Upgrading to System Center Configuration Manager 2012 R2

What’s new in Configuration Manager 2012 R2

I won’t go into great detail of what’s new since it’s fully outlined in detail at https://technet.microsoft.com/en-us/library/dn236351.aspx

And here’s the latest documentation library, newly updated for 2012 R2 https://technet.microsoft.com/en-us/library/gg682041.aspx

However, some of the more welcome and exciting new features for me are:

• New ‘Certificate registration point” role provides certificate enrollment for devices that Configuration Manager manages.
• A new Resultant Client Settings option allows you to view the effective client settings that will be applied to the selected device.
• Ability to reassign clients, including managed mobile devices, to another primary site in the hierarchy, individually or in bulk.
• Wipe and retire functions now include the option to only remove company content from devices.
• Deployment of remote connection profiles that allow users to remotely connect to work computers from the company portal, when they are not connected to the domain or if they are connected over the Internet.
• Deployment of user and device certificates for managed devices by using the Simple Certificate Enrollment Protocol (SCEP) for Wi-Fi and VPN connections on iOS, Windows 8.1, RT 8.1, and Android.
• Deployment of root certification authority (CA) certificates and intermediate CA certificates, so that devices can create a chain of trust when they use server authentication for network connections
• Deployment of Wi-Fi profiles that provision devices with the settings and certificates that they need to access corporate Wi-Fi hotspots on on iOS, Windows 8.1, RT 8.1, and Android.
• New maintenance window dedicated for software updates installation.
• You can now change the deployment package for an existing automatic deployment rule.
• You can now preview software updates that meet the property filters and search criteria that you define in an automatic deployment rule.
• Web applications – a new deployment type that allows you to deploy a shortcut to a web-based app on users’ devices.
• Support for boot images based on Windows PE 3.1.
• Virtual hard disk management which allows you to create and modify virtual hard disks, and upload them to Virtual Machine Manager.
• New task sequence steps (For more information about task sequence steps, see Task Sequence Steps in Configuration Manager):
  • Run PowerShell Script
  • Check Readiness
  • Set Dynamic Variables
  • SMSTSDownloadRetryCount
  • SMSTSDownloadRetryDelay
  • TSErrorOnWarning
  • _TSAppInstallStatus
• Pull-distribution points support the prioritization of their source distribution points.
• Pull-distribution points push status for completed actions to the site server (instead of distmgr having to poll each Pull DP periodically).
• From the Distribution Status node in the Monitoring workspace of the Configuration Manager console, you can cancel distributions that are in progress to a distribution point, and redistribute distributions that have failed.  SWEET!
• You can use the new built-in report named Distribution point usage summary to view details about how individual distribution points are utilized, including how many unique clients access the distribution point, and how much data transfers from the distribution point.  REALLY SWEET!
• Clients that use Windows BranchCache to download content and that have a download interrupted now resume the download where it left off, without having to restart the download from the beginning.  NICE!
• These additional (and very exciting!)
• optimizations are introduced to improve performance during deployment of content:
  • Each time Configuration Manager transfers content to a distribution point, it calculates the speed of the transfer. During subsequent content deployment, this information is used to prioritize which distribution points receive content first. This is done to maximize the number of distribution points that receive content in the shortest period of time.
  • To improve concurrent distributions, when Configuration Manager validates content on distribution points, it validates up to 50 files during each WMI call to a distribution point. Prior to R2, we used a single WMI call to a distribution point to validate each individual file.
• Reports are now fully enabled for role-based administration. The data for all reports included with Configuration Manager is filtered based on the permissions of the administrative user who runs the report. Administrative users with specific roles can only view information defined for their roles.

<Uber Important Stuff!!!>

Be sure to read through the planning article and notes at https://technet.microsoft.com/library/gg682075.aspx to understand interoperability behaviors between ConfigMgr versions if you’ll be running mixed versions.  Your ConfigMgr 2012 hierarchy must be running a minimum of 2012 SP1 in order to upgrade to 2012 R2.

Then read the planning to upgrade to 2012 R2 article at https://technet.microsoft.com/en-US/library/jj822981.aspx#BKMK_PlanningR2Upgrade.  There is a nice R2 upgrade checklist there that you should follow prior to upgrade, which includes testing the upgrade process against a copy of your site database, disabling any database replicas, disabling 3 specific site maintenance tasks, etc.

Remember, uninstalling Service Packs or R2 is not supported, so make sure you don’t rush through it and you’ve completed the recommended actions on the checklist!

Post R2 updates of importance:

Description of Cumulative Update 3 for System Center 2012 R2 Configuration Manager https://support.microsoft.com/kb/2994331

</Uber Important Stuff!!!>

If you’re close to or above 100,000 clients, have an above average amount of politics, or just enjoy extra complexity and therefore have a CAS, start the process on the CAS and work your way down the hierarchy.  Otherwise, just upgrade your stand-alone primary and you’re done.

Now that you’re drooling over all the new features you’re about to get which will make your life easier and more complete, let’s get on with the fun part!

The 2012 R2 Upgrade Process…

Step 1:  Uninstall Windows 8 ADK (Shows as 8.59.225584 in Programs and Features)

Step 2:  Download Windows 8.1 ADK from https://www.microsoft.com/en-us/download/details.aspx?id=39982.   If you have more than one site server to upgrade, select the option to Download for installation on a separate computer.  This will save you some time on the remaining site servers.  Otherwise, if you’re lucky and only have one site server, select the option to Install the ADK to this computer.

Step 3: Select Deployment Tools, Windows PE, and USMT and click ‘Install’ .

Once the ADK installation is complete, run the splash.hta within the Configuration Manager 2012 R2 ISO.

The next few screens should be pretty self explanatory, so I’ll safe you some bandwidth and forgo going into to much detail.  However, I have pasted them below for your reference so you will know what to expect during a smooth R2 installation – which I’m sure you will have!

The product key is the same product key you entered during your Configuration Manager 2012 installation, unless you’re installing the evaluation edition.

If you are installing the R2 upgrade to more than one site server, be sure to download the required files to a UNC path so you can re-use them on the next site server upgrade.

The prerequisite check will run, and if your SQL installation isn’t local, it will remind you of the importance of reserving a minimum of 4GB for a secondary site SQL database and 8GB for a primary site SQL database.  Hopefully you have already done this recommendation during your initial site database installation.  If not, make sure it’s on the top of your to-do list!

Be sure to resolve any other critical issues that may come up during this check.  If you have any site roles running on a server in an untrusted domain, you’ll likely see some warnings about not being able to pre-check those servers, but they won’t prevent you from proceeding.

Once completed, you’ll have a nice stack of green checkmarks, or if upgrading a Primary site, for a period of time you’ll likely see some green checkmarks, and some blue arrows in a circle.  Monitor sitecomp.log to see any additional site roles on remote servers being upgraded, and if you haven’t closed this dialog, you’ll notice that eventually all the blue arrows in circles turn into green checkmarks.

For an extra-extra confirmation, click the ‘View Log’ button, and you’ll see a log entry letting you know that your site upgrade completed without any issues.

Repeat this same process for any primary sites you might have until all of your sites are completely upgraded.

Once all sites are upgraded, upgrade any stand-alone ConfigMgr Admin consoles.  The Admin Console on each site server will be automatically upgraded, so you can use these to check things out after the upgrade.  For R2, the site version is 5.00.7958.1000.  Clients will show version 5.00.7958.1404 once upgraded to CU3.

Allow some time for your site resets to complete and any DRS replication to resume normal operations, and check out your Monitoring section in your shiny new admin console to insure things are replicating and happy.  Don’t be alarmed if your DRS monitoring link state shows “Link Degraded” for a little while.  I recommend waiting a good 15-30 minutes to allow DRS to get caught up before starting to worry.  Monitor your rcmctrl.log on each site server, and rcm.box inboxes to watch the BCP processing the cab files process and to verify replication is resuming normally.

If you have Automatic Client Upgrades enabled, clients will automatically upgrade to the new R2 client version within the number of days you have this feature set for.  If not, you will need to push out the new client version out using SCUP or by creating a package using the content from the Configuration Manager Client Package which was automatically updated and distributed to your DPs after the upgrade process.

To upgrade all your remote administrator consoles, you can use the following Collection query:

select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM. SMSUniqueIdentifier, SMS_R_SYSTEM. ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileVersion < “5.0.7958.1000″ and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = “Microsoft System Center 2012 Configuration Manager Console”

  

Enjoy all the new features!!!

Comments

• Anonymous
  January 01, 2003
  The best way to avoid any restart requirements would be to pre-deploy all minimum requirements which may require a reboot in advance. If a specific pre-requisite is not listed in software updates, you could deploy them as a package or application in instead.

• Anonymous
  January 01, 2003
  Yes, SCCM relies on WSUS underlying framework to deliver updates. So WSUS is a requirement but easy to install. If you use Server 2012 or 2012 R2 OS for your WSUS server (which you should) you won't need any WSUS hotfixes, so this is what I recommend for the OS WSUS is on. If your environment is not large or you have an abundance of compute power, you could run the WSUS/SUP role on the primary site server. Typically I recommend off-loading whenever possible, but I work in some moderate-large sized environments. Install WSUS role and then add the SUP role and SCCM will take the config from there. Do not do any configurations in WSUS admin console, and find out what WSUS GPOs you're applying (if any) and be very careful which you do apply. SCCM does not need many as the SCCM client defines the client updating activities through its policies.

• Anonymous
  January 01, 2003
  No, that's considered an update not an upgrade.

• Anonymous
  January 01, 2003
  Add/Remove Programs

• Anonymous
  January 01, 2003
  Great job! Thanks

• Anonymous
  January 01, 2003
  Actually the new version is listed as "System Center 2012 R2 Configuration Manager Console" when looking in ARP, without the "Microsoft" before it.

• Anonymous
  January 01, 2003
  Hi Russ, thanks for posting this. It was helpful for our upgrade to R2.Your Collection query to upgrade the remote administration consoles is wrong, though. It is looking for computers with "System Center 2012 R2 Configuration Manager Console" installed, but it needs to be looking for "Microsoft System Center 2012 Configuration Manager Console". Checking the version number is redundant because the product name string for the new version is "Microsoft System Center 2012 R2 Configuration Manager Console", so the query below is sufficient:select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "Microsoft System Center 2012 Configuration Manager Console"One other note: the "straight quotes" in your query string got turned into typographic quotes.

• Anonymous
  January 01, 2003
  Thanks Russ will give it a try

• Anonymous
  January 01, 2003
  The comment has been removed

• Anonymous
  January 01, 2003
  Not sure what you mean by "Where can I see the update R2 for the client." It doesn't create a separate package to push out, it updates the client bits and distributes them to all your DPs, and if you have automatic client upgrade enabled, it upgrades them automatically.

• Anonymous
  January 01, 2003
  The comment has been removed

• Anonymous
  January 01, 2003
  The only requirement for Silverlight comes from the Software Center and Application Catalog. If you do not plan to allow any self-service from managed workstations (even for your technicians), you can choose not to deploy Silverlight to those individual clients.

• Anonymous
  January 01, 2003
  As long as you have no x86 clients that will work OK.

• Anonymous
  January 01, 2003
  Thank you So Much - I will follow your advice. ... Russ,You have a happy New Year!!

• Anonymous
  January 01, 2003
  Thank you So Much - I will follow your advice. ... Russ,You have a happy New Year!!

• Anonymous
  January 01, 2003
  Hi Mitch, yes they are, I was actually going to update this a couple weeks ago and am having some challenges with my blog app, but will get it updated asap!
  Thanks

• Anonymous
  January 01, 2003
  Hi Russ,I've a primary site & site wide client push installation is enabled. Can we add below parameter under Installation properties of Client Push Installation settingsPATCH=\ServerSiteCodehotfixKB2905002Clientx64configmgr2012ac-r2-kb2905002-x64.mspso that whenever a new machine gets discovered by SCCM, client should be installed along with this patch on the machine to reduce the overhead! Thanks

• Anonymous
  January 01, 2003
  Hi Russ, where can I see the Update R2 for the Client. The R2 Update on the Primary site is done (without Errors) but I see only the update for SP1. Please help me.

• Anonymous
  January 01, 2003
  Enable automatic client upgrade

• Anonymous
  January 01, 2003
  Hi Russ,Thank you for the post, however after installing the Windows 8.1 ADK, the splash.hta does indicate that it has detected a previous installation, but it does not give the option to upgrade, the only options available are "Recover a site" and "Uninstall this Configuration Manager site".I thank you in advance for your help.

• Anonymous
  January 01, 2003
  Russ, Thank you for everything you do for us.Quick question, I currently do not have a WSUS Server, I am seting up a SCCM 2012 R2, can I use the software update Point Role to be able to update my Systems?Thank you

• Anonymous
  January 01, 2003
  Yes you can install straight from the 2012 R2 installation media. You can use TechNet docs @ http://technet.microsoft.com/en-us/library/gg712320.aspx

• Anonymous
  January 01, 2003
  Thanks for the quick reply, and good advice.
  
  I worked out in the end that I needed to add the visual studio products to the software update settings. Going to start working through those pre-reqs now.

• Anonymous
  January 01, 2003
  You cannot upgrade a site to System Center 2012 R2 Configuration Manager until all sites in the hierarchy run System Center 2012 Configuration Manager with SP1. The version of cumulative updates for Configuration Manager that are installed at sites is not evaluated and you can upgrade a System Center 2012 Configuration Manager SP1 site regardless of the cumulative update version that is installed, or even when no cumulative update is installed. http://technet.microsoft.com/en-us/library/jj822981.aspx#BKMK_UpgradeR2Checklist

• Anonymous
  January 01, 2003
  Hey Russ,
  
  I read here, http://anoopcnair.com/2013/10/25/configmgr-2012-client-upgrade-sp1-r2-reboot/, that the client upgrade can cause clients to reboot. If so what's the best way to avoid this from happening during working hours if using automatic client upgrade?
  
  Also the update which seems to be causing this is not listed in my Software Updates, so it seems I'm unable to roll this out prior to upgrading to R2.

• Anonymous
  January 01, 2003
  ... just to add to the above question, Will I need to setup WSUS server? in the previous versions of sccm, my understanding was that SCCM software update leverages WSUS, is that still the case?

• Anonymous
  January 01, 2003
  No. You'll need to make sure you update the files that your GPO is using for the application assignment of the client install for new installs. I'm assuming this should work for the upgrade http://technet.microsoft.com/en-us/library/cc783421(v=WS.10).aspx but I would recommend testing first on a small test OU.

• Anonymous
  October 22, 2013
  Nice!

• Anonymous
  October 23, 2013
  This is an extremely useful article for those of us trying to deploy it quickly. Thanks.

• Anonymous
  October 24, 2013
  After upgrading to R2, are there any client-related tasks necessary?  We have all clients running CU3 at this point.

• Anonymous
  October 24, 2013
  Yes you must also upgrade all your clients as well through any of the supported methods.

• Anonymous
  October 24, 2013
  So, lets say you've got 130 Secondary Sites attached to a single Primary site. No CAS. Will those secondary sites continue to function for, say, OSD after the R2 upgrade occurs on the Primary and the the new WinPE is distributed out to all of my PXE-enabled secondary sites? Or do they need to be upgraded to R2 via the console before they will work?

• Anonymous
  October 24, 2013
  They will continue to work.  This should help answer your question: technet.microsoft.com/.../jj822985.aspx

• Anonymous
  November 01, 2013
  Dropped this into my OneNote before I noticed you were the author

• Anonymous
  November 01, 2013
  Thanks, whoever you are! LoL

• Anonymous
  November 03, 2013
  The comment has been removed

• Anonymous
  November 03, 2013
  The comment has been removed

• Anonymous
  November 09, 2013
  Anyone able to get the post r2 update. website leads to the netherworld

• Anonymous
  November 09, 2013
  Yes, I tested this morning and again just now using support.microsoft.com/.../2905002.  Try again?

• Anonymous
  November 12, 2013
  Hi Russ, Wanted to ask just upgraded the sccm primary and all the sec sites to R2. Also deployed KB 2905002 to the primary site. SCCM console and the site version in 5.0.7958.1000 however after installing the patch on the client the client verison increases to 5.0.7958.1101 is this right? site version less then the client version? Secondly..it didnt update the default client package with this update so what needs to be done to incluse this update in the Build?

• Anonymous
  November 12, 2013
  That's correct, the admin console version and site version will still show 5.00.7958.1000 and the client version will be .1101.  You can deploy the update as a required deployment, use SCUP to deploy it, integrate it with the PATCH= command, etc, as it will not be merged into the client install so you'll always install the R2 client and then install the upgrade next.

• Anonymous
  November 12, 2013
  Hi RUss, Thansk for a qucik reply. I am not across how to use scup? Can you elaborate on how to use SCUP to deploy it and integrate it with the PATCH= command?

• Anonymous
  November 12, 2013
  Hi Russ, One more thing I noticed in v_ActiveClients table the client version still shows at 5.00.7958.1000

• Anonymous
  November 12, 2013
  Good SCUP how-to here blog.coretech.dk/.../The-complete-guide-to-System-Center-Updates-Publisher-2011-V1.01.pdf.  Or if you decide to use the patch= parameter see blogs.msdn.com/.../manage-sccm-client-patch.aspx v_ActiveClients will show the clients @ v .1000 until you push out the patch to them and they run their next data discovery cycle.

• Anonymous
  November 12, 2013
  Thansk for the link going through it now. I have installed the patch on my PC and can see the new version on the config manager console in control panel. I have run all the discovery cycles and its still says v .1000 in v_activeclients. any idea?

• Anonymous
  November 12, 2013
  You should just need to run the Discovery Data Collection Cycle after upgrading the client.  Check your configuration manager applet in control panel on your client and make sure the upgrade installed and SMS Agent Host service restarted afterwards - it can take a few minutes.  Then run the Discovery Data and wait a bit for it to process.  And if you have a CAS and are connecting to it vs the primary the clients are assigned to, it will take a few more minutes for it to replicate (or you can connect your console to the primary to check it there.)

• Anonymous
  November 13, 2013
  Hi Russ, Thanks for your help and prompt reply.

• Anonymous
  November 20, 2013
  Hi Russ, Thanks for the awesome article.  If we are running our site database on a full version of Microsoft SQL 2008 R2 do we need to do anything differently before, after, or during the installation of the upgrade? Thanks in advance!

• Anonymous
  November 20, 2013
  Not sure what you mean by a full version (you can't use SQL Express for a primary site), but just make sure you're running at least the minimum supported SP/CU combination for SQL 2008 R2 (SP1 CU6 or SP2).

• Anonymous
  November 21, 2013
  The comment has been removed

• Anonymous
  November 21, 2013
  Need the exact error from smspxe.log, haven't seen this one before.

• Anonymous
  November 27, 2013
  Hi Russ, Can I check the situation with upgrading clients.  Would previous clients , like say 2012 CU2 clients, still be visible to the new 2012 R2 console?  We are looking to jump from 2012 CU2 to R2.  We do not want to lose visiblity of workstation and server clients.

• Anonymous
  November 29, 2013
  Hi Russ, Just to make you aware I had an issue with my management points where the difference in version number between the site and client was preventing the client from installing on management point machines. I had to delete the CN= folder from system>system management in ADSI edit before I could manually upgrade the client and push the management point upgrade through.

• Anonymous
  December 05, 2013
  Good explanation

• Anonymous
  December 07, 2013
  Nice post! If I have Automatic Client Upgrades enabled, do I have to distribute content to all DPs first?

• Anonymous
  December 10, 2013
  Should we upgrade to Cumulative Update 3 before going to R2? Or just go straight to R2. Currently at SCCM 2012 SP1.

• Anonymous
  December 10, 2013
  Only if you're using Multicast.  If you aren't, going straight to R2 without CU3 is ok.

• Anonymous
  December 16, 2013
  The comment has been removed

• Anonymous
  December 16, 2013
  our environment has no SCCM can we deploy right to SCCM 2012 r2? could not find hardware requirements or install doco, any help is greatly appreciated.

• Anonymous
  January 22, 2014
  What do you mean by ARP?

• Anonymous
  January 24, 2014
  Hi Russ,Can you update from SCCM 2012 directly to R2? Or do I need to upgrade to SP1 fisrt?Thanks!

• Anonymous
  January 26, 2014
  Hi I installed the SCCM 2012 R2 and the client are still having this version 5.00.7804.1000. How to upgrade the client?

• Anonymous
  February 02, 2014
  The comment has been removed

• Anonymous
  March 17, 2014
  The comment has been removed

• Anonymous
  March 17, 2014
  Thank you for your quick answer, Russ. As i mentioned i am deploying the agente vby GPO (batch with switch to no sylverlight), is there any other way in this version where i can do this in the management console?
  
  Best regards,
  AG

• Anonymous
  April 05, 2014
  Nice article. Should change the collection query to not use a less than operator on a string value. that is bad practice and will result in unpredictable behavior.

• Anonymous
  May 16, 2014
  Does anyone know if this problem was fixed in R2.
  
  http://social.technet.microsoft.com/Forums/en-US/651e9006-adb8-4eb4-ac65-141765d235f0/system-center-endpoint-and-group-policy-results?forum=configmanagergeneral
  
  GPMC. I would always get an error that stated
  
  The following errors were encountered:
  
  Registry value "%windir%SecurityDatabase*.jrs" is of unexpected type.
  
  I know the solution is to use FEP2010GPTool to publish the exceptions to group policy, but that should not need to happen, Microsoft products should work better together. I bet the two departments are pointing fingers at each other. Group Policy team says "System Center team you fix it" , System Center team says "Group policy team you fix your reporting of the error"

• Anonymous
  July 14, 2014
  Excellent post Russ! Is it possible that the items listed in the Uber Important section are now included in CU1 or CU2? Thanks!

• Anonymous
  July 14, 2014
  Thanks Russ, that's super helpful!

• Anonymous
  July 31, 2014
  Hi Russ, very clear the steps, but after upgrading to R2 from sp1 cu3, and the client being updated as well to 79??.1000 , I am not able to capture an image from windows 8.1. I am using a TS created for capturing windows 8 (I pointed it to the new boot image) and is still working for capturing W8 reference computers. The process start well but crash capturing the operating system or maybe doing sysprep. Can you give me your opinion and where should I start looking for? I mean, which log files, similar problems posted online. Thanks in advance.

• Anonymous
  January 22, 2015
  thank you very much that is useful article