Deploying sccm hotfix KB977203 RRS feed

  • Question

  • Hi

    I am seeing the issue stated in the below link

    Computers upgraded to Windows 7 using OSD might generate a new SMS GUID


    When I try to install the hotfix on an existing R3 client it fails. Should the CCMCertFix be pushed to the existing clients instead? After installing KB977203 on my site server this ccmcertfix.exe was copied to <var>ConfigMgr_2007_Installation_Directory</var>\Logs\KB977203

    Also on new windows xp and windows 7 clients should this hotfix be added to the client installation parameters in my OSD Task Sequence?

    In my USMT Task Sequence going from xp to windows 7 I will add the CCMCertfix.exe in the beginning of the TS to catch this issue there as well. 

    I am not sure if this hotfix can be installed if I have the R3 hotfix installed.

    Wednesday, April 4, 2012 6:09 PM


All replies

  • The hotfix fixes the client so that if it ever generates a new cert, the new cert will be properly formed. Clients only generate certs at installation time though so running this on existing clients doesn't do much unless it is a brand new client and you install the hotfix at client install time using the PATCH property or you deleted the certs.

    Also, make sure you run the msi extracted on the site server after installing the hotfix on the site server itself. The actual MSI you download from Microsoft isn't for the client.

    ccmcertfix corrects already issued certs so should be run on already installed clients that have generated their certs.

    Note also that 977384 includes 977203 so if you try to install 977203 after 977384 is already installed, it will fail.

    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    • Proposed as answer by danovich_ Thursday, April 5, 2012 1:58 AM
    • Marked as answer by Sabrina Shen Friday, April 13, 2012 11:26 AM
    Wednesday, April 4, 2012 8:49 PM
  • In addition to what Jason says, yes you should add this to your OSD task sequence. I've put some instructions here - http://blog.danovich.com.au/2012/02/10/list-of-recommended-sccm-hotfixes/ - if that helps...

    My Microsoft Core Infrastructure & Systems Management blog - blog.danovich.com.au

    • Proposed as answer by danovich_ Thursday, April 5, 2012 1:59 AM
    • Marked as answer by Sabrina Shen Friday, April 13, 2012 11:26 AM
    Thursday, April 5, 2012 1:59 AM
  • Hi thanks for your replies

    Since I have the R3 KB977384 hotfix added to my client installation parameters in my TS I shouldnt have to install KB977203, am I correct? We have included MS09-056 in our base image wim file (this is the original patch that caused the certificate problem)

    In my test lab I included the below in my TS and the client version ended up as 4.00.6487.2000

    PATCH="C:\_SMSTaskSequence\OSD\Q0100004\i386\hotfix\KB977384\SCCM2007AC-SP2-KB977384-x86-enu.msp";"C:\_SMSTaskSequence\OSD\Q0100004\i386\hotfix\KB2509007\SCCM2007AC-SP2-KB2509007-x86-enu.msp";"C:\_SMSTaskSequence\OSD\Q0100004\i386\hotfix\KB977203\sccm2007ac-sp2-kb977203-x86.msp" etc.....

    After changing the sequence of the installation it worked. I moved 977203 as the first patch being installed.

    Great link, I have been looking for a place to check all the hotfixes and the client versions for each. There are many hotfixes I have not deployed in our environment. Do these need to be installed in sequence? If I have the R3 KB977384 installed do I need to install any of the previous updates?

    Thanks for your help.


    Thursday, April 5, 2012 1:20 PM
  • Correct, no reason for 977203 if you are installing 977384.

    There is a sequence, but that's not so easy: http://blog.configmgrftw.com/?p=163.

    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Thursday, April 5, 2012 5:40 PM