SCCM Server OS Upgrade WSUS SUP Notes from Real World

SCCM server OS upgrade (in place) is fully supported if your SCCM server is running SCCM CB 1606 version and above. However, with SCCM CB 1702, we have a hard requirement to have operating system version of SCCM servers. The minimum requirement for SCCM CB 1702 is to have Server 2012 and above. I have mentioned about this in my previous post “Step by Step Video Tutorial of SCCM CB 1702 Baseline version Installation“. In this post, we will see some of the notes/experience from the field (real world) during the in-place OS upgrade.

More details about SCCM Server OS Upgrade Checklist in the post “SCCM CB 1702 Upgrade of CAS and Primary Sites A Real world Experience

Microsoft SCCM team has documented the steps which you need to perform before SCCM server in-place OS upgrade. Apart from the pre-checks and actions before in-place OS upgrade, there are some cautions also in that document. Most of those cautions are pointing towards IIS configuration/reconfigurations. If you have some custom/out of box configurations in your IIS settings, then you need put some research on IIS setting before the in-place OS upgrades.

In my experience of upgrading 2 different SCCM CB hierarchies, when you have not done any custom configuration in your IIS, then you are going to be OK after the upgrade of the server OS as well. Otherwise, you may need to reconfigure those custom settings again in IIS (most probably). I have post which explains about the default settings of IIS for SCCM servers here.

SCCM Sever in-place OS Upgrade

Pre SCCM Server In place OS Upgrade – Remove/Uninstall WSUS Services

We have removed the WSUS console from the server primary server and CAS, then removed WSUS components from remote SUP server before SCCM Server in-place OS upgrade. Make note that you don’t have (rather should NOT remove) to remove WSUS data, Logs and DB references while removing WSUS from SCCM SUP/Primary servers. You need to remove/uninstall only WSUS console and the core component like “Windows Server Update Service”.  Ensure that you removed wsusservice and wsuscertserver services from SCCM server. No need to remove SUP role at all.

Post SCCM Server In place OS Upgrade – Install WSUS Console

Post-SCCM Server in place OS upgrade, I have noticed that IIS related services were stopped and disabled. If that is the situation in your case, you need to make sure that all these IIS related services are not in a disabled state. Make sure that IIS is working before you try to install WSUS 6.0 (for server 2012 R2) in the server.

SCCM Sever in-place OS

Install WSUS console (via Add roles and features wizard in Server 2012) on SCCM Primary/CAS server if you have remote SUP server. No need to install DB and other services related to WSUS on primary and CAS servers if you are hosting SUP role on a remote server. Make sure; you install only following roles from “Add roles and features wizard” :-
Remote Server Administration Tools – Role Administration Tools – Windows Server Update Services Tools:-
– API and PowerShell cmdlets
– User Interface Management Console

SCCM Sever in-place OS Upgrade_WSUS_Console_Install1

Post SCCM Server In place OS Upgrade – Install WSUS Services

Once we install WSUS console on the SCCM primary/CAS server, then we can install WSUS core services on your remote SUP SCCM site system server. Launch Add roles and features wizard,  select the following components as you can see in the pic below.

SCCM Sever in-place OS Upgrade_WSUS_Service_Install

We need to complete two specific configurations as part of WSUS installation. 1.Specify the update store location 2. Specify an existing database server settings. In SCCM In place OS upgrade scenario, we need to use the same store location and Database name.

Another important point to remember is that we don’t have to click on “Launch Post -installation tasks”. Just launch WSUS console and click on RUN button to complete the WSUS installation process.

SCCM Sever in-place OS Upgrade_WSUS_Complete1

The Result SUP Sync Works Perfectly after Server OS in Place Upgrade

The result of this post-SCCM OS upgrade activity is that WSUS SYNC works fine with all the existing settings and configurations. No need to reconfigure and re-download anything as per my experience.

SCCM Sever in-place OS Upgrade_WSUS_SYNCReference :-

Upgrade on-premises infrastructure that supports SCCM/ConfigMgr – here

Sharing is caring!

9 thoughts on “SCCM Server OS Upgrade WSUS SUP Notes from Real World”

  1. We recently went from 2012 latest to 1702 on a 2008r2 box.

    Upgrade was fine. Then we went o/s 2008r2 – 2012r2 – 2016. All good.

    Note though. Have an external sup running on 2012r2 with heaps of issues. We eventually gave up and built a new 2016 box for sup. Works great!

    We also threw in a sql upgrade from 2012 to 2016!

    A whole lot of fun!

    • I have one where we forgot to uninstall/remove WSUS from server 2008 R2 and after upgrade to server 2012 R2 it decided stay there for ever 🙁
      We’ve removed the presence of the old WSUS version using MSI clean etc…. and registry entries also cleaned up.
      We were successfully able to install WSUS on server 2012 R2 via Add Roles and Features Wizard but the configuration stuff is not successful yet 🙁
      So the removal is very critical.
      Probably I will advice to remove WSUS whenever you do in place upgrade (may be for Server 2012 to 2016 as well ). We never know 😉

  2. Hi Anoop, thanks for the wonderful post.
    Can you please also share the link of OS upgrade steps on SCCM servers from 2008R2 to 2012R2 or Server 2016.

  3. Hi Anoop,

    Currently we are running on SCCM 2012 R2 SP1 with SQL 2008 R2 SP3. We are planning to upgrade SCCM server OS from 2008R2 to 2012. Is SCCM 2012 R2 SP1 will support Windows 2012 OS in place upgrade? Can you please tell me process to upgrade like from First primary then secondary and MP,DP’s etc like that or DP’s, MP,SS and Primary. Which way is best?

    Sirish Kumar K

  4. Hopefully someone still sees this post. I followed this guide exactly and after completing the step “launch WSUS console and click on RUN button to complete the WSUS installation process” I went home. I came in next day and it completed successfully BUT – every device in our environment was now getting windows updates (including a Windows Upgrade to Windows 10 202H) straight from WSUS. I know its coming straight from Windows Updates because 1. we dont have the 202H version downloaded or deployed anywhere and 2. some hosts are also getting other driver updates etc that we don’t push via sccm at all. Does anyone know what happened here? I have checked all group policy settings and they are correct and they also did not change prior to the upgrade. I simply cannot find a reason why all these updates are getting deployed to all clients suddenly.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.