Updating Configuration Manager in Offline Mode with the Service Connection Tool

Hey everyone, Chris Vetter Premier Field Engineer at Microsoft here to go over updating Configuration Manager Current Branch in an Offline environment. I have installed the Baseline version 1902 of Configuration Manager Current Branch and I am going to walk you through installing the Service Connection Point Role in Offline mode then we will use the Service Connection Tool to upgrade our environment.

The service connection point is what connects to Microsoft cloud service and transmits the telemetry data for your environment and sends the latest update packages and hotfixes down to your console for install. When we are in an air-gapped (disconnected) environment we unfortunately cannot utilize this feature in this way. So how do we get updates for Configuration Manager? We will use the service connection tool and a machine with an internet connection to get our update package information. After which we will import that data into the console and go through the update process. If you do not have access to a machine where you can utilize an internet connection to get your data, then I would suggest opening a free case with Microsoft CSS to get your update package information.

Install Service Connection Point (Offline Mode)

Let's get started. Open your freshly installed ConfigMgr console and go to the administration tab select the Site configuration dropdown and select the Servers and Site System Roles node. Select your highest-level site server on o my case it is a primary site server.


Select Add System Roles from the Tool Ribbon.


On the General Tab of the Add Site Systems Roles Wizard leave the default selections and click next



On the next tab enter any proxy information from your . If none of your ConfigMgr traffic is going through a proxy, then just click next.



On the System Role Selection tab, we will select the Service Connection Point role.



Next, we need to specify the mode for our service connection point. We will select the Offline, on-demand connection radio button then click next.



Confirm your settings then click next. Once the progress had completed verify the role was added successfully click close.



Use Service Connection Tool

Now we will discuss using the service connection tool. The service connection tool can be found in the installation directory of the Primary site or Central Administration site (CAS) and must be used on the highest-level site. The service connection tool will can used in four phases

  • Prepare – Here we will prepare the .cab file with telemetry data to transmit our information to the Microsoft cloud service
  • Export – This is optional, but some customer may be hesitant to do this process because they are not aware what information is being given. This will export all the information from the .cab to an Excel file you can share with the customer to assure none of their protected data is at risk.
  • Connect – Here we will connect to the cloud service to receive the update package files that are applicable for our upgrade
  • Import – Here we import the update package files into ConfigMgr so we can download and perform the update.


So now we will prepare the usagedata.cab with our telemetry data. Open an administrative command prompt window and first we must create a directory for out .cab file I am creating the directory on my e: drive so first lets change our command prompt to the E: drive by typing E: then press enter.

Now use the command mkdir e:USB and press enter this should create the directory on the root of the E: drive.



Now we will use the cd command to change to the directory for the service connection tool type.

Cd “E:Program FilesMicrosoft Configuration Managercd.latestSMSSETUPTOOLSServiceConnectionTool”

This will change out working directory to the Service connection tool folder. Now type the following command…

ServiceConnectionTool.exe -prepare -usagedatadest e:USBusagedata.cab then press enter.



Check the ServiceConnectionTool.log to make sure there were no errors…



…and verify your .cab file is larger than 1kb.




Now use your approved transport method (thumb drive, Ext. HDD, etc.). Copy the USB directory containing your usagedata.cab and copy the Service Connection Tool directory to a machine with Internet access. Once you have copied everything over to the internet connected machine, open an administrative command prompt create a directory where we can download the update packages, I created this in the USB directory where the usagedata.cab resides.

Mkdir c:_holdUSBUpdatePacks



There are different switches we can use with the connect step which I listed below:

  • -downloadall This option downloads everything, including updates and hotfixes, regardless of the version of your site.
  • -downloadhotfix This option downloads all hotfixes regardless of the version of your site.
  • -downloadsiteversion This option downloads updates and hotfixes that have a version that is higher than the version of your site.

I will use the -downloadsiteversion switch in this guide. Now let us use the cd command to set the location to where you copied the service connection tool. Type the following command:

ServiceConnectionTool.exe -connect -downloadsiteversion -usagedatasrc c:_holdUSB -updatepackdest c:_HoldUSBUpdatePacks



Verify the download is successful in the ServiceConnectionTool.log.



Now we can move the UpdatePacks folder and its contents back to our server and perform the   phase of the Service Connection Tool


Once you have copied the update packages back on your server open your administrative command prompt window and change to the where you copied the files and we will run the following command line to import the updater packages into Configuration Manager:

ServiceConnectionTool.exe -import -updatepacksrc e:USBUpdatePacks

Check the ServiceConnectionTool.log for successful import



Now we should be able to see the available updates in the console. Go to the Administration tab then Updates and servicing. We are going to Select version 1910 then select download from the ribbon



Check the dmpdownloader.log for progress and errors.

Perform upgrade

Now that our 1910 update package is ready to install, we are going to run a prerequisite check.

This will let us know if there are any components that will cause the update to fail in their current state. Now click on the 1910 update then click Run prerequisite check from the ribbon.



You can check the status of the prerequisite check on the monitoring tab, under Updates and Servicing.

When the prerequisite check is complete, verify all steps completed without error.



Now we can go back to the administration tab and start the upgrade. Click the 1910 upgrade package then click Install Update Pack in the ribbon to launch the wizard.



On the first page of the wizard check the “Ignore any prerequisite check warnings and install this update regardless of missing requirements” box since we have already ran a prerequisite check and verified all requirements. Then click next.



On the next page enable any features that are included in this update pack. This can also be done after the upgrade process. Click next



Next, select your option for upgrade the clients in your environment. I do not have a pre-production collection, so I am selecting upgrade without validating. Click next



Check the box accepting the license terms and click next



Review the summary and click next. When complete, click close.



Monitor the hman.log and cmupdate.log for progress and any significant errors. This process can take up to a couple hours or more depending on the size of your environment. When the update process is complete open the Configuration Manager console (it should prompt you to update) And verify you are now on Version 1910 by clicking the arrow in the top left corner and selecting About Microsoft Endpoint Configuration Manager.



You may now repeat the process for any future updates or hotfixes that need to be applied.


The sample are not supported under any Microsoft standard support program or service. The sample are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

Disclaimer 2

All screenshots and folder paths are from a non-production lab environment and can/will vary per environment. All processes and directions are of my own opinion and not of Microsoft and are from my years of experience with the configuration manager product in multiple customer environments.


Service Connection Point Role – https://docs.microsoft.com/en-us/configmgr/core/servers/deploy/configure/about-the-service-connection-point

Service Connection Tool – https://docs.microsoft.com/en-us/configmgr/core/servers/manage/use-the-service-connection-tool


This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.