We have discovered that when the System Center Configuration Manager 2007 SP2 client is published to WSUS via the ConfigMgr console, Windows 8 and Windows Server 2012 clients may be unable to install the client from WSUS via Windows Update. This can occur even after update KB2734608 is applied which allows WSUS to service Windows 8 and Windows Server 2012 clients. We have a solution for this problem that needs only to be applied to the SMS Site server that is publishing to WSUS.
Environment
- System Center Configuration Manager 2007 SP2
- WSUS 3.02 SP2 with KB2734608 applied (http://support.microsoft.com/kb/2734608)
- Windows 8 and/or Windows Server 2012 clients
Symptom
The client installation method of ‘Software Update Point Client Installation’ is enabled to allow computers to download and install the Configuration Manager 2007 (ConfigMgr 2007) client from a Software Update Point or WSUS. When a Windows 8 or Windows Server 2012 downloads the client and tries to verify it, it will fail. Below is an example of the messages logged in WindowsUPpate.log on the client:
*********** DnldMgr: New download job [UpdateId = {72EB686F-B396-4D62-B16F-5284FD2543EE}.1] ***********
DnldMgr WARNING: Update validation failed, error 80246003.
DnldMgr FATAL: DM:CAgentDownloadManager::DownloadUpdate: pDownloadJob->Init failed with 0x80246003.
DnldMgr WARNING: Got error (hr = 80246003) starting update 0 in call 2. Notifying call.
DnldMgr Error 0x80246003 occurred while downloading update; notifying dependent calls.
AU >>## RESUMED ## AU: Download update [UpdateId = {72EB686F-B396-4D62-B16F-5284FD2543EE}]
AU # WARNING: Download failed, error = 0x80246003
Cause
KB2734608 updates the WSUS API assembly (Microsoft.UpdateServices.Administration) but ConfigMgr 2007 SP2 is referencing and continues to use the pre-2734608 API assembly.
Solution
Assembly redirection can be used to force applications using one version of an assembly to use a different version of an assembly. There are two methods to do this but first we need to unpublish the ConfigMgr 2007 client from WSUS by completing the following steps:
1. Open the Configuration Manager console.
2. Navigate to Site Database –> Site Management –> <site code> –> Site Settings –> Client Installation Methods.
3. Right click ‘Software Update Point Client Installation’ and choose ‘Properties’.
4. Uncheck the option ‘Enable Software Update Point Client Installation’ and click OK.
5. Wait for 10-15 minutes to give the system time to remove the SCCM client from WSUS.
Method 1
This method will apply to all applications on the machine that use the Microsoft.UpdateServices.Administration assembly and requires a reboot of the site server.
1. Login to the ConfigMgr 2007 Site server that hosts the SUP and publishes to the WSUS server.
2. Find and open the file \%systemroot%\Microsoft.NET\Framework\v2.0.50727\config\machine.config in Notepad or another text editor.
3) Locate the <runtime> section in the XML. If the machine.config has never been modified this section will likely be only <runtime />
4) Edit the <runtime> section to read as follows:
<runtime>
< assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
< dependentAssembly>
< assemblyIdentityname="Microsoft.UpdateServices.Administration"
publicKeyToken="31bf3856ad364e35"
culture="neutral" />
<!-- Assembly versions can be redirected in application, publisher policy, or machine configuration files. -->
< bindingRedirect oldVersion="3.0.6000.273" newVersion="3.1.6001.1"/>
</dependentAssembly>
</assemblyBinding>
< /runtime>
5. Save the machine.config file and then reboot the server.
Method 2
This method will only apply to the SMS Executive and does not require a machine restart, but does require restarting the SMS Executive.
1) Create a file named smsexec.exe.config as shown below and place it into the installation location of the smsexec.exe executable. This is usually \Program Files (x86)\Microsoft Configuration Manager\bin\i386.
<?xml version="1.0" encoding="UTF-8"?>
< configuration>
<runtime>
< assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
< dependentAssembly>
< assemblyIdentity name="Microsoft.UpdateServices.Administration"
publicKeyToken="31bf3856ad364e35"
culture="neutral" />
<!-- Assembly versions can be redirected in application, publisher policy, or machine configuration files. -->
< bindingRedirect oldVersion="3.0.6000.273" newVersion="3.1.6001.1"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
< /configuration>
NOTE If the file smsexec.exe.config already exists, merge the contents shown above with the existing smsexec.exe.config file.
2) Restart the SMS Executive service by running the following commands from a CMD prompt:
net stop sms_executive
net start sms_executive
After completing either Method 1 or Method 2, republish the Configuration Manager client to WSUS and verify that your Windows 8 or Windows Server 2012 clients can now download the client.
Larry Mosley| Escalation Engineer | Management and Security Division
Get the latest System Center news onFacebookandTwitter:
System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm
Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv
The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/