As you already aware that ,the new version of SCCM Configmgr ( V1511 and later ) uses an in-console service method called Updates and Servicing that synchronizes with the Microsoft cloud service to get updates which allow you to install from within the Configuration Manager console. This process will get updates that are applicable to your infrastructure and version are downloaded and made available in the console.
To get the updates available in your configmgr console ,you need to have Site system role called ‘Service Connection Point’ .
The service connection Point is new site system role which is replacement for Microsoft Intune connecter that enables additional functionalities like
To integrate Intune with System Center Configuration Manager On-premises Mobile Device Management
Is used as a point of contact for devices you manage with
Uploads usage data about your deployment to the Microsoft cloud service
Makes updates that apply to your deployment available from within the Configuration Manager console
By default, Configmgr checks for new updates every 24 hours ,if you cannot wait until then ,you can simply go to console Administration > Cloud Services > Updates and Servicing,Check for Updates
With the recent release of Configuration manager version 1602 ,there is question keep coming up in TechNet and other forums that, they cannot see the updates in the updates and servicing node,though they have done all possible workaround to get the updates into the console.
They have service connection point installed, ONLINE (Connected to internet) ,tried automatic method within the console ,Restart SMS Executive service but still no Joy ,even they have looked at the CMUpdate.log ,all looks good ,content being downloaded to cd.latest folder .
If at all you have issue viewing the recent build version updates into the console ,you probably missing the RBA security permissions for the particular account.
So what permissions are need for this to work ?
User must be assigned a security role that includes the Read permission in the permission group Site, and the security scope All.
Points to be noted when doing in-console updates for Configmgr:
1. Always begin installing the updates with Top site (CAS—>Primary—>Secondary) if you have CAS ,else start with Standalone Primary Site.
2. Always install the updates during out of business hours (you can schedule the Service window to install the updates to have least effect to business operations).
3. When you have CAS which is installed with latest update (ex:1602) ,your primary sites will start the update automatically unless you do not have any service window else, it will wait for the service window and install for you.
4. Secondary sites will not be upgraded to automatically and you must manually update them within the configmgr console ,right click on the secondary site and choose upgrade.
5. After you are done with site upgrades ,the configmgr console will be prompted to upgrade to new version (uninstall the existing and install new ,open console automatically) and this happens to all end users when they try to launch the Configmgr console on their workstations connect to the Site.
6. It is good to select Ignore any prerequisite check warnings and install this update regardless of missing requirements while installing the updates . If you do not select this ,it is recommended to run the prerequisite check before the update install to make sure ,there are no warnings.
7. Prerequisite errors always stop the update installation. You must resolve errors before you will be able to successfully retry the update installation.
8. During the updates installation ,it also updates cd.latest folder which will be used during a Site recovery.
9. Until all sites in your hierarchy are upgraded to new build version ,your hierarchy will operate in mixed version mode.
Updates for System Center Configuration Manager
1602 Update not available in console
Unable to bring system to 1602
SCCM 1511 - Updates and Servicing not working
We are trying to upgrade 1802 to 1806 via offline mode. But at the last step"import" serviceconnectiontool.log shows it's imported but there is nothing in SCCM console sunder update and servicing. Any idea why this is so?
1802 and 1806 are unsupported builds. You will need to upgrade the site to supported builds.
Thank you thank you thank you for that comment about security scope. I've been chasing my tail on this for a long time uninstalling and reinstalling the servicing point and just discovered that I had to login with a different account. Ugg!
Glad it solve your issue.
What if the only account that had the security scope set to All is no more? Is there a workaround to create a new account with All Security scope instead of Default?
By default the account that is used to install SCCM must be set its security scope to All and is default created and later for the newly added/created accounts ,you can set the scope manually . Do you see the All security scope from administration node--security scope section ?
tried above steps, but no luck
what version are you running on now ? Did you look at the dmpdownloader.log for any errors ? are you able to click on check for updates and monitor dmpdownloader.log ?
Great article & blog, insanely helpful for my department...
I have been struggling with upgrading from 1511 to 1606 for the last 2 days...Pre-Req ran successfully, no issues there but the actual installation fails....
There only error I see on CMUpdate.log is;
"GetFileVersionInfoSizeW failed for file (\\?\E:\Program Files\Microsoft Configuration Manager\CMUStaging\0D256560-ED2C-45B5-8D75-4D38AB3F758C\SMSSetup\OSD\bin\i386\winpe.jpg)(0X80070714)"
"GetFileVersionInfoSizeW failed for file (\\?\e:\program files\microsoft configuration manager\cmuclient\x64\msrdcoob_amd64.exe)(0X80070714)"
"Failed to validate version for file E:\Program Files\Microsoft Configuration Manager\CMUStaging\0D256560-ED2C-45B5-8D75-4D38AB3F758C\redist\msrdcoob_amd64.exe (e:\program files\microsoft configuration manager\cmuclient\x64\msrdcoob_amd64.exe)"
"Failed to apply update changes 0x80004005"...
There's no errors on any other Upgrade related log files..
Can you please assist?
it looks like you have hash issues with the downloaded files .Did you solve the issue ? if so how ?
Our problem was bigger than that, I'll summarize it below;
* Initial upgrade failed due "hash versions" on 1606 Update (we used Service Connector Online-mode to download)
* Because the upgrade failed, some of SCCM components & .dll files on EasySetup was on 1606 and others on 1511 which caused a huge issues with components unable to start.
* Ran a site reset on Primary - that did not resolve the issue.
* Ran a site Recovery & restored from a previous successful 1511 backup - That went well.
* Issue was then with WSUS versions (increments) being different between Pri & Sec. - Had to manually change increments on SQL & ran a full synch.
* Another issue was "Stored Procedure" on SQL, we had both 1606 & 1511. Had to revert back to 1511.
All these tasks were performed with assistance of MS..
Word of advise before upgrade - BACKUP - BACKUP & BACKUP...
Thank you, Default Scope was my issue. Thanks a lot.
Glad ,it helped .
For me the All Security Scopes option is greyed out. My account has Full Administrative rights in SCCM but cannot change the Security Scopes from "Default" to "All".
right click on the User/Group and select properties ,go to security scope ,select first option --All instance of the object and Click Ok .