Blog Post

Core Infrastructure and Security Blog
7 MIN READ

Updating Configuration Manager in Offline Mode with the Service Connection Tool

ChrisVetter's avatar
ChrisVetter
Icon for Microsoft rankMicrosoft
May 21, 2020

 

Hey everyone, Chris Vetter Sr. Cloud Solution Architect at Microsoft here to go over updating Configuration Manager Current Branch in an Offline environment. I have installed the Baseline version 1902 of Configuration Manager Current Branch, and I am going to walk you through installing the Service Connection Point Role in Offline mode then we will use the Service Connection Tool to upgrade our environment.

 

The service connection point is what connects to Microsoft cloud service and transmits the telemetry data for your environment and sends the latest update packages and hotfixes down to your console for install. When we are in an air-gapped (disconnected) environment we unfortunately cannot utilize this feature in this way. So how do we get updates for Configuration Manager? We will use the service connection tool and a machine with an internet connection to get our update package information. After which we will import that data into the console and go through the update process. If you do not have access to a machine where you can utilize an internet connection to get your data, then I would suggest opening a free case with Microsoft CSS to get your update package information.

 

Install Service Connection Point (Offline Mode)

 

Let’s get started. Open your freshly installed ConfigMgr console and go to the administration tab select the Site configuration dropdown and select the Servers and Site System Roles node. Select your highest-level site server on o my case it is a primary site server.

 

 

Select Add System Roles from the Tool Ribbon.

 

 

On the General Tab of the Add Site Systems Roles Wizard leave the default selections and click next

 

 

On the next tab enter any proxy information from your network. If none of your ConfigMgr traffic is going through a proxy, then just click next.

 

 

On the System Role Selection tab, we will select the Service Connection Point role.

 

 

Next, we need to specify the mode for our service connection point. We will select the Offline, on-demand connection radio button then click next.

 

 

Confirm your settings then click next. Once the progress had completed verify the role was added successfully click close.

 

 

Use Service Connection Tool

 

**UPDATE** - As of version 2309 the service connection tool has new prerequisites that will need to be installed on the online device before you can download all of the files successfully. These include C++ redistributable software and a SQL ODBC Driver please refer to the link at the bottom of this blog for the more detailed information before proceeding.

 

Now we will discuss using the service connection tool. The service connection tool can be found in the installation directory of the Primary site or Central Administration site (CAS) and must be used on the highest-level site. The service connection tool will can used in four phases

 

  • Prepare – Here we will prepare the .cab file with telemetry data to transmit our information to the Microsoft cloud service
  • Export – This is optional, but some customer may be hesitant to do this process because they are not aware what information is being given. This will export all the information from the .cab to an Excel file you can share with the customer to assure none of their protected data is at risk.
  • Connect – Here we will connect to the cloud service to receive the update package files that are applicable for our upgrade
  • Import – Here we import the update package files into ConfigMgr so we can download and perform the update.

Prepare

 

So now we will prepare the usagedata.cab with our telemetry data. Open an administrative command prompt window and first we must create a directory for out .cab file I am creating the directory on my e: drive so first lets change our command prompt to the E: drive by typing E: then press enter.

Now use the command mkdir e:\USB and press enter this should create the directory on the root of the E: drive.

 

 

Now we will use the cd command to change to the directory for the service connection tool type.

Cd “E:\Program Files\Microsoft Configuration Manager\cd.latest\SMSSETUP\TOOLS\ServiceConnectionTool”

This will change out working directory to the Service connection tool folder. Now type the following command…

 

ServiceConnectionTool.exe -prepare -usagedatadest e:\USB\usagedata.cab then press enter.

 

 

Check the ServiceConnectionTool.log to make sure there were no errors…

 

 

…and verify your .cab file is larger than 1kb.

 

 

Connect

 

Now use your approved transport method (thumb drive, Ext. HDD, etc.). Copy the USB directory containing your usagedata.cab and copy the Service Connection Tool directory to a machine with Internet access. Once you have copied everything over to the internet connected machine, open an administrative command prompt create a directory where we can download the update packages, I created this in the USB directory where the usagedata.cab resides.

 

Mkdir c:\_hold\USB\UpdatePacks

 

 

There are different switches we can use with the connect step which I listed below:

 

  • -downloadall This option downloads everything, including updates and hotfixes, regardless of the version of your site.
  • -downloadhotfix This option downloads all hotfixes regardless of the version of your site.
  • -downloadsiteversion This option downloads updates and hotfixes that have a version that is higher than the version of your site.

 

I will use the -downloadsiteversion switch in this guide. Now let us use the cd command to set the location to where you copied the service connection tool. Type the following command:

ServiceConnectionTool.exe -connect -downloadsiteversion -usagedatasrc c:\_hold\USB -updatepackdest c:\_Hold\USB\UpdatePacks

 

 

Verify the download is successful in the ServiceConnectionTool.log.

 

 

Now we can move the UpdatePacks folder and its contents back to our server and perform the   phase of the Service Connection Tool

 

Import

 

Once you have copied the update packages back on your server open your administrative command prompt window and change to the where you copied the files and we will run the following command line to import the updater packages into Configuration Manager:

 

ServiceConnectionTool.exe -import -updatepacksrc e:\USB\UpdatePacks

 

Check the ServiceConnectionTool.log for successful import

 

 

Now we should be able to see the available updates in the console. Go to the Administration tab then Updates and servicing. We are going to Select version 1910 then select download from the ribbon

 

 

Check the dmpdownloader.log for progress and errors.

 

Perform upgrade

 

Now that our 1910 update package is ready to install, we are going to run a prerequisite check.

This will let us know if there are any components that will cause the update to fail in their current state. Now click on the 1910 update then click Run prerequisite check from the ribbon.

 

 

You can check the status of the prerequisite check on the monitoring tab, under Updates and Servicing.

When the prerequisite check is complete, verify all steps completed without error.

 

 

Now we can go back to the administration tab and start the upgrade. Click the 1910 upgrade package then click Install Update Pack in the ribbon to launch the wizard.

 

 

On the first page of the wizard check the "Ignore any prerequisite check warnings and install this update regardless of missing requirements" box since we have already ran a prerequisite check and verified all requirements. Then click next.

 

 

On the next page enable any features that are included in this update pack. This can also be done after the upgrade process. Click next

 

 

Next, select your option for how to upgrade the clients in your environment. I do not have a pre-production collection, so I am selecting upgrade without validating. Click next

 

 

Check the box accepting the license terms and click next

 

 

Review the summary and click next. When complete, click close.

 

 

Monitor the hman.log and cmupdate.log for progress and any significant errors. This process can take up to a couple hours or more depending on the size of your environment. When the update process is complete open the Configuration Manager console (it should prompt you to update) And verify you are now on Version 1910 by clicking the arrow in the top left corner and selecting About Microsoft Endpoint Configuration Manager.

 

 

You may now repeat the process for any future updates or hotfixes that need to be applied.

 

Disclaimer

 

The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

 

Disclaimer 2

 

All screenshots and folder paths are from a non-production lab environment and can/will vary per environment. All processes and directions are of my own opinion and not of Microsoft and are from my years of experience with the configuration manager product in multiple customer environments.

 

Resources

 

Service Connection Point Role - https://docs.microsoft.com/en-us/configmgr/core/servers/deploy/configure/about-the-service-connection-point

Service Connection Tool - https://docs.microsoft.com/en-us/configmgr/core/servers/manage/use-the-service-connection-tool

 

Updated Jul 26, 2024
Version 3.0
  • Hello Mamad1845 ,

     The answers to your questions are below:

     

    1st: Is it possible to proceed in two steps in this case? That is, perform a first update from version 1910 to version 2010, and if the 2010 update appears in the console, perform a second update from version 2010 to version 2203.

    Possible? The minimum version you must be on to get to 2203 is Version 2010 so yes you should be able to achieve this in just 2 upgrades. Please note that 2203 goes out of support in October of this year so I would plan another upgrade before then to avoid support issues. What's new in version 2203 - Configuration Manager | Microsoft Learn.

    2nd: The version of the console being used is 1910 (Console Version: 5.1910.1067.1600, site version: 5.00.8913.1012, Client version: 5.00.8913.1012).
    Is this version able of displaying a higher version such as version 2010, or
    does the currently used version console 1910 need to be upgraded to version 2010 first to be able to display it? Once you have completed an upgrade you will automatically be prompted to upgrade the console to the supported version once you re-launch the console. I recommend you do this for each version you upgrade to avoid any data corruption from using an older console version. I hope I have answered your questions to your satisfaction and good luck with your upgrade.

  • Hi Chris,

    thank you for your feedback

    I haven't had a chance to look at the logs yet, which I'll send you as soon as I can if I find any errors, but two questions has occurred to me,

     

    1st: Is it possible to proceed in two steps in this case? That is, perform a first update from version 1910 to version 2010, and if the 2010 update appears in the console, perform a second update from version 2010 to version 2203.

    Possible?

     

    2nd: The version of the console being used is 1910 (Console Version: 5.1910.1067.1600, site version: 5.00.8913.1012, Client version: 5.00.8913.1012).
    Is this version able of displaying a higher version such as version 2010, or
    does the currently used version console 1910 need to be upgraded to version 2010 first to be able to display it?

     

    Regards,

     

  • Hello Mamad1845 ,

     

    Are there any errors in the dmpdownloader.log or Hman.log when you select check for updates from the Updates and Servicing Node? and you are correct from 1910 I think the most recent version you can upgrade to will be Current Branch 2010 so this will be a multiple step upgrade process for you. You can also look in the EasySetupPayload\Offline folder on the Primary site to verify the .cab and redist files imported as well.

  • Hi,
    Basically I am trying to perform an upgrade of SCCM version (using the Service connection tool in offline mode) from 1910 (Console Version: 5.1910.1067.1600, site version: 5.00.8913.1012,Client version: 5.00.8913.1012) to 2203 in an offline Environment
    Following Procedures described in this Document, I performed the “prepare” and “connect” steps (in this order).

    Then, performing the “import” step of this Procedure, I don’t notice particular errors or exceptions in log files (ServiceConnectionTool.log, ConfigMgrSetup.log)

    The problem is that after these steps I don’t see any update as available in the Console (under Updates and Servicing section).
    I know that jumping directly from 1910 to 2203 could be not a feasible operation (because of feasible upgrade paths) but I should view at least updates that are more close to 1910 version (for example I thought to perform a “double step” upgrade from 1910 to 2010 and then from 2010 to 2203). Right?

  • Scoko2's avatar
    Scoko2
    Copper Contributor

    Hello Chris,

     

    We also have offline SCP.

    however, I am having an issue with the Service Connection tool cannot connect to the SCCM Database. It is on a separate SQL server instead of on SCCM itself

     

    E:\USB\ServiceConnectionTool>serviceconnectiontool.exe -prepare -usagedatadest E:\USB\UsageData.cab
    ERROR: can not connect to the database. Please refer to the log file for more information.

     

    The Service Connection Tool.log showing below in red: login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Any idea what is the issue.

    Kindly advise/help.

     

    Regards,

    Scoko