I know. There are tons of similar post explaining how to upgrade Configuration Manager Current Branch to the latest version, but that’s not a valid reason not to do another one (:D). Also, mine is exactly how I did it in our production environment, from beginning till end, and not in a lab where you usually (I do) almost blindfolded click next and accept everything, without any precautions.
This is a stand-alone primary site in an enterprise environment of a midsize company in Denmark, running on Windows Server 2016 (I most recently did an in place upgrade of the OS from 2012. Another blog post incoming soon), and for your inspiration, this is the exact steps I went through. Curious? Read on 🙂
There is a precise cook book (checklist) for how to upgrade your Configuration Manager Current Branch to latest version. Obviously, not everything listed in there is relevant to all environments, so therefore I’m only covering those parts relevant to me. If interested in the complete checklist, you can find that right here: https://docs.microsoft.com/en-us/sccm/core/servers/manage/checklist-for-installing-update-1802
- 1802 is released to the “Early Update Ring”, which means not everyone has it listed (by the time of writing) as available in the SCCM console. You have to opt in to get it, and to do so you download following script: https://gallery.technet.microsoft.com/ConfigMgr-1802-Enable-4c8c0003
- When downloaded and extracted (it comes as an .exe), fire up an elevated powershell and run it like shown below (EnableFastUpdateRing1802.ps1 <nameofyoursiteserver> (without the < >)
- Next, I checked the version of the ADK installed. ADK is the Windows Assessment and Deployment Kit, which is an external dependency when deploying operating systems with ConfigMgr. The minimum required for 1802 is the Windows 10 1703 ADK and the most recent is the 1709 version. I already use the 1709 version, so no need for me to do anything here. (If you need the latest ADK, download that here: https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install
- Disable maintenance tasks. A good practice, also according to the checklist, is to disable following highlighted maintenance tasks. There is a chance that the upgrade might fail, if one of the mentioned tasks runs while the upgrade is running. (another approach is to run the upgrade, outside the schedule of those tasks)
- Next, make sure you have backup! Backup of the SQL and backup of the CD.latest folder. As per above screenshot, I’m currently not using the built in backup task (I use something custom in SQL), but whatever backup method you use, make sure you have a relevant backup. That includes both SQL and the CD.latest folder. The CD.latest folder can be found in the installation directory of Configuration Manager:
- Disable Antivirus. That’s right. The recommendation is to disable any running antivirus. My server is running Server 2016 and therefore comes with Windows Defender built in. To quickly disable Windows Defender, launch the Local Group Policy Editor from run: gpedit.msc and find Computer Configuration / Administrative Templates / Windows Components / Windows Defender and set Turn off Windows Defender to Enabled.
- Now find the available 1802 update in the ConfigMgr console. We opted in for the fast update ring previously using the PS script, which will gives us the 1802 update available to install. I started out running the prerequisite check. I do so to make sure that the connection/permissions to the SQL is OK prior to beginning the upgrade (we unfortunately still have the SCCM DB on a remote server. I will be moving it back locally soon enough). All prerequisite checks will be logged to C:\ConfigMgrPrereq.log. Look for ******* Prerequisite checking is completed. *******
- Next, Install Update Pack and follow below screen shots.
- Ignore the prerequisite check – we did that previously.
- Select and enable optional features. They can also be added later, post-upgrade.
- Make a selection of whether you want to test the new ConfigMgr client or not. I went on without testing it (I have never ever seen any issues that made me wish that I tested the client first in pre-production. I’m not a first mover either. I usually wait 1-2 weeks from date of release before upgrading my production environment)
- Accept the license terms. Filling out the SA expiration date is optional. I didn’t fill it out. This is the final step before getting the mandatory summary. By now the upgrade is installing. The progress can be followed in the Monitoring / Updates and Servicing Status node. Use refresh regularly as the status is not real time.
Monitor SCCM-InstallDir\Logs\CMUpdate.log and SCCM-InstallDir\Logs\hman.log if curious to see what happens real time. When everything is done, CMupdate.log will be quiet with no more pending update packages to process:
And the monitoring node when refreshed looks like this:
Post Upgrade Steps
- Review site status and component status
- Enable the maintenance tasks that previously was disabled
- Enable Windows Defender that previously was disabled through the Local Group Policy Editor. When you do so, make sure to start the Defender service again. Start now.
I hope this was helpful and informative to someone 🙂