Up until recently, there were only a couple of client side hotfixes for ConfigMgr and those were insignificant or only applicable in isolated cases. With the release of R3 and its perquisite hotfix, the need to deploy client hotfixes in a reliable and easy manner just got a lot more important. I find it really odd that ConfigMgr includes a very robust and effective Software Updates management piece but the client hotfixes are not distributed in a form directly useable by SUM.

This is an easy solution to remedy however using the power of System Center Update Publisher; affectionately known as SCUP. SCUP is pretty straight-forward to use: it creates and publishes updates to SUM. Published updates look and behave exactly like the updates that SUM synchronizes from Microsoft. If you haven’t worked with SCUP and/or need some help getting it going, check out Jason Lewis’s blog and the many webcasts he put together on the subject: http://blogs.technet.com/b/jasonlewis/.

Publishing client hotfixes with SCUP isn’t a new or original idea, Angie Stahl put up a great post (with screenshots and all) specifically covering the prerequisite hotfix for R3: SCUP- Deploying SCCM R3 BETA Client Hotfix KB977384. Besides passing on this information, I have one thing to add to her great post.

The ConfigMgr client hotfix MSPs do not actually detect themselves. Thus, after you import one into SUM, ConfigMgr will detect the update as required on all of your systems whether it has been installed or not. Although not such a big deal if the update gets reinstalled on a client, this was kind of annoying to me. The solution to this is to modify the prerequisite rule for the update when you define it in SCUP. Instead of simply detecting x86 or x64 for the processor architecture as described in Angie’s post, I changed this to look for absence of the patch using MSI rules that query the Windows Installer database.


The above is what I set for KB977384. Note that this is an “MSI rule” that is checking for “Patch [Not] Installed For Product”. The Not of course coming from the Not rule check box to the right of the Rule Type drop list. The two values I had to supply here are the Patch Code and Product Code. The product code is the product code of the ConfigMgr client agent itself; is easy to find in a variety of ways and is not specific to any system, it is specific to the product. The easiest way to find it is to open the registry and navigate to HKLM\SOFTWARE\Microsoft\Windows\Current Version\Uninstall and browse the keys until you find the one corresponding to the ConfigMgr client agent. The name of the key will be this GUID.


Another way to find this code is to actually open the client.msi using Orca (or another MSI editor). This product code is stored in the Property table as (amazingly enough) ProductCode.


There are other ways also like querying the Windows Installer database directly on a system where the client is installed. One way of doing this is to use the WindowsInstaller.Installer automation (COM) interface from VBScript, another language, or from WMI: http://msdn.microsoft.com/en-us/library/aa367809(v=VS.85).aspx.

Getting the patch code can also be done in a variety of ways including querying the Windows Installer database on a system where the patch is installed as above.

Using Orca is the easiest for me though. After loading the client.msi into Orca, load the patch by going to the Transform menu in Orca and choosing View Patch… then navigate to the MSP in the resulting file open dialog. Note that you must use the MSP that is extracted and copied onto the site server after you install the downloaded MSI onto the site server. The MSI that you download delivers the corresponding server side patch and then creates the client package in ConfigMgr which contains the MSP. New items added by the MSP will have a green box around their name and tables with new items from the MSP will have a green mark to the left of their name. The product code can be found in the new PatchPackage table (there should only be one rwo there) or in the Property table as SmsPatchID.


That’s it, follow Angie’s instructions otherwise and Jason Lewis’s guidance and you should be well on your way to installing ConfigMgr hotfixes the same way as other hotfixes with SUM. Finally, below is a list of the GUIDs I’ve identified so far.

ConfigMgr 2007 SP2 Client Agent Product Code:  2609EDF1-34C4-4B03-B634-55F3B3BC4931

KB977384 Patch Code: 0856B5B5-C423-476E-BC4B-C8FE92223BEC

KB978754 Patch Code: 9ABBCF53-57F1-4710-A8D0-C6D072B372B6

KB2263826 Patch Code: F9DF2BE2-B9C9-416B-B7D1-2CE30488CFED