System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Revamp ConfigMgr's cluster patching, and remove it from PreRelease

Cluster patching feature was added in #SCCM CB 1602, but has been in prelease for a long time. It needs to:
1) Have improved/revamped UI
2) Remove dependency on collections
3) Orchestrate patching for any machines, not just servers/clusters
4) Remove the feature from prerelease

625 votes
Sign in
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Admindjam (Product Director, or Executive, System Center Configuration Manager) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →


Sign in
Sign in with: Facebook Google
Signed in as (Sign out)
  • peter kluver commented  ·   ·  Flag as inappropriate

    Looks like 1902 has this feature called "Server groups", however it is still in Pre-release. Any idea in what feature SCCM version it will be brought to release status?

  • Charlie commented  ·   ·  Flag as inappropriate

    Device Availability Groups are coming soon that will replace the old server groups (while DAG was the name chosen at MMS, if DJ gets his way it will be called Machine Orchestration Group, so keep an eye out for either name).

  • Dani Kuci commented  ·   ·  Flag as inappropriate

    Just upgraded to 1810, SCCM is still cluster-ignorant. When will this feature be introduced?

  • Marc commented  ·   ·  Flag as inappropriate

    This should have included direct connection to SCVMM or Hyper-V clusters to call that native Window Cluster Aware Update function. I get that for SQL and Exchange there would be some custom scripting required but for Windows and Hyper-V there are already built in CAU feature and triggering that process via PowerShell does not always deal with node drain correctly.

  • Juan Perez commented  ·   ·  Flag as inappropriate

    I just noticed the link in the cluster manager. Having cluster aware patching, would be a great feature. It doesn't have to be automatic either, just as long as it can be started and let it run. Beats hanging around to do one at at time.

  • bdam commented  ·   ·  Flag as inappropriate

    It'd be nice to have something official from the product team on this but I'll try and faithfully represent what I've heard djam say about this.

    This feature is not dead, otherwise it wouldn't be in the product anymore.

    The product team believes the GUI makes it nearly impossible to configure correctly (something something 'maintenance windows'). I'd like to get some clarification on this because I worked for a long time and reached a Sr Escalation Engineer who couldn't help me configure it correctly. He simply did some very quick tests and called it 'broken' (see bug reports below)

    The plan is to fix the GUI and re-write the back-end to ride over the BGB/Fast Channel used for the scripts and CMPivot features. Hopefully that fixes the locking issues and might even lead to some interesting reporting (dashboards dangit!)

    Remember, I'm just some rando guy on the internet but the scuttlebut is that they hope to work on this for 1810.

  • Glen Harrison commented  ·   ·  Flag as inappropriate

    Has this feature definately been killed off by MS? There's a post on technet from a guy saying he has had to point his hosts towards the internet for updates over configmgr. Unfortunately doing that means any sccm update reports won't show full complaince across the estate. Big no no for us as we need to prove all servers are patched.

  • Anonymous commented  ·   ·  Flag as inappropriate

    As I can understand, this feature is abandoned.
    It would be useful to:
    1) implement availanility sets with update domains
    2) implement pre- and post-update scripts running from run as acounts (it also possible to involve JEA approach)

  • Ben commented  ·   ·  Flag as inappropriate

    Is this feature dead or what? 2 years on and it's still in pre-release, no word anywhere about that changing, and it still doesn't work.

  • Benoit Machiavello commented  ·   ·  Flag as inappropriate

    Same problem here. First computer in the group can patch. Each other never get updates with the status "waiting for lock".

  • bdam commented  ·   ·  Flag as inappropriate
  • bdam commented  ·   ·  Flag as inappropriate

    Now that we have the 'Run a PowerShell Script' option it seems pretty obvious to use that feature here for the node drain scripts. That should fix the 512 character limit. Additionally, I hope it would make sense to then add a run-as feature to use service accounts for thinks like Exchange and SQL where workloads need to be moved and the local system isn't going to have that kid of access.

  • bdam commented  ·   ·  Flag as inappropriate

    For those looking for documentation:

    I just tried using this for the first time in 1702 and it would appear the script is limited to 512 characters. I have difficulty believing that's going to be enough. I had to condense and cheat just to get a script to run scheduled tasks.

    Which raises another suggestion here; we need to be able to run the scripts as a particular account. The machine account shouldn't have access to move Exchange/SQL resources.

  • Tom Brisby commented  ·   ·  Flag as inappropriate

    The server group functionality is nice, but I've been struggling to find any documentation describing what happens when deployments are applied to collections with this setting enabled. With no custom node drain or resume scripts applied, are the nodes simply rebooted without any sensitivity to the cluster resources? Are there any example node drain/resume scripts available? What I'd eventually like to see is a more true integration of Cluster aware updating and how that process proceeds with SCCM. Right now, SCCM can be used to select specific patches to place in a SUG and then deploy them, but using SCCM to patch clusters is still nebulous and feels..dangerous. Cluster aware updating is much healthier for the clusters, but doesn't have any connection to SUGs in SCCM meaning that WSUS has to be directly managed as well.

  • Brian commented  ·   ·  Flag as inappropriate

    It would be prudent to 1. include basic documentation on use of feature 2. the feature does appear to be functional but has issues in 1606, tech preview for 1609 does not even mention this feature or improvements to it. 3. This feature should be a number one priority as it is a basic requirement for datacenter automation. 4. No new version preview or production should be released without updates to this feature which is currently broken.

← Previous 1

Feedback and Knowledge Base