Fortsätt till huvudinnehåll

LIFT AND SHIFT CONFIGMGR CB


Summary

Not a lot of guides out there on how to Lift and Shift ConfigMgr (move ConfigMgr to a fresh OS and SQL, optional new hardware if you still use physical). Therefore i created an updated guide based on Jasons from 2017 (link in bottom) 

But some new functions and tools has arrived in ConfigMgr since then that i discovered needed special attention especially when using Azure cloud integration. Also tried to collect data from other sites to get it all in one place.

Lift and Shift comparing with Migration and inplace Upgrade

MigrationIn-place OS UpgradeLift&Shift
Fully SupportedYesYesYes
Preserves all configurationsNoYesYes
Re-installation of site rolesAllSomeSome
Redeployment or reconfiguration of clientsYesNoNo
Downtime requiredNoYesYes
Easy fallbackYesNoYes
Requires new hardware or virtual machineYesNoDepends*
Shared DPs or content re-distribution across WANYesNoNo
Involves “risky” OS in-place upgradeNoYesNo
* A site restore can be performed to the same hardware that’s had it’s OS updated via a wipe and load. This eliminates the easy fallback path and is a bit scary, but it works the same way

I especially like that "Easy fallback" nice to know if everything goes to a warmer place...

Data gathering 

First before we start of with some actual fun we need to do the booring stuff...We need to gather data of the old ConfigMgr enviroment. Ofcourse you have it all documented...but in case you haven't  i have collected the most important below in tables

Service Accounts

Collect service account used by ConfigMgr, SQL, web services, scheduled task.

Table 1

AccountsIISConfigMgrService
CM_NAA
Network Access
CM_WSWebServiceYes
SC_WSSoftware CenralYesSoftwareCentral







ConfigMgr Site/Server information

Some data below can be found on old SCCM server below registry: HKLM\Software\Microsoft\SMS\Identification

Table 2

Data             ValueNote
SiteCode
SiteName


LicensCode


ConfigMgr Install path

SQL install path		D:\Program Files\Microsoft Configuration Manager
C:\Program Files\Microsoft SQL Server\140\

Have below accounts ready to be used when installing ConfigMgr and SQLAdministrative Accounts

  • ConfigMgr Full administrator account
  • Local admin account on both new and old ConfigMgr server
  • SQL Server DBA owner account

Files

SQL Configuration.ini


Search all folders below [SQL Install Path]\Setup Bootstrap\Log\

If you want to make a silent install and didnt make a silent install the first time edit below line.
Edit and uncomment
UIMODE="Normal"
to
;UIMODE="Normal"

Command to install SQL

setup.exe /ConfigurationFile=D:\ConfigurationFile.ini /IAcceptSQLServerLicenseTerms

Old Site Server

  1. Perform a health check, minium check below
    1. ConfigMgr Console, check Site Status and Component Status
    2. Server, Check event logs
  2. Document all configurations that are external to ConfigMgr:
    1. Account passwords for accounts used in ConfigMgr (Monitoring namespace, Overview -> Security -> Accounts). Use table 1
    2. Service accounts and password:
      1. SQL Server
      2. SQL Agent
      3. SQL Server Reporting Services
    3. Custom share and NTFS permissions.
    4. Certificates in use in IIS as well as in ConfigMgr.
      1. EX:Azure Cloud management gateway cert
    5. Content source locations.
    6. ADK/MDT version.
  3. (Optional Step)If you will be restoring the site to a system with an upgraded operating system, remove the following roles from the site server (if they are installed on the site server):
    1. Software Update Point *
    2. Management Point *
    3. Distribution Point *
    4. · Reporting Point
  4. (Optional if above step is done)Wait for them to be removed fully. Check the sitecomp.log as well as the individual setup and removal logs files for each component as listed at Log files in System Center Configuration Manager.
  5. Stop and disable all ConfigMgr services on the site server as well as any remote management points:
    1.  - SMS_EXECUTIVE
    2.  - SMS_SITE_COMPONENT_MANAGER
  6. Backup everything!
    1. SQL databases. use Ola's SQL Maintenace Solution to easy backup all DB's
    2. Site server file systems --> cd.latest 
    3. Custom reports: How to Download All Your SSRS Report Definitions (RDL files) Using PowerShell.
  7. Stop and disable all SQL Server services:
    1. MSSQLServer
    2. SQLSERVERAGENT
  8. Rename the server to “oldserver” (or something appropriate). Renaming this server allows it to remain online and accessible when (not if) you forget something.
  9. Stop and disable IIS server
  10. Reboot.

New Server

  1. Build a new Windows server with same volumes and drive letters. Using a newer operating system is optional as long as the one you are using is supported. Now is a good time to move to Windows Server 2016/2019 even if this is just for a hardware refresh though (two cats, one bullet).
    1. Join the server to the domain. 
    2. Server Name:If you have not performed steps 8 and 9 above on the oldserver yet, use a temporary name for this new server and then rename it to the oldserver name after performing steps 8 and 9 above on the old server. 
      1. If you have already performed steps 8 and 9 above on the oldserver, then name this server the same as the old server. 
    3. Format disks --> 64K file allocation unit size ON SQL drive 
      1. By default, the NTFS file format uses 4K file allocation units. Since the SQL stores data in pages and extents which is of size 8K and 64K respectively. It’s recommended to use 64K file allocation size to format the drives which will hold the SQL Databases including tempdb 
    4. Other Disk use default formatting 
  2. Copy files and Media to same place on new ConfigMgr drive 
    1. SQL 
    2. PreReq 
    3. ADK 
    4. MDT 
    5. ConfigMgrSource 
    6. Other scripts or install directory needed 
  3. Create file no_sms_on_drive.sms on all drives except the drive that will contain ConfigMgr packages 
  4. Validate that DNS accurately reflects the IP Address of the new server for the site server’s name. 
  5. Add the new server’s AD computer account to same AD security groups as the old server. 
    1. If security groups were not used to assign permissions, first create a new AD security group, add the new site server account to this new group, and assign permissions for this group to the following:
      1. System Management Container
      2. Client Install Account (if used)
      3. Local Admins on all site systems
      4. Shares and NTFS permissions as needed
  6. Install prereqs: Site and site system prerequisites for System Center Configuration Manager. Use Nickolajs prereq tool (see link in bottom)
  7. Install SQL Server – including reporting services using the same service accounts. This must be the same version and edition of SQL Server as was used on the old site server. 
  8. Install SQL Management Studio
  9. Install desired ADK based on the version of ConfigMgr you are using. (use Prereq tool) 
  10. Install WSUS (use SQL Server and not WID). (use PrereqTool)¨ 
  11. Open WSUS console to verify it works, do not complete the first start wizard. 
  12. Restore ConfigMgr SQL database to same location and path it existed on the old site server. 
    1. restore SQL database with SQL Management Studio
  13. Copy ConfigMgrContentLib from the old site server to the same location and path on the new site server. 
  14. Copy the cd.latest folder from the old site server to a temporary location on the new site server. 
  15. Run ConfigMgr install from cd.latest completing the wizard appropriately. 
    1. Choose restore. 
    2. Select the database option for a manually restored database. 
    3. Choose same target locations as applicable. Double and triple check this! As noted in the previous post, it is technically possible to use different logical locations and drive letters, it’s more work than it’s worth. 
  16. Sit back, relax and watch the log file if you are so inclined. This will take a while...dont panic if you see red in log, wait for completion.

Post Actions

  1. Re-add any roles removed or better yet, as noted above, stand up a new site system to host them.
  2. Import any custom reports from the backup done using the SSRS web pages or a supplemental script.
  3. Add account passwords back to ConfigMgr accounts.
  4. Renew Keys for Azure Active Directory Tenatsn Applications
    1. Turn off IE Enhances Security
    2.  Right click on every application and renew key if available
  5. Add back cloud management gateway cert if used to computer certificate store
  6. Backup everything!
  7. Validate!
  8.  Validate some more!
  9. Test!
  10. Test some more!

Supplementary Actions

Source File Relocation

This is only necessary if your source files are located directly on the old site server. If this is the case, now may be a good time to move them to a file server or other server so that they are not on the site server. There are no technical benefits to doing this, but hosting them separately has advantages — like not having to ever move them in the future again during similar site server moves.
  1. Move source files to the new site server.
  2. Set up file share(s) with the same name(s) and permissions as on the old server.
  3. Use the ConfigMgr Content Source Update Tool 1.0.0 or a similar script to re-point content in ConfigMgr. This increments the version number on all content which in turn cause network traffic as ConfigMgr must re-validate all content files on all distribution points. It will not retransfer files though.

DB Maintenance

ConfigMgr Upgrade
You can combine the above with an in-place ConfigMgr site upgrade or an in-place SQL Server upgrade. This can be done on the old server (before the restore) or the new (after the restore). I would generally recommend doing this before to isolate the changes to the old server and prevent any old components from ever being on the new site server; however, you may have to do this after if the old site server is on Windows Server 2008 R2 and you want to upgrade to ConfigMgr CB. Do give time in between the operations though, too much change in too short a span of time will make troubleshooting much more difficult if something does go wrong.


Links

Link to original guide: 

https://home.configmgrftw.com/configmgr-site-backup-restore/

MS Articles:

Kommentarer

Skicka en kommentar

Populära inlägg i den här bloggen

Top 3 Image Servicing Tools that i use

My top 3 favorite tools to create and maintain Windows 10 Images depending on various scenarios like company policies and features like languagepacks. Number 1 invoke-WindowsImageOfflineServicicing.ps1  from Nickolaj My favorite because it's not a lot of moving parts as OSDBuilder from David Segura https://github.com/SCConfigMgr/ConfigMgr/tree/master/Operating%20System%20Deployment/Windows%20Servicing Number 2 OSDBuilder from David Segura I use this one if i need to create images with multiple language packs or modify the image in other way with anything below: WinPE (WinPE.wim, WinRE.wim, Setup.wim) Add ADK Packages Add MS DaRT Add Drivers Add ExtraFiles Execute custom PowerShell scripts os Enable NetFX3 Remove Appx Provisioned Packages Remove Windows Packages Remove Windows Capabilities Enable Windows Optional Features Disable Windows Optional Features Apply Features on Demand Apply Lan...
Skicka en kommentar
Läs mer