Microsoft has released the first SCCM version for 2023. SCCM 2303 has been released on April 11th, 2023. This post is a complete step-by-step SCCM 2303 upgrade guide, meaning that if you want to upgrade your existing SCCM installation to the latest SCCM updates, this post is for you.
You won’t be able to install SCCM 2303 if you are running SCCM 2012. Well, that’s an odd phrase! Thank you current branch naming.
SCCM 2303 is a baseline version. This means that if you’re downloading the source from Volume Licensing, SCCM 2303 will be the starting version of your new SCCM site.
To install SCCM 2303 as an update, you must have installed
Keeping your infrastructure up to date is essential and recommended. You will benefit from the new features and fixes, some of which can apply to your environment. It’s easier than ever to upgrade since Microsoft has implemented the servicing model directly from the console.
SCCM 2303 Upgrade Guide – New Features and Fixes
SCCM 2303 includes fewer new features and enhancements than its predecessors. There are still new features that touch site infrastructure, content management, client management, co-management, application management, operating system deployment, software updates, reporting, and configuration manager console.
You can consult the What’s new in version 2303 of System Center Configuration Manager Technet article for a full list of changes.
Here’s our list of favorite features. Microsoft brings together SCCM/MEMCM and Intune into a single console called Microsoft Endpoint Manager admin center. We’ll do blog posts on the most interesting feature in the coming weeks :
- Endpoint Security reports in Intune admin center for Tenant Attached devices
- SQL Server 2022 version support added for Configuration Manager
- Unified update platform (UUP) GA release
- Maintenance window schedules
- Improvements to Cloud Sync
Support for SCCM Current Branch Versions
Ensure to apply this update before you fall into an unsupported SCCM version. Read about the support end date of the prior version of the following Microsoft Learn article. The SCCM 2303 version will be supported until October 10, 2024.
Windows and SQL Support
Before installing, make sure that you are running a supported Operating System and SQL version. Older SCCM version was giving a warning during the Prerequisite check but 2303 is giving an error that prevents the installation from continuing.
SCCM 2303 supports only Windows 2012+ and SQL 2012 SP3+.
The support lifecycle for SQL Server 2012 ends on July 12, 2022. Plan to upgrade database servers in your environment, including SQL Server Express at secondary sites.
Important InfoVersion 1906 client requires SHA-2 code signing support.
Due to weaknesses in the SHA-1 algorithm and to align to industry standards, Microsoft now only signs Configuration Manager binaries using the more secure SHA-2 algorithm. The following Windows OS versions require an update for SHA-2 code signing support:
Windows 7 SP1
Windows Server 2008 R2 SP1
Windows Server 2008 SP2
Before you Begin – SCCM 2303 Upgrade Guide
Downloading and installing this update is done entirely from the console. There’s no download link, the update will appear on your console once the Service Connection Point is synchronized.
If you’re running a multi-tier hierarchy, start at the top-level site in the hierarchy. After the CAS upgrade, you can begin the upgrade of each child site. Complete the upgrade of each site before you begin to upgrade to the next site. Until all sites in your hierarchy are upgraded, your hierarchy operates in a mixed version mode.
There are a couple of new important prerequisite checks in this SCCM 2303 release :
Configuration Manager current branch version 2107 has a warning prerequisite rule that checks for Microsoft .NET Framework version 4.6.2. This version of .NET is required on site servers, specific site systems, clients, and the Configuration Manager console.
Starting in this release, this prerequisite rule for .NET 4.6.2 is an error. Until you upgrade.NET, you can’t continue installing or updating the site to this version of ConfigurationManager
When the Configuration Manager client updates to version 2303 or later, client notifications are dependent upon .NET 4.6.2 or later. Until you update .NET to version 4.6.2 or later, and restart the device, users won’t see notifications from ConfigurationManager. Other client-side functionality may be affected until the device is updated and restarted. For more information, see More details about Microsoft .NET.
The prerequisite check will verify all that for you :
If you migrated your site to EHTTP, you’ll have a warning about the Network Access Account that is no longer needed. See Microsoft Support Article on this subject.
[Completed with warning]:The site server configured with HTTPS/Enhanced HTTP, does not require network access account. Please verify the minimum appropriate permission of this account(s) and remove the account(s) which has higher privileges. We recommend you remove the configured network access account(s) which are not leveraged.For more information about your network access account required permissions, see https://go.microsoft.com/fwlink/?linkid=2210348.
In this post, we will update a stand-alone primary site server, consoles, and clients. Before installing, check if your site is ready for the update:
- Open the SCCM console
- Go to Administration \ Updates and Servicing
- In the State column, ensure that the update Configuration Manager
2303 is Ready to install
- If it’s not available, right-click Updates and Servicing and select Check for Updates
The SCCM 2303 update is not yet available for everyone. If you need it right away you can run the Fast-Ring script and the update will show up.
- If the update is not downloading, click on the button Download on the upper node. The update state will change to Downloading
- You can follow the download in Dmpdownloader.log or by going to Monitoring / Updates and Servicing Status, right-clicking your Update Name, and selecting Show Status
- The process will first download .CAB file and will extract the file in the EasyPayload folder in your SCCM installation directory.
- It can take up to 15 minutes to extract all files.
SCCM 2303 Upgrade Guide
Step 1 | SCCM 2303 Prerequisite Check
Before launching the update, we recommend launching the prerequisite check first. To see the prerequisite checklist, see the Microsoft Documentation
- Open the SCCM console
- Go to Administration \ Updates and Servicing
- Right-click the Configuration Manager 2303 update and select Run prerequisite check
- Nothing will happen, the prerequisite check runs in the background and all menus are unavailable during the check
- One way to see progress is by viewing C:\ConfigMgrPrereq.log
- You can also monitor prerequisite checks by going to Monitoring / Update and Servicing Status, right-clicking your Update Name and selecting Show Status
- If you have any warnings, follow the recommendation to fix the issue in the bottom pane
- The check if HTTPS or Enhanced HTTP is enabled will probably pop for a lot of you. We release a full blog post on how to fix this warning. For now, this is supported until Oct 31, 2022.
- When completed the State column will show Prerequisite check passed
- Right-click the Configuration Manager 2303 update and select Install Update Pack
Step 2 | Launching the SCCM 2303 Update
We are now ready to launch the SCCM 2303 update. At this point, plan about 45 minutes to install the update.
- On the General tab, click Next
- On the Features tab, checkboxes on the features you want to enable during the update
- Don’t worry, if you don’t select one of the features now and want to enable it later, you’ll be able to so by using the console Administration \ Updates and Servicing \ Features
- In the Client Update Options, select the desired option for your client update
- This option allows updating only client members of a specific collection. Refer to our pre-production client deployment post for more details
- On the License Terms tab, accept the license terms and click Next
- On the Summary tab, review your choices, click Next and close the wizard on the Completion tab
The whole process took a minute but the installation begins on the back end.
- During installation, the State column changes to Installing
- We suggest you monitor the progress, by navigating to Monitoring / Updates and Servicing Status, right-clicking your Update Name and select Show Status
Unfortunately, the status is not updated in real-time. Use the Refresh button to update the view.
- Open the SCCM update log SCCMInstallationDirectory\Logs\CMUpdate.log with CMTrace
We’ve done numerous SCCM upgrades. Some installations start a couple of minutes after you complete the wizard but we’ve seen some installation starts after a 10 minutes delay. Do not reboot or restart any services during this period or your update can be stuck in the “Prerequisite check passed” status. There are actually no officially documented methods by Microsoft to fix that. Patience is the key!
- When completed, you’ll notice the message There are no pending update packages to be processed in the log file
- Monitoring / Updates and Servicing Status, right-click your Update Name and select Show Status, the last step will be Installation Succeeded
- Refresh the Updates and Servicing node in Administration, the State column will be Installed
Updating the Outdated Consoles
As a previous update, the console has an auto-update feature. At the console opening, if you are not running the latest version, you will receive a warning and the update will start automatically.
- Since all update operations were initiated from the console, we didn’t close it during the process. We received a warning message when clicking certain objects. You will have the same message when opening a new console
- Click OK, console restart and the update will start automatically
- Wait for the process to complete. You can follow the progress in C:\ConfigMgrAdminUISetup.log and C:\ConfigMgrAdminUISetupVerbose.log. Once completed, the console will open and you’ll be running the latest version
After setup is completed, verify the build number of the console. If the console upgrade was successful, the build number will be 9096 and the version is now Version 2303 .
- Go to Administration \ Site Configuration \ Sites
- Right-click your site and select Properties
- Verify the Version and Build number
Upgrade SCCM 2303 Clients
The client version will be updated to 5.00.9106.100x (after updating, see the section below)
SCCM 2303 Client Package distribution
You’ll see that the 2 client packages are updated:
- Navigate to Software Library \ Application Management \ Packages
- Check if the update is successful, otherwise, select both packages and initiate a Distribute Content to your distribution points
Boot images will automatically update during setup. See our post on upgrade consideration in a large environment to avoid this if you have multiple distribution points.
- Go to Software Library / Operating Systems / Boot Images
- Select your boot image and check the last Content Status date. It should match your setup date
SCCM 2303 Upgrade Guide – Upgrade Clients
Our preferred way to update our clients is by using the Client Upgrade feature: (You can refer to our complete post documenting this feature)
- Open the SCCM Console
- Go to Administration / Site Configuration / Sites
- Click the Hierarchy Settings in the top ribbon
- Select Client Upgrade tab
- The Upgrade client automatically when the new client update is available to the checkbox is enabled
- Review your time frame and adjust it to your needs
Reconfigure SQL Server AlwaysOn availability groups
To complete SCCM 2303 Upgrade Guide, if you use an availability group, reset the failover configuration to automatic. For more information, see SQL Server AlwaysOn for a site database.
Reconfigure any disabled maintenance tasks
If you disabled database maintenance tasks at a site before installing the update, reconfigure those tasks. Use the same settings that were in place before the update.
SCCM 2303 Upgrade Guide – Monitor SCCM Client Version Number
SCCM Reports Client Version
You can see our SCCM Client version reports to give detailed information about every client version in your environment. It’s the easiest way to track your client updates.
In conclusion, you can create a collection that targets clients without the latest client version because is very useful when it comes to monitoring a non-compliant client.
Here’s the query to achieve this: (You can also refer to our Set of Operational Collection Powershell Script which contains this collection)
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.9106.1008'