Change Configuration Manager Site Server OS – In-place Upgrade Reference


My name is Herbert Fuchs and together with other members of the Customer Success Unit and the Customer Service & Support Organization we want to help our Customers with This Blog-Series. We gathered information and put

our field and support experience into this. Special thanks to our contributors, reviewers and content-writers, Wilhelm Kocher, Anthony Fontanez, Emilian Bucur, Pavel Yurenev, Anderson Cassimiro and Madalina Zamfir.

In this Blog we want to explain what is necessary to change the Operating System of a Server which hosts the Configuration Manager through an In-place Upgrade.

Since the early Versions of Configuration Manager Current Branch, it is supported to upgrade the Operating System to a newer Version through an In-place Upgrade:

Upgrade on-premises infrastructure – Configuration Manager | Microsoft Learn

The big advantage with this Method – it is a very fast Transition and has less prerequisites or preparation compared to Disaster , , or Site by Site Migration. However, it is important to mention that, even if it is supported, it is at the same time also not recommended (take a close look at the Message Prompt when you start the In-place Upgrade).

Before you start the In-place Upgrade – have the latest Backup of ConfigMgr-Site and the cd.latest of your Configuration Manager Version handy and stored in safe location. Better to be safe than say sorry. Your last resort of a Fallback is always Disaster . Of course, you can create Snapshots – but keep in mind that this is not a supported way of Restore/.
Backup sites – Configuration Manager | Microsoft Learn

But before we go into details let us clarify the method and what is supported:

IPU is a method through which you are using the same hardware where you aim to move for an existing OS release to a more recent one. For example, your server is running 2012 R2 you can upgrade it to 2019. With IPU you go from an older version to a newer one while keeping your settings, server roles and data intact.

Important to note here is – when you perform an IPU, you can upgrade to a newer version of by up to TWO Versions at a time. For example, in case your run Windows Server 2012 R2 you can upgrade straight to Windows Server 2019 but not Windows Server 2022.

The following Table summarize the supported upgrade path:


Overview of Windows Server upgrades | Microsoft Learn

It is also supported to use Inplace-Upgrade for VM's which are running in Azure:

Windows in-place upgrade – Azure Virtual Machines | Microsoft Learn

Advantages/Disadvantages of an In-place Upgrade:

The following table gives you an overview:



Fastest upgrade method

High risk of failure – potential compatibility issues

Lowest downtime

Transfer actual issues into the new OS

Retains existing data and settings

Risk of data loss due to corruption during the upgrade process

Improved security and supportability of the latest version

Impact on server performance – reduced performance during the IPU – negative impact on availability and responsiveness

Cost effective no need to get new hardware

Limited customization compared to a clean install (for instance change the Install Directory of ConfigMgr)

IPU OS Prerequisites:

Before we get started, please make sure you review the following prerequisites of the IPU:

  • Determine which version of Windows Server is supported by the upgrade path
  • The Hardware meets or exceeds the requirements for the Windows Server Version you want to upgrade
    Hardware requirements for Windows Server | Microsoft Learn
  • Have the Installation Media ready to use
  • A valid product key and activation method available
  • A Location to store files away from your computer.
  • Review the upgrade and migrate roles and Features
    Migrating roles and features in Windows Server | Microsoft Learn
  • Review the Microsoft Server Applications Compatibility article
    Windows Server 2022 and Microsoft server applications compatibility | Microsoft Learn
  • Review any third-party application vendors support requirements
  • Make sure you have installed the latest cumulative Update
  • Uninstall Windows Management Framework 5.1 (Windows Server 2012/R2)
  • Uninstall Third-Party Anti-Virus Solution (the solution might support the IPU, but to reduce the risk it is advisable to remove the solution for the IPU)
  • Create a Backup of your Configuration Manager through Built-In or SQL Backup
  • Save the cd.latest of your Configuration Manager in safe Location (not the Server which you want to Upgrade)
  • Backup the Categories and Products you configured:
# Get subscribed Categories
$UpdateConfig = Get-CMSoftwareUpdateCategory | where {$_.IsSubscribed -eq $true}
# List configured Categories
$UpdateClasses = $UpdateConfig | where {$_.CategoryTypeName -eq ‘UpdateClassification'} | Select LocalizedCategoryinstanceName
$UpdateClasses.LocalizedCategoryInstanceName | Out-File -FilePath C:tempSUPConfigClasses.txt -Force
# List configured Products
$UpdateProducts = $UpdateConfig | where {$_.CategoryTypeName -eq ‘Product'} | Select LocalizedCategoryinstanceName
$UpdateProducts.LocalizedCategoryInstanceName | Out-File -FilePath C:tempSUPConfigProducts.txt -For

Step by Step Guide

  • Make sure all components of ConfigMgr are healthy
  • If your SQL-Server is co-located with Configuration Manager, make a backup of the databases
    Task sequence stops after an in-place upgrade – Configuration Manager | Microsoft Learn
  • Uninstall the System Center Endpoint Protection – it blocks the Upgrade and will be replace with Windows
  • Remove the Software Update Point Role
  • Remove WSUS but keep the Database
  • Mount the Windows ISO and start the Setup-Wizard
  • Enter a Product-key
  • Choose the Image to Install Standard/Enterprise (Desktop Experience)
  • Accept License Terms and choose “Keep personal files and apps”
  • Hit the Install Button and Monitor the upgrade progress


  • Verify that your Windows and ConfigMgr Services are started, especially look at the SMS_Site_Component_Manager, SMS_Executive, Windows Process Activation and WWW/W3svc
  • Remove and Add the BITS Feature
  • Add the WSUS-Role
  • Run wsusutil.exe post install based on your Configuration (SQL/WID)
  • Run wsusutil.exe reset
  • Start a Site Reset and monitor SiteComp.log
    Modify infrastructure – Configuration Manager | Microsoft Learn
  • Add the Software Update Point again
  • Verifying the Categories and Products still exist
  • Verifying if the Content-Version between Clients and WSUS-Sync-Manager matches
— SQL Statements against your CM-Database
select MinSourceVersion from CI_UpdateCIs order by MinSourceVersion desc
select ContentVersion from WSUSServerLocations
select ContentVersion from Update_SyncStatus


Change the values of ContentVersion, Synctoversion and lastattemptversion to a value which is equal or higher than the highest content version of the site.

  • Review the Components and Status Messages
  • Verify DCOM OLE
    Navigate to HKEY_LOCAL_MACHINESOFTWAREMicrosoft Ole
    If the Reg-Binary MachineAccessRestriction/MachineLaunchRestriction has been renamed to old. DO NOT start an update of your Configuration Manager Site to the latest version. Instead raise a ticket to Microsoft CSS (Customer Service and Support)

In-place Upgrade SQL

Once you have successfully updated the Operating System of your Configuration Manager. You can also upgrade the SQL to higher Version.
Upgrade SQL Server – SQL Server | Microsoft Learn


When you use this procedure also to upgrade your SQL-Server to latest supported Version – Verify if you are using the Configuration Manager Bitlocker Feature and if you also configured of the Database. If your SQL Server is 2014 and below – you will face issues with the encryption Keys. The reason for SQL 2016 and higher is we use a stronger Cipher for the Encryption Certificate, and it will be necessary to escrow the Keys again. If you are running in this Scenario open a Ticket with Microsoft Customer Service & Support to get detailed instructions

We hope this Blog clarifies the In-place Upgrade Method, and helps you, if you must change the Operating System of your Configuration Manager, through this method.

The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.


This article was originally published by Microsoft's Azure Security Blog. You can find the original article here.