Let’s catch up and understand the real-world experience with SCCM Server Patching Tips Using Orchestration Groups. More details about ConfigMgr Orchestration Group Setup Step by Step Guide for Server Patching.
Personally, I am a big fan of this feature “Service a server group”. Many of us might not know what it does or how to implement it because it was in Pre-Release (Not sure if moved to production in MECM 2002) so we are trying to make it easier for you.
I got a project assigned to automate the failover during patch deployment and that’s when I started digging more about this function.
Coincidentally there was an event organized by Anoop Nair – “Global Azure BOOTCAMP 2018” and I registered. Among many tech talks about automation “Dexter” was explaining PS functions and I asked about the Node Drain-in Node Drain-Out for the same matter we are talking about.
Who should read this Article?
This article will help IT and Configuration Manager administrators who currently manage a mostly on-premises Server management infrastructure (SCCM Server Patching Tips Using Orchestration Groups). It will help them automate the cluster patching at the place of doing it manually for patching.
There is not much information or use cases for this feature but thanks to “Adaptiva- Matt Tinney” who wrote about it back in 2018 which helped me a lot to understand it in an early stage. https://insights.adaptiva.com/2018/configmgr-server-groups-take-control-patching/
Later somewhere in 2020 (04/01/2020) Microsoft also released an article about it https://docs.microsoft.com/en-us/mem/configmgr/sum/deploy-use/service-a-server-group
I tested it in SCCM 1606 for patching SQL Clusters as it’s meant to perform the cluster patching a lot easier than we think and takes care of load-balancing for you automatically at the place of you performing the failover then patch and again move it back to load after reboot.
Starting in Configuration Manager version 1606, you can configure server group settings for a collection to define how many, what percentage, or in what order computers in the collection will install software updates. You can also configure pre-deployment and post-deployment PowerShell scripts to run custom actions.
When you deploy software updates to a collection that has server group (SCCM Server Patching Tips Using Orchestration Groups Scripts) settings configured, Configuration Manager determines how many computers in the collection can install the software updates at any given time and makes the same number of deployment locks available.
Only computers that get a deployment lock will start software update installation. When a deployment lock is available, a computer gets the deployment lock, installs the software updates, and then releases the deployment lock when software updates installation successfully completes.
Then, the deployment lock becomes available for other computers. If a computer is unable to release a deployment lock, you can manually release all server group (SCCM Server Patching Tips) deployment locks for the collection.
- Starting in SCCM version 2002, server groups have been replaced by orchestration groups. For more information, see Orchestration groups.
- Pre-release features are features that are in the Current Branch for early testing in a production environment.
- These features are fully supported but are still in active development and might receive changes until they move out of the pre-release category.
- You must turn on this feature for it to be available. For more information, see Use pre-release features from updates.
Important – All of the computers in the collection must be assigned to the same site. SCCM Server Patching Tips Using Orchestration Groups Scripts.
In the Assets and Compliance workspace, click Device Collections, right-click the collection that contains the computers in the server group and then click Properties.
On the General tab, select All devices are part of the same server group, and then click Settings.
On the Server Group Settings page, specify one of the following settings:
Allow a percentage of machines to be updated at the same time: Specifies that only a certain percentage of clients are updated at any one time. If, for example, the collection has 10 clients, and the collection is configured to update 30% of clients at the same time, then only 3 clients will install software updates at any given time.
Allow a number of machines to be updated at the same time: Specifies that only a certain number of clients are updated at any one time.
Specify the maintenance sequence: Specifies that the clients in the collection will be updated one at a time in the sequence that you configure. A client will only install software updates after the client that is ahead of it in the list has finished installing its software updates.
Specify whether to use a pre-deployment (node drain) script or a post-deployment (node resume) script. SCCM Server Patching Tips Using Orchestration Groups post and pre-deployment Scripts.
Warning – Custom scripts are not signed by Microsoft. It is your responsibility to maintain the integrity of these scripts.
Tips – SCCM Server Patching Tips Using Orchestration Groups Scripts
The following are examples that you can use in testing for pre-deployment and post-deployment scripts that write the current time to a text file:
#Start $a = Get-Date Write-Output "Universal Time: " + $a.ToUniversalTime() | Out-File C:\Windows\Temp\start.txt
$a = Get-Date
Write-Output "Universal Time: " + $a.ToUniversalTime() |
Disclaimer – The information provided on site is for general informational purposes only. All information on the site is provided in good faith, however, we make no representation or warranty of any kind, express or implied regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the website.
- SCCM Orchestration Groups Setup Step by Step Guide for Server Patching – https://www.anoopcnair.com/sccm-orchestration-group-setup-guide/
My name is Deepak Rai, and I am a Technical Lead on SCCM and Intune with more than 14 years of experience in IT. My main domain is SCCM (AKA ConfigMgr, CB, MECM, etc.), Intune, and Azure (Runbooks). I have worked on several platforms (Active Directory, Exchange, Veritas NETBACKUP, Symantec Backup Exec, NDMP devices Like Netapp, EMC Data Domain, Quantum using Backup Exec 2010 and 2012, HP storage works 4048 MSL G3, Data Deduplication related troubleshooting.) in these 13 years but at last ended up to the technology from which I started as IT Engineer (SCCM).