1.) When running the SCCM Setup Wizard and choosing “Modify SQL Server configuration” there does not appear to be an adequate preflight check to ensure Config Manager is running with full administrative rights to A) operating systems, B) SQL instances and C) Config Manager itself. These permissions are (obviously) critical to a SQL configuration change. In enterprise environments, setup.exe should be reaching out to check rights to all the things it needs to modify (file system, registry, certificates, etc.) before it executes the changes. Partial modification of the configuration has catastrophic results.

2.) Execution of the SQL configuration change does not perform quite enough validation during modification to determine that each small change was successful, with errors listed in the setup.log. It is possible for setup.exe to complete with success according to the GUI, but ultimately fail to create certificates, registry changes, and propagate SQL broker updates.

3.) Documentation around how to effectively prepare and run the “Modify SQL Server configuration” could use improvements in the areas of A) minimum rights required to the OS CAS, PRI, SQL systems and CM, B) stopping site components C) detaching a database D) copying database files E) attaching and configuring the new database, F) running setup wizard with more detail around what setup.exe performs, and how long it takes... and last G) how to validate the changes were successful with SPDiagDRS and Replication Link Analyzer.

If you install Hyper-V on Windows 10, it will create a default adapter and randomly create an IP address, usually in the 172.x.x.x subnet. If by chance, you have a boundary that this random IP address falls into, the SCCM client will think it is part of this boundary, in addition to the boundary associated with it's physical NIC. The client considers both boundaries to be a Current boundary group and will therefore potentially download content from DP's associated within either boundary. In most situations, this additional DP will likely be across a WAN link which of course can cause issues.

TL;DR: Make Phased Deployments for Applications the same as Phased Deployments for Task Sequences where you can create up to 10 phases and manually initiate the second phase of deployment.

Explanation:
Currently in 1806 although you can create a phased deployment for an Application, you're limited in two key areas:

1) You cannot manually create phases for an application
2) You cannot manually begin the second phase of deployment for an application
3) You are limited to 2 phases for an application

In our environment we follow a controlled graceful deployment process where an Application Model application is deployed office-by-office to prevent flood of support calls should an unexpected situation arise. Since we have multiple offices across the globe, a single application may have as many as 13 deployments, although it's typically around 6.

Phased Deployments is the solution here but it's usefulness in the context of Applications is limited. If it could match features available in Task Sequence deployments it would be of significant value.

Documentation:
https://docs.microsoft.com/en-us/sccm/apps/deploy-use/deploy-applications
https://docs.microsoft.com/en-us/sccm/osd/deploy-use/create-phased-deployment-for-task-sequence?toc=/sccm/apps/toc.json&bc=/sccm/apps/breadcrumb/toc.json
https://docs.microsoft.com/en-us/sccm/osd/deploy-use/create-phased-deployment-for-task-sequence

In the interest in making my OS deployment task sequences as fast and as optimized as possible, I always optimize WIM files anytime they're updated or re-created.

In my build/capture task sequence, I add a step at the very end before capture to run DISM /StartComponentCleanup /ResetBase so that all of the superseded updates are removed from the base image before it is captured. This results in a smaller WIM file and obviously, faster deployment times.

With the built-in Offline Servicing option for OS images, once new updates are added, they remain in the component store of the image when the image is unmounted, and also, all of the deleted/superseded files still remain inside the [DELETED] folder in the root of the WIM database because the image is not exported once it is updated by Configuration Manager so the WIM file continues to grow larger and larger every time it is updated using Offline Servicing.

Presently, I have a script I've created, 'Optimize-WIMFile.ps1', that I run against the WIM file source after it is updated via Offline Servicing that does the following:
- Mounts the specified OS WIM
- Runs 'DISM /Image:Mount /StartComponentCleanup /ResetBase' if
the image supports it (i.e. OS version greater than Windows 7)
- Unmounts the WIM
- Exports the WIM file to remove all deleted or replaced data using
DISM module's Export-WindowsImage

Since Offline Servicing is already mounting the WIM for you on the server when updating it, there should be an option (a simple checkbox would suffice) to "Remove superseded updates" after the image is updated that essentially runs DISM /ResetBase against the WIM while it is still mounted before unmounting it.

After the WIM is updated and unmounted, it should then be exported to clean up the removed data - I'm not sure why this is not already a default. The WIM file will only grow in size with all of the old deleted junk every time you update it if it is not exported. You could even make an option for this as well with a drop-down menu that lets you choose the compression level on the WIM when exporting to the final image.

I've tried to automate this process completely by making a script that triggers the OfflineServicing schedule on all of my OS images in Configuration Manager and then calls my Optimize-WIMFile script, but the problem is that I can't find any way to track status of the offline servicing on each image to know when it's safe to begin optimizing the WIM, as Get-CMOperatingSystemImageUpdateSchedule is not returning anything when the schedule is created to run immediately so I have to wait for all of the servicing to complete, and then manually run the optimizations.

This would make sooo much more sense to have built-in to the OfflineServicing since it's literally two simple commands run against the WIM. Please take it into consideration!

My idea is to have the scenario described below supported.

When running Save-CMSoftwareUpdate command on a CMSite-PSDrive that connects to a ConfigMgr site in a different domain (used Get-Credential to pass credentials in New-PSDrive call) than the user account the PowerShell window is running as, I get error 'The RPC server is unavailable'.

I can successfully change location to the PS drive, and run other ConfigMgr PS cmdlets.

Commands:
New-PSDrive -Name <sitecode> -PSProvider 'CMSite' -Root <siteserverFQDN> -Credential (Get-Credential)
Set-Location <sitecode>:
Save-CMSoftwareUpdate -SoftwareUpdateName <name> -DeploymentPackageName <name> -Verbose

Verbose output from Save-CMSoftwareUpdate call:

VERBOSE: Start: Execution of WQL query: Select * from SMS_SoftwareUpdatesPackage where Name='Office 2016'
VERBOSE: Finish: Execution of WQL query: Select * from SMS_SoftwareUpdatesPackage where Name='Office 2016'. Processed 1 results in 00:00:00.0533413.
VERBOSE: Performing the operation "Save" on target "SoftwareUpdate: Name="Office 2016"".
VERBOSE: Start: Execution of WQL query: SELECT * FROM SMS_SoftwareUpdate WHERE LocalizedDisplayName IN ( 'Update for Microsoft Office 2016 (KB4018322) 64-Bit Edition' )
VERBOSE: Finish: Execution of WQL query: SELECT * FROM SMS_SoftwareUpdate WHERE LocalizedDisplayName IN ( 'Update for Microsoft Office 2016 (KB4018322) 64-Bit Edition' ). Processed 1 results in 00:00:00.0858704.
VERBOSE: Start: Execution of WQL query: select distinct cic.ContentID from SMS_CIToContent cic where cic.CI_ID=16796196 and cic.ContentID not in (select pc.ContentID from SMS_PackageToContent pc where pc.PackageID='ECN0006C') and (cic.ContentLocales='Locale:0' or cic.ContentLocales = 'Locale:9')
VERBOSE: Finish: Execution of WQL query: select distinct cic.ContentID from SMS_CIToContent cic where cic.CI_ID=16796196 and cic.ContentID not in (select pc.ContentID from SMS_PackageToContent pc where pc.PackageID='ECN0006C') and (cic.ContentLocales='Locale:0' or cic.ContentLocales = 'Locale:9'). Processed 1 results in 00:00:00.0000256.
VERBOSE: Start: Execution of WQL query: select * from SMS_PackageToContent where ContentID=16790019 and PackageID='ECN0006C'
VERBOSE: Finish: Execution of WQL query: select * from SMS_PackageToContent where ContentID=16790019 and PackageID='ECN0006C'. Processed 0 results in 00:00:00.
VERBOSE: (SMS_PackageToContent.ContentID=16790019,PackageID='ECN0006C') does not exist or its IsContentValid returns false. We will (re)download this content.
VERBOSE: Using 64-bit content downloader
VERBOSE: Downloading update content CI_ID='16790019' Content Source Path='\\ecn-badcm\updatePackages\Office 2016' Download Location='' Provider='ecn-badcm.BoilerAD.Purdue.edu' Second Chance='False'
VERBOSE: Result: 1722 (0x000006ba)
Save-CMSoftwareUpdate : The RPC server is unavailable
At line:1 char:1
+ Save-CMSoftwareUpdate -SoftwareUpdateName "Update for Microsoft Offic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidResult: (Microsoft.Confi...reUpdateCommand:SaveSoftwareUpdateCommand) [Save-CMSoftwareUpdate], Win32Exception
+ FullyQualifiedErrorId : DownloadContentError,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.SaveSoftwareUpdateCommand

Save-CMSoftwareUpdate : The following updates failed to successfully download: Update for Microsoft Office 2016 (KB4018322) 64-Bit Edition
At line:1 char:1
+ Save-CMSoftwareUpdate -SoftwareUpdateName "Update for Microsoft Offic ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Confi...reUpdateCommand:SaveSoftwareUpdateCommand) [Save-CMSoftwareUpdate], InvalidOperationException
+ FullyQualifiedErrorId : DownloadUpdateFailed,Microsoft.ConfigurationManagement.Cmdlets.Sum.Commands.SaveSoftwareUpdateCommand