| title | Update rollup for Microsoft Configuration Manager version 2503 |
|---|---|
| description | Update rollup for Configuration Manager 2503 |
| ms.date | 10/15/2025 |
| ms.subservice | core-infra |
| ms.topic | reference |
Applies to: Configuration Manager (current branch, version 2503)
This article describes issues that are fixed in the update rollup for Microsoft Configuration Manager current branch, version 2503. This update applies both to customers who opted in through a PowerShell script to the early update ring deployment, and customers who installed the globally available release.
For more information on changes in Configuration Manager version 2503, see:
- What’s new in version 2503 of Configuration Manager current branch
- Summary of changes in Microsoft Configuration Manager current branch, version 2503
- The Check compliance button returns an error after installing KB 33177653. The error happens in environments where the Cloud Management Azure Service was previously deleted.
- The Microsoft Web Deploy program is updated on cloud management gateway virtual machines from version 3.6 to 4.0.
- Windows Server 2025 updates use the incorrect Maximum run time value in the properties for the software update component. The value can lead to update installations being incorrectly canceled.
- The Configuration Manager client is updated to ensure Windows Update scan source policies are set correctly.
- Microsoft Defender policies created in the Intune Portal are incorrectly removed from Windows Servers.
- The SMS Executive Service (smsexec.exe) can terminate unexpectedly when evaluating orchestration groups.
- The count of devices in the Requirements Not Met section of deployment status reporting can be incorrect.
- Deployment status reporting and summarization are updated to more accurately reflect the correct count of success or error conditions.
-
After installing this update, Cloud Management Gateway (CMG) may appear in "Error" status in Configuration Manager console with Status Description "Failed to perform maintenance". There is no impact to CMG functionality. The details are available in the following article:
- KB 33177653: Azure for US Government update for Configuration Manager 2403, 2409, 2503
- KB 34503790: Revised security update for Microsoft Configuration Manager
- KB 35360093: CMG security update for Microsoft Configuration Manager
This update is available in the Updates and Servicing node of the Configuration Manager console for environments that were installed by using the globally available build of version 2503.
This update doesn't require a computer restart but will initiate a site reset after installation.
After you install this update on a primary site, preexisting secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select Administration > Site Configuration > Sites > Recover Secondary Site, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. The reinstallation doesn't affect configurations and settings for the secondary site. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update.
Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site:
select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site')If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site.
If the value 0 is returned, all the fixes that are applied to the primary site aren't installed for the secondary site. You should use the Recover Secondary Site option to update the secondary site.
The following major components are updated to the versions specified:
| Component | Version |
|---|---|
| Configuration Manager console | 5.2503.1083.1500 |
| Client | 5.0.9135.1013 |
File information for the release is available in the downloadable KB32851084_FileList.txt text file.
- September 30, 2025: Initial hotfix release