SCCM Server OS Upgrade WSUS SUP Notes from Real World Configuration Manager ConfigMgr MEMCM? SCCM server OS upgrade (in place) is fully supported if your SCCM server is running SCCM CB 1606 version and above. However, with SCCM CB 1702, we have a hard requirement to have an operating system version of SCCM servers.
The minimum requirement for SCCM CB 1702 is to have Server 2012 and above. In my previous post, “Step by Step Video Tutorial of SCCM CB 1702 Baseline version Installation“. In this post, we will see some of the notes/experiences from the field (real world) during the in-place OS upgrade.
More details about the SCCM Server OS Upgrade Checklist in the post “SCCM CB 1702 Upgrade of CAS and Primary Sites A Real-world Experience“
Introduction – SCCM Server OS Upgrade WSUS SUP
Microsoft SCCM team has documented the steps you need to perform before the SCCM server in-place OS upgrade. Apart from the pre-checks and actions before the in-place OS upgrade, there are also some cautions in that document.
Most of those cautions are pointing towards IIS configuration/reconfigurations. If you have some custom/out-of-box configurations in your IIS settings, you need to research the IIS setting before the in-place OS upgrades.
In my experience of upgrading 2 different SCCM CB hierarchies, when you have not done any custom configuration in your IIS, you are going to be OK after the upgrade of the server OS.
Otherwise, you may need to reconfigure those custom settings again in IIS (most probably). I have a post that explains the default settings of IIS for SCCM servers here.
Pre SCCM Server In-place OS Upgrade – Remove/Uninstall WSUS Services
We have removed the WSUS console from the server primary server and CAS, then removed WSUS components from the remote SUP server before SCCM Server in-place OS upgrade. Make note that you don’t have (rather should NOT remove) to remove WSUS data, Logs, and DB references while removing WSUS from SCCM SUP/Primary servers. You need to remove/uninstall only the WSUS console and the core component like “Windows Server Update Service”.ย Ensure that you removed wsusservice and wsuscertserver services from the SCCM server. No need to remove the SUP role at all.
Post-SCCM Server In-place OS Upgrade – Install WSUS Console
Post-SCCM Server in-place OS upgrade, I have noticed that IIS-related services were stopped and disabled. If that is the situation in your case, you need to make sure that all these IIS-related services are not in a disabled state. Ensure that IIS is working before you try to install WSUS 6.0 (for server 2012 R2) on the server.
Install WSUS console (via Add roles and Features wizard in Server 2012) on the SCCM Primary/CAS server if you have a remote SUP server. There is no need to install DB and other services related to WSUS on primary and CAS servers if you are hosting SUP role on a remote server. Make sure; you install only the following roles from “Add roles and features wizard”:-
Remote Server Administration Tools – Role Administration Tools – Windows Server Update Services Tools:-
– API and PowerShell cmdlets
– User Interface Management Console
Post-SCCM Server In-place OS Upgrade – Install WSUS Services
Once we install the WSUS console on the SCCM primary/CAS server, we can install WSUS core services on your remote SUP SCCM site system server. Launch Add roles and features wizard,ย select the following components as you can see in the pic below.
We need to complete two specific configurations as part of the WSUS installation. 1. Specify the updated store location 2. Specify an existing database server setting. In the SCCM In-place OS upgrade scenario, we need to use the same store location and Database name.
Another important point is that we don’t have to click on “Launch Post-installation tasks”. Launch the WSUS console and click on the RUN button to complete the WSUS installation process.
The Result SUP Sync Works Perfectly after Server OS in Place Upgrade
The result of this post-SCCM OS upgrade activity is that WSUS SYNC works fine with all the existing settings and configurations. No need to reconfigure and re-download anything, as per my experience.
Author
Anoopย isย Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
We recently went from 2012 latest to 1702 on a 2008r2 box.
Upgrade was fine. Then we went o/s 2008r2 – 2012r2 – 2016. All good.
Note though. Have an external sup running on 2012r2 with heaps of issues. We eventually gave up and built a new 2016 box for sup. Works great!
We also threw in a sql upgrade from 2012 to 2016!
A whole lot of fun!
I have one where we forgot to uninstall/remove WSUS from server 2008 R2 and after upgrade to server 2012 R2 it decided stay there for ever ๐
We’ve removed the presence of the old WSUS version using MSI clean etc…. and registry entries also cleaned up.
We were successfully able to install WSUS on server 2012 R2 via Add Roles and Features Wizard but the configuration stuff is not successful yet ๐
So the removal is very critical.
Probably I will advice to remove WSUS whenever you do in place upgrade (may be for Server 2012 to 2016 as well ). We never know ๐
Hi Anoop, thanks for the wonderful post.
Can you please also share the link of OS upgrade steps on SCCM servers from 2008R2 to 2012R2 or Server 2016.
Thanks!
Does this work going from 2012 R2 to 2016?
Thanks Anoop buddy for the Post.
Hi Anoop,
Currently we are running on SCCM 2012 R2 SP1 with SQL 2008 R2 SP3. We are planning to upgrade SCCM server OS from 2008R2 to 2012. Is SCCM 2012 R2 SP1 will support Windows 2012 OS in place upgrade? Can you please tell me process to upgrade like from First primary then secondary and MP,DP’s etc like that or DP’s, MP,SS and Primary. Which way is best?
Thanks,
Sirish Kumar K
Did you get this to work?
Hopefully someone still sees this post. I followed this guide exactly and after completing the step “launch WSUS console and click on RUN button to complete the WSUS installation process” I went home. I came in next day and it completed successfully BUT – every device in our environment was now getting windows updates (including a Windows Upgrade to Windows 10 202H) straight from WSUS. I know its coming straight from Windows Updates because 1. we dont have the 202H version downloaded or deployed anywhere and 2. some hosts are also getting other driver updates etc that we don’t push via sccm at all. Does anyone know what happened here? I have checked all group policy settings and they are correct and they also did not change prior to the upgrade. I simply cannot find a reason why all these updates are getting deployed to all clients suddenly.
Those might be your existing deployments? Have you checked the log files mentioned in the following forum to troubleshoot the issue further https://forum.howtomanagedevices.com/endpointmanager/configuration-manager/we-are-using-ibcm-in-our-environmentwe-are-not-planning-to-update-to-cmg-for-now-and-facing-software-update-installation-issue-for-vpn-workstations/