Configuration Manager 2007 SP2 Release Notes

Updated: May 15, 2010

Applies To: System Center Configuration Manager 2007 SP2

To search these release notes, press CTRL+F.

Read these release notes thoroughly before you install Microsoft System Center Configuration Manager 2007 Service Pack 2 (SP2).

These release notes contain information that is required to successfully install Microsoft System Center Configuration Manager 2007 SP2. They contain information that is not available in the product documentation.

If you notice a difference between these release notes and other Configuration Manager 2007 documentation, consider the latest version authoritative. Disregard release notes from earlier versions.

Issues from earlier versions have either been resolved or are documented in the Configuration Manager Documentation Library.

Providing Feedback

If you want to provide feedback, make a suggestion, or report an issue with Configuration Manager 2007 SP2, you can right-click any node in the Configuration Manager 2007 console and then click Give Feedback, or you can go directly to the Connect site at (

To help the Configuration Manager documentation team ship the kind of product information that you need most, send your feedback and comments to

System Requirements

The Configuration Manager 2007 SP2 Supported Configurations Help topic ( contains information about hardware and software requirements and unsupported configurations and is available in the Configuration Manager Documentation Library.

Known Issues with System Center Configuration Manager 2007 SP2

This section provides the most up-to-date information about issues with Configuration Manager 2007 SP2. These issues do not appear in the product documentation, and in some cases might contradict existing product documentation. Whenever possible, these issues will be addressed in later releases.

Adding Packages to Windows PE Images for Operating System Deployment by Using WAIK 2.0 Might Fail On Servers That Run the 64-bit Version of Windows Server 2003 and the 64-bit Edition of Windows Server 2008

Configuration Manager 2007 uses the Deployment Image Service and Management (DISM) tool and the Windows Automated Installation Kit (WAIK) 2.0 to add packages to Windows Preinstallation Environment (Windows PE) images for operating system deployment of Windows 7. On computers that run the 64-bit version of Windows Server 2003 or the 64-bit edition of Windows Server 2008 without a service pack or Windows Server 2008 SP1, a known issue might cause the following DISM commands to fail when updating string values in the registry:

  • /Add-Package

  • /Enable-Feature

  • /Disable-Feature

During the Configuration Manager 2007 SP2 installation, DISM runs the /Add-Package command on the site server. The command fails on site servers that run the 64-bit version of Windows Server 2003 or the 64-bit edition of Windows Server 2008.

WORKAROUND    Install hotfix 960037 on the site server computer before upgrading to Configuration Manager 2007 SP2. For information about this issue and to download this hotfix, see article 96037 in the Microsoft Knowledge Base (

Out of Band Provisioning is Disabled by Default

Prior to Configuration Manager SP2, administrators could take manual precautions only to prevent rogue computers from being provisioned out of band and rogue servers from provisioning AMT-based computers. Configuration Manager disables out of band provisioning for the out of band service point after installation or upgrade from earlier versions of Configuration Manager. Whenever possible, use in-band provisioning in preference to out of band provisioning, as out of band provisioning incurs the security risks of elevation of permissions, impersonation, and information disclosure. To help you decide between in-band provisioning and out of band provisioning, see Choose Between In-Band Provisioning and Out of Band Provisioning.

WORKAROUND    If you must use out of band provisioning, select the check box Allow out of band provisioning on the General tab of the Out of Band Management component properties, and then click OK on the security warning popup dialog box. If you need more information about the security risks of using out of band provisioning, see Out of Band Management Security Best Practices and Privacy Information (

A Long Path for the Active Directory Organizational Unit (OU) in Out of Band Management Can Result in Failing to Configure AMT-Based Computers for 802.1X Authenticated Wired and Wireless Networks

If the part of the Lightweight Directory Access Protocol (LDAP) path for the Active Directory OU that is specified for out of band management is more than a total of 67 characters, AMT-based computers fail to be configured for 802.1X authenticated wired and wireless networks. The log file <ConfigMgrInstallationPath>\Logs\Amtopmgr.log reports no error, but if a client certificate is requested for these computers, the issuing certification authority (CA) will report a failure to issue this certificate with an error message that states that the requested subject name is invalid or too long, and that reports an error code of 0x80094001 (-2146877439). Having a deeply nested OU structure and long names for your OUs increases the chance of exceeding the length restriction.

This length restriction excludes the domain component and container.  For example, if you have specified a container named "Sales" in the "" domain, there is no OU path in the resulting LDAP path: LDAP://CN=Sales,DC=Contoso,DC=com.  However, if you specify a child OU named "Sales" and the parent OU is named "North America" in the same "" domain, the LDAP path is LDAP://OU=Sales,OU=North America,DC=Contoso,DC=com.  In this second example, the part of the LDAP path for the Active Directory OU is a total of 26 characters and lies within the length restriction of 67 characters.

WORKAROUND    Use an OU that has a path length that is not more than 67 characters. Additionally, if you have existing AMT-based computers that are already provisioned by Configuration Manager, use Active Directory administration tools to move the AMT accounts that are published to the old OU to the new OU.

Network Discovery of Management Controllers Prevents Out of Band Management Communication

Incorrect processing of discovery data can result in the AMT status incorrectly reporting as Detected (AMT Status = 1). When this occurs, AMT-based computers that have been successfully provisioned can no longer establish out of band communication.

WORKAROUND    Do not use network discovery of management controllers, but instead, initiate discovery of management controllers for a collection. For more information, see the procedure "To initiate discovery of computers with management controllers for a collection" in How to Discover Computers with Management Controllers ( To correct this problem after network discovery of management controllers has run, disable this discovery configuration, and then initiate discovery of management controllers for a collection.

Certificate Maintenance Task Might Fail to Renew Certificates Used for the Wireless and Wired Profiles on AMT-Based Computers

The Certificate Maintenance task might fail to renew certificates used for the wireless and wired profiles on computers that have been provisioned for AMT. When the certificate expires, AMT-based computers that are not turned on do not authenticate or connect to the network. The following log entries are found in amtproxy.log when this issue occurs:

*** exec AMT_AddWirelessClientCert @MachineID =< resourceID >,@xProfileID =< profileID >,@CertID=< certificateID >

*** [23000][547][Microsoft][ODBC SQL Server Driver][SQL Server]The INSERT statement conflicted with the FOREIGN KEY constraint "AMTMachineClientCert_CertIDRef_FK". The conflict occurred in database "SMS_WN7", table "dbo.AMT_Cert", column 'CertID'. : AMT_AddWirelessClientCert

Error: CTaskRequestClientCert::SaveCertRequestStatus failed to execute SQL cmd exec AMT_AddWirelessClientCert @MachineID =< resourceID >,@xProfileID =< profileID >,@CertID=< certificateID >

WORKAROUND    Re-provision the AMT-based computer while it is turned on and connected to the network by using a wired connection.

Update Classification and Product Information is Reset After Upgrade

After upgrading from Configuration Manager 2007 to Configuration Manager 2007 SP2 or from Configuration Manager 2007 SP1 to Configuration Manager 2007 SP2, the software update classifications and products are reset to the default settings. Custom settings are not retained after the upgrade, and therefore, only the software updates metadata from the default classifications and products will be synchronized.

WORKAROUND    After the Configuration Manager upgrade, you must open the Software Update Point Component Properties dialog box and manually select the desired software update classifications and products. For more information, see Software Update Point Component Properties (

Release Notes Copyright Information

This document is provided "as-is". Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.

Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes. You may modify this document for your internal, reference purposes.

© 2010 Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, ActiveX, Excel, SharePoint, SoftGrid, SQL Server, Windows, Windows Server, Windows PowerShell, and Windows Vista are trademarks of the Microsoft group of companies.

All other trademarks are property of their respective owners.