Updates, Servicing and Telemetry in Configuration Manager current branch Aaron Czechowski & Kerim Hanif

Aaron Czechowski @AaronCzechowski Senior Program Manager, Microsoft Four years on product team, nine years at Microsoft, and 18 years working with Configuration Manager Program manager for Configuration Manager diagnostics and usage data (telemetry) Active with Boy Scouts of America and an avid hiker @AaronCzechowski

Kerim Hanif @KerimHanif Senior Program Manager, Microsoft Four years on product team, 13 years at Microsoft, 16 years working with Configuration Manager. Program manager for Configuration Manager updates and servicing A culinary and scuba enthusiast @KerimHanif

Agenda 1 Updates and Servicing 2 Troubleshooting 3 Diagnostics and Usage Data

Servicing Strategy Simplify the upgrade experience In-place upgrade from Configuration Manager 2012 to latest version Support faster pace of updates for Windows 10 and Microsoft Intune New Updates and Servicing node delivers periodic updates for new features, bug fixes, and extensions for hybrid deployments using Microsoft Intune Listen to and more quickly respond to customer feedback Foundational improvements in current branch allow us to respond to customer feedback more quickly

Configuration Manager Current Branch Product version Release vehicle Availability Windows 10 features supported Support Windows Servicing Model supported Configuration Manager Current Branch Generally available December 2015 with updates released periodically throughout the year New features, security updates, and bug fixes Can defer updates for up to 12 months before you must deploy updates to maintain support Windows 10 Current Branch, Current Branch for Business, and Long Term Servicing Branch Configuration Manager Current branch (version 1511) Current branch (version 1602) Current branch (version yymm) Technical Preview (version yymm) WINTER SPRING SUMMER

Updates and Servicing Kerim Hanif

Module 1 Agenda 1 Types of updates and releases 2 Service Connection Point 3 Order of operations 4 Known issues 5 Future improvements

Types of updates and releases

Consolidating all ConfigMgr updates Updates and Servicing node in the console No more searching for the updates Get updates automatically from the cloud No more Cumulative Updates Service Packs Microsoft Intune Extensions Hotfixes GOAL: Reduce the update checklist as much as possible https://technet.microsoft.com/en-us/library/mt691556.aspx

Types of Releases Baseline In-Console Update Out-of-Band (OOB) Update E.g. Configuration Manager 1511 Full setup (CD) Will be upgradeable from 2012 R2 SP1/SP2 Supported for 1 year In-Console Update E.g. Configuration Manager 1602 Not a full setup, cumulative Requires a baseline release Out-of-Band (OOB) Update Will be released if needed Mostly will contain only features Hotfixes GDR (General Distribution Release) LDR (Limited Distribution Release) Traditional

History of Releases https://technet.microsoft.com/en-us/library/mt607046.aspx Production Release (every 3-4 months) Technical Preview Release (every month) Date Baseline (CD) TP May 2015 TP2 (8271) July 2015 TP3 (8287) August 2015 In-console Update (1st) 1509 (8299) September 2015 In-console Update 1510 (8321) October 2015 1511 (8325) TP4 (8325) December 2015 1512 (8336) December 2016 1601 (8347) January 2016 1602 (8355) February 2016 1602 (8360) March 2016 1603 (8372) TP5 (8385) April 2016 1604 (8385) 1605 (8396) May 2016

History of Releases Production Release (every 3-4 months) Technical Preview Release (every month) Updates (OOB) None yet (will be released if needed) None (most cases we will not be releasing an update for preview builds) Hotfix 1511 Traditional: KB3125905, KB3118485, KB3124274, KB3128090, KB3127032, KB3101706, KB3122677, KB3139572, KB3140781, KB3142341, KB3145401 1511 GDR: KB3122637 (Exchange Connector) 1602: None yet (most cases we will not be releasing an hotfix for preview builds)

Recommended Customer Infrastructure Technical Preview Pre-Production Production ConfigMgr Preview Build Standalone Primary No hierarchy support 10 Clients Update monthly Test new features ConfigMgr Production Build Replica of production site (on the server side) Appropriate number of clients for testing purposes Install updates here first ConfigMgr Production Build Live environment

Service Connection Point

Service Connection Point Can be Online or Offline or Skipped (not recommended) During Setup After Setup

Requirements Service Connection Point (SCP) role needs to be installed Either in Online or Offline mode SCP role == Intune Connector role (doesn’t exist anymore) ConfigMgr 2012 R2SP1/SP2 Hybrid (Intune+ConfiMgr) customers upgrading to 1511 will not need to install SCP since it is already there

If SCP Installation is Skipped Nags will show Nag will only show at the top level site, during console start, to the admins with “SMS_Site modify” right

Offline Servicing Created for customers that can’t connect to a cloud service STILL needs to install Service Connection Point (SCP) role to a server (doesn’t have to be connected to the internet) Set the SCP to Offline mode Use “Service Connection Tool” on computer connected to the internet download the content from the cloud service TIP: ServiceConnectionTool.exe needs to be copied together with all the other files in the directory when needs to be copied and run in another location Recommended to have 2GB on media (if USB)

Service Connection Tool 1 Server with Service Connection Point (no internet connection) Microsoft Cloud ServiceConnectionTool.exe -Prepare -usagedatadest D:\USB\usagedata.cab 1602 Cab 3 2 Any machine with internet connection ServiceConnectionTool.exe -import –updatepacksrc D:\USB\UpdatePacks ServiceConnectionTool.exe -Connect -usagedatasrc D:\USB\usagedata.cab –updatepackdest D:\USB\UpdatePacks 1602

Order of operations

Updating Site Systems Download automatic in Online mode CAS/Standalone Primary Download automatic in Online mode Download and import manually in Offline mode (using the Service Connection Tool) For both modes, initiate install manually using the console Primary Sites Download and install automatic but can be controlled specifying “Service Windows” Secondary Sites Download and install is manual Distribution Points and all other site system roles Download and install is automatic

Configuration Manager Consoles Detects during initialization, auto upgrades if server version is greater Can be ignored, but not recommended If ignored, it continues nagging when using the console

Clients Allow admins to select a pre-production collection to test new client After testing, admins can choose to promote the new client bits to production

Known issues

Known Issues as of 1602 Full administrator with default scope can NOT see 1602 update. Admins needs to have permission for “All instances of the object” under “Security Scopes” Redistributables can fail to download for various reasons, please check dmpdownloader.log and configmgrsetup.log for which exact files it fails to download If the update is being downloaded, CM admin console [Monitoring]- >[Overview]->[Site Servicing Status] does not show status for each site If the update content is being replicated, CM Admin console [Monitoring]- >[Overview]->[Site Servicing Status] does not show status for each site

Known Issues as of 1602 1602 update shown in Admin console as Not Applicable, this is because the environment has a LONG CM installation path that 1602 cannot handle correctly. <CM InstallDir>\Inboxes\clifiles.src\Configuration.mof will be overwritten. Please find the backup from <CM InstallDir>\data\hinvarchive\ and add your custom extension back. Using 1602 CD.Latest to add a new peer primary site to a CAS, you will get a prereq failure (setup file build number does not match parent site build number), after verifying this is the only prereq rule failure, use /noprereq option

Future improvements

6/26/2018 6:07 AM Future Improvements Monitoring interface renamed to “Updates and Servicing Status” More granular status monitoring Clearly see each phase in a new monitoring user interface (Download, Replication, Prerequisite install and Install) progress References to applicable log files in user interface SQL upgrade performance improvements Pre-release Consent for pre-release features Feature node improvements Previous updates moved to new History node Limiting SQL access during database upgrade (1602+) Stop all current SQL connections to CM DB Deny remote MP “execute” permissions to CM DB 1602+ MPs will return "no new policy" to clients when update is in progress © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Demonstration Updates and Servicing in Configuration Manager

Module 1 Summary 1 Types of updates and releases 2 Service Connection Point 3 Order of operations 4 Future Improvements 5 Best practices