Hello!
My name is Herbert Fuchs and together with other members of the Customer Success Unit and the Customer Service & Support Organization we want to help our Customers with This Blog-Series. We gathered information and put
our field and support experience into this. Special thanks to our contributors, reviewers and content-writers, Wilhelm Kocher, Anthony Fontanez, Emilian Bucur, Pavel Yurenev, Anderson Cassimiro and Madalina Zamfir.
In this Blog we want to explain what is necessary to change the Operating System of a Server which hosts the Configuration Manager through an In-place Upgrade.
Since the early Versions of Configuration Manager Current Branch, it is supported to upgrade the Operating System to a newer Version through an In-place Upgrade:
Upgrade on-premises infrastructure - Configuration Manager | Microsoft Learn
The big advantage with this Method – it is a very fast Transition and has less prerequisites or preparation compared to Disaster Recovery, High Availability, or Site by Site Migration. However, it is important to mention that, even if it is supported, it is at the same time also not recommended (take a close look at the Message Prompt when you start the In-place Upgrade).
Before you start the In-place Upgrade – have the latest Backup of ConfigMgr-Site and the cd.latest of your Configuration Manager Version handy and stored in safe location. Better to be safe than say sorry. Your last resort of a Fallback is always Disaster Recovery. Of course, you can create Snapshots – but keep in mind that this is not a supported way of Restore/Recovery.
Backup sites - Configuration Manager | Microsoft Learn
But before we go into details let us clarify the method and what is supported:
IPU is a method through which you are using the same hardware where you aim to move for an existing OS release to a more recent one. For example, your server is running Windows Server 2012 R2 you can upgrade it to Windows Server 2019. With IPU you go from an older version to a newer one while keeping your settings, server roles and data intact.
Important to note here is - when you perform an IPU, you can upgrade to a newer version of Windows Server by up to TWO Versions at a time. For example, in case your run Windows Server 2012 R2 you can upgrade straight to Windows Server 2019 but not Windows Server 2022.
The following Table summarize the supported upgrade path:
Overview of Windows Server upgrades | Microsoft Learn
It is also supported to use Inplace-Upgrade for VM’s which are running in Azure:
Windows in-place upgrade - Azure Virtual Machines | Microsoft Learn
Advantages/Disadvantages of an In-place Upgrade:
The following table gives you an overview:
|
Advantages |
Disadvantages |
|
Fastest upgrade method |
High risk of failure – potential compatibility issues |
|
Lowest downtime |
Transfer actual issues into the new OS |
|
Retains existing data and settings |
Risk of data loss due to corruption during the upgrade process |
|
Improved security and supportability of the latest version |
Impact on server performance – reduced performance during the IPU – negative impact on availability and responsiveness |
|
Cost effective no need to get new hardware |
Limited customization compared to a clean install (for instance change the Install Directory of ConfigMgr)
|
IPU OS Prerequisites:
Before we get started, please make sure you review the following prerequisites of the IPU:
- Determine which version of Windows Server is supported by the upgrade path
- The Hardware meets or exceeds the requirements for the Windows Server Version you want to upgrade
Hardware requirements for Windows Server | Microsoft Learn - Have the Installation Media ready to use
- A valid product key and activation method available
- A Location to store files away from your computer.
- Review the upgrade and migrate roles and Features
Migrating roles and features in Windows Server | Microsoft Learn - Review the Microsoft Server Applications Compatibility article
Windows Server 2022 and Microsoft server applications compatibility | Microsoft Learn - Review any third-party application vendors support requirements
- Make sure you have installed the latest cumulative Update
- Uninstall Windows Management Framework 5.1 (Windows Server 2012/R2)
- Uninstall Third-Party Anti-Virus Solution (the solution might support the IPU, but to reduce the risk it is advisable to remove the solution for the IPU)
- Create a Backup of your Configuration Manager through Built-In or SQL Backup
- Save the cd.latest of your Configuration Manager in safe Location (not the Server which you want to Upgrade)
- Backup the Categories and Products you configured:
# Get subscribed Categories
$UpdateConfig = Get-CMSoftwareUpdateCategory | where {$_.IsSubscribed -eq $true}
# List configured Categories
$UpdateClasses = $UpdateConfig | where {$_.CategoryTypeName -eq 'UpdateClassification'} | Select LocalizedCategoryinstanceName
$UpdateClasses.LocalizedCategoryInstanceName | Out-File -FilePath C:\temp\SUPConfigClasses.txt -Force
# List configured Products
$UpdateProducts = $UpdateConfig | where {$_.CategoryTypeName -eq 'Product'} | Select LocalizedCategoryinstanceName
$UpdateProducts.LocalizedCategoryInstanceName | Out-File -FilePath C:\temp\SUPConfigProducts.txt -Force
Step by Step Guide
- Make sure all components of ConfigMgr are healthy
- If your SQL-Server is co-located with Configuration Manager, make a backup of the databases
Task sequence stops after an in-place upgrade - Configuration Manager | Microsoft Learn - Uninstall the System Center Endpoint Protection – it blocks the Upgrade and will be replace with Windows Defender
- Remove the Software Update Point Role
- Remove WSUS but keep the Database
- Mount the Windows ISO and start the Setup-Wizard
- Enter a Product-key
- Choose the Image to Install Standard/Enterprise (Desktop Experience)
- Accept License Terms and choose “Keep personal files and apps”
- Hit the Install Button and Monitor the upgrade progress
Post-Upgrade-Task
- Verify that your Windows and ConfigMgr Services are started, especially look at the SMS_Site_Component_Manager, SMS_Executive, Windows Process Activation and WWW/W3svc
- Remove and Add the BITS Feature
- Add the WSUS-Role
- Run wsusutil.exe post install based on your Configuration (SQL/WID)
- Run wsusutil.exe reset
- Start a Site Reset and monitor SiteComp.log
Modify infrastructure - Configuration Manager | Microsoft Learn - Add the Software Update Point again
- Verifying the Categories and Products still exist
- Verifying if the Content-Version between Clients and WSUS-Sync-Manager matches
-- SQL Statements against your CM-Database
select MinSourceVersion from CI_UpdateCIs order by MinSourceVersion desc
select ContentVersion from WSUSServerLocations
select ContentVersion from Update_SyncStatus
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Components\SMS_WSUS_SYNC_MANAGER
Change the values of ContentVersion, Synctoversion and lastattemptversion to a value which is equal or higher than the highest content version of the site.
- Review the Components and Status Messages
- Verify DCOM OLE
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \Ole
If the Reg-Binary MachineAccessRestriction/MachineLaunchRestriction has been renamed to old. DO NOT start an update of your Configuration Manager Site to the latest version.
- Instead, open Dcomcnfg.exe, navigate to Computers\My computer and open properties of the object.
- On the COM Security tab, note 4 buttons: “Edit Limits” and “Edit Defaults” for Access and Launch/Activation permissions.
- Press all 4 buttons and note the current configuration: each security principal added and its permissions.
- Make a minor change in every part – like add “remote access” where it’s not selected
- Once done, press Apply in the main COM Security Window.
- Verify the registry values of the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole are recreated:
- MachineAccessRestriction
- MachineLaunchRestriction
- Roll back all the changes made at step 5 – and press Apply again
- Restart the machine and proceed with the site upgrade
If the above procedure did not help regarding DCOM Ole - please raise a ticket to Microsoft CSS (Customer Service and Support)
In-place Upgrade SQL
Once you have successfully updated the Operating System of your Configuration Manager. You can also upgrade the SQL to higher Version.
Upgrade SQL Server - SQL Server | Microsoft Learn
IMPORTANT:
When you use this procedure also to upgrade your SQL-Server to latest supported Version – Verify if you are using the Configuration Manager Bitlocker Feature and if you also configured encryption of the Database. If your SQL Server is 2014 and below – you will face issues with the encryption Keys. The reason for SQL 2016 and higher is we use a stronger Cipher for the Encryption Certificate, and it will be necessary to escrow the Keys again. If you are running in this Scenario open a Ticket with Microsoft Customer Service & Support to get detailed instructions
We hope this Blog clarifies the In-place Upgrade Method, and helps you, if you must change the Operating System of your Configuration Manager, through this method.
Disclaimer
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
Microsoft
