors every Wednesday with a 5-minute video where a community experts draws out how a certain technology or feature on the Cloud OS (Hyper-V, System Center, Azure) works, with some narration, as if it were on a whiteboard.

First video is online: www.whiteboardwednesday.nl

Update Rollup 2 (UR2) for Virtual Machine Manager 2012 SP1 require some extra attention

Microsoft released UR2 for System Center 2012Sp1 a while and as you know you can download the updates rollups from the Microsoft Update Catalog, or you can configure WSUS/SCCM to handle the update.

Usually the process to update the components is very easy but it appears that the previous update (UR1) for SCVMM2012SP1 component has a issue that blocks a “normal” update with UR2.

Below is the statement from the System Center team or you can read the whole blog post:

Important actions for Update Rollup 2 for System Center 2012 SP1- Virtual Machine Manager

In order to install Update Rollup 2 package for System Center 2012 SP1-  Virtual Machine Manager, you will need to uninstall Update Rollup 1 for System Center SP1 – Virtual Machine Manager package from your system. 

– If you download Update Rollup 2 package for System Center 2012 SP1 Virtual Machine Manager from Microsoft Update Catalog and install Update Rollup 2 without un-installing Update Rollup 1  you should un-install Update Rollup 2 package for Virtual Machine Manager and then un-install Update Rollup 1 for System Center 2012 SP1 – Virtual Machine Manager via control panel. 

– If you are using WSUS to update System Center 2012 SP1 – Virtual Machine Manager and you have already installed Update Rollup 1 for System Center 2012 SP1 – Virtual Machine Manager then you will not receive Update Rollup 2 notification until Update Rollup 1 is uninstalled.

Why is this necessary?

When Update Rollup 2 is applied to a system which is running System Center 2012 SP1 Virtual Machine Manager with UR1, the installer does not patch files correctly. This is caused by the way UR 1 was packaged. As such the product fixes in UR1 are correct; it is the packaging of UR1 that causes this issue. If you do not need UR2, then you should continue to operate with UR1.   However, if you choose to stay on Update Rollup 1 for System Center 2012 SP1 Virtual Machine Manager and a later Update Rollup is released that you need to implement you will still need to remove Update Rollup 1 first.

We apologize for any inconvenience this causes your organization.  We have performed root cause analysis on the issue and have processes in place to prevent future recurrences of this situation. 

Windows Server/System Center MVP Speaker Series

Don’t miss this -  Starting in April, 2013 MVP’s share their knowledge on a variety of topics to the broader community.

If you are interested in attending these online meetings, which will take place once a week, please follow this link where you can add all the meeting invites to your calendar and listen in and participate.

Each presentation will be recorded and available later for viewing if there is an instance where you are unable to tune into the meeting on the actual date.

Microsoft Lync is required in order to “attend” these on-line meetings.  If you need to install Lync, you may do so from here.

You can now connect your System Center Advisor to SCOM 2012

A lot of new information about System Center Advisor. Two weeks ago Microsoft announced that System Center Advisor is free for everyone to use. At MMS the next announcement arrived – You can now get the alerts from System Center Advisor directly in SCOM 2012 with the new connector

Note that the connector is still a PREVIEW version so this is not something you should use in your production environment. To install it you also need the SCOM 2012 SP1 CU2 installed

New and updated MP’s

The last weeks Microsoft released some new and updated management packs

System Center Management Pack for Windows 8 Client Operating System

Feature Summary

  • Key Processor Performance Indicators
  • Logical and Physical disk performance and free space
  • Memory utilization
  • Network health
  • Health monitoring of key Windows Operating System services
  • Comprehensive performance collections
  • Availability and event reports

System Center Monitoring Pack for Microsoft Application Virtualization Server 5.0

Feature Summary

  • Discovery of the Application Virtualization 5.0 Services: Management, Publishing, Reporting
  • Alerts indicating availability/configuration/security issues that require administrative intervention
  • Collection Rules defined for significant events in ETW logs of each App-V 5.0 Service
  • Verification that dependent NT services are running
  • Notification of security issues involving admin access attempts, admin added/deleted on App-V 5.0 Management Server

System Center Management Pack for Windows Azure Fabric – Preview

The Management Pack for Windows Azure Fabric enables you to monitor the availability and performance of Azure fabric resources that are running on Windows Azure. The management pack runs on a specified proxy agent and then uses various Windows Azure APIs to remotely discover and collect instrumentation information about a specified Windows Azure resource, such as a Cloud Service, Storage or Virtual Machine. The Management Pack for Windows Azure Fabric provides no functionality on import. For each Windows Azure subscription that contains Azure resources you want to monitor, you must configure discovery and monitoring by first using the Windows Azure wizard in the administration section of the OM Console, then the Windows Azure Monitoring template in the authoring section of the OM Console.

System Center Management Pack for Microsoft SQL Server 2012 Parallel Data Warehouse Appliance

Feature Summary
The following list gives an overview of the features of this management pack for PDW Appliance. Refer to the Management Pack for SQL Server 2012 PDW Appliance guide for more details.

  • Discovers SQL Server PDW Appliances, including the hardware manufacturer.
  • Monitors both hardware and software components of SQL Server PDW Appliance. This includes:
    • The ability to roll up the overall health information across hardware and software components.
    • The ability to detect and monitor nodes that belong to different SQL Server PDW failover clusters.
    • Custom diagram view to visually represent the PDW appliance hierarchy comprising of hardware and software components. This includes these three views:
      • Appliance view – high level health information of the overall appliance health and their individual nodes
      • Appliance nodes – view to represent the health of each of the nodes and their roles.
      • Alerts view –view for the IT operator to look at proactive monitoring alerts and take appropriate actions.
  • Custom e-mail template to provide more detailed information regarding the alerts.
  • Tasks to integrate with the various PDW admin console views.
  • Run-as profile to securely connect to PDW appliance for discovery and monitoring.

System Center Management Pack for Windows Server DNS


The System Center Management Pack for Windows Server DNS monitors DNS health, availability, configuration, security, and zone-transfer issues on DNS servers running the Windows Server 2003 and Windows Server 2008, 2008 R2 and Windows Server 2012 operating systems.

Note This Management Pack is intended to completely replace the functionality of the previous DNS Management Pack, and as such it is not backwards compatible with them. The old and new management packs can live side-by-side, so you can uninstall the old MP’s if/when you are comfortable with the new Management Pack.

Best of MMS 2013 – Stockholm, Sweden

On the 16th of May Best of MMS 2013 will take place in Stockholm,Sweden (in Swedish). 16 sessions and three different tracks will be available!!

It is being arranged by Truesec, Microsoft and Lumagate, you can find all the details and registration information here: http://events.truesec.se/Event/Best_of_MMS_2013


I gotten the opportunity to do one presentation:

Managing IOS, WP8, WIN RT using CM and Intune, together with Jörgen Nilsson from Onevinn

I am really looking forward to it!
Don’t miss it!


Update Rollup 1 for System Center 2012 SP1 is now available

This might feel strange, wasn’t SP1 just released? Yes it was but the patches has a fixed release schedule so UR1 was already planed. UR1 include updates for:

App Controller (KB2790935)

  • Issue 1 – Copying a .vhd file between Windows Azure storage accounts may be unsuccessful, and you receive a "Retrieved data is complete" warning message. This issue occurs if the .vhd file already exists on the destination or if the .vhd file is mapped to an existing virtual machine.
  • Issue 2 – The import of Virtual Machine Manager (VMM) library server certificates may be unsuccessful for VMM library servers that are clustered.

Data Protection Manager (KB2791508)

  • Issue 1 – Client backups fail when there is a case difference between the client computer name on the computer and the client computer name that is stored in Active Directory.

Operations Manager (KB2784734)

  • Issue 1 -  Agentless Exception Monitoring (AEM) in Operations Manager may provoke an increase in reporting threads and choke points.
  • Issue 2 – After the Alert Attachment Management Pack (Microsoft.SystemCenter.AlertAttachment.mpb) is imported, you create a dashboard that contains an alert widget. When you click an alert, the Operations Manager console may crash.
  • Issue 3 – When a Windows PowerShell module uses the Monitoringhost.exe process on an x86-based client that is running Windows 8, more than 800 megabytes (MB) of memory may be consumed.
  • Issue 4 – After an application domain is created, adding another application domain may be unsuccessful.

Operations Manager – UNIX and Linux Monitoring (Management Pack Update)

  • Issue 1 – When multiple process monitors are used to target the same computer or group, processes may incorrectly monitor some template instances. Additionally, problems with the monitored processes may not be detected. This issue occurs when each process monitor uses the same name as the process even though different argument filters are used in each process monitor.
  • Note After the updated Microsoft.Unix.Process.Library.mpb file is imported, all existing Process Template instances must be edited and saved for the fixed behavior to take effect.

Service Provider Foundation (KB2785476)

  • Issue 1 -´The OperatingSystemId property on a virtual hard disk (VHD) object is always set to NULL.
  • Issue 2 – Virtual machine usage metrics are not aggregated at hourly intervals and are missing basic usage metrics such as network sent and receive I/O operations per second (IOPS).

Virtual Machine Manager (KB2792925 – Console; KB2792926 – VMM Server)

  • Issue 1 – When a logical unit number (LUN) is unmasked on an iSCSI array, the VMM service may crash.
  • Issue 2 – When a node is put in maintenance mode, virtual machines in the cluster change to a status of "Unsupported Cluster Configuration."
  • Issue 3 – When an add-in that uses multiple DLL files is imported into the VMM console, the add-in is not imported. Additionally, you receive the following error message:
  • Add-in cannot be installed
  • Issue 4   When an add-in is imported into the VMM console on a server that is running Windows Server 2008 R2, the add-in is not imported.
  • Issue 5 – When an add-in is imported into the VMM console, the console may crash.


Please note that UR are now available to be installed through WSUS/SCCM (has been since UR3 for SC2012 RTM). To be able to install the SP1 versions of UR you need to add the new products since they been added as new product selections (see below).


System Center 2012 SP1 is now generally available

Today Microsoft publically made the System Center 2012 SP1 general available. The actual bits has been available for a some time depending if you have a MSDN/TechNet account or a Volume License agreement but today it is available for every one.

There is two important things to understand about this Service Pack that we haven’t seen before:

  • The SP1 is for all of the eight System Center components (that used to be different products)
  • There is no actual service pack to download – The service pack is integrated in the installation media. So, to update your components you have to download the new installation media from your volume license portal and run the setup. If the installer finds an existing installation it will update it with SP1. So when you upgrade, make sure to use a valid media for your customer and not MSDN/TechNet media.

Read the SP 1 announcement from Microsoft

Read about all the new functions and features added in SP1 for the different components

If you want to evaluate System Center 2012 with SP1 and Windows Server 2012 you have evaluation versions to download . Use links below to download:


System Center 2012 Service Pack 1 Configuration Manager – Evaluation (VHD)

System Center 2012 Service Pack 1 – App Controller – Evaluation (VHD)

System Center 2012 Service Pack 1 – Service Manager (Data Warehouse) – Evaluation (VHD)

System Center 2012 Service Pack 1 – Orchestrator – Evaluation (VHD)

System Center 2012 Service Pack 1 – Service Manager – Evaluation (VHD)

System Center 2012 Service Pack 1 – Data Protection Manager – Evaluation (VHD)

System Center 2012 Service Pack 1 – Operations Manager – Evaluation (VHD)