SCCM 2403 Upgrade: A Step-by-Step Guide

A step-by-step guide to upgrade your Configuration Manager setup running in production to release version 2403. Also includes the new features in SCCM version 2403.

Prajwal Desai
Posted by Prajwal Desai
SCCM 2403 Upgrade Guide

This article is a complete step-by-step SCCM 2403 upgrade guide that covers all you need to know to update your existing SCCM servers to version 2403. It also covers all the new features in 2403, including the console and client upgrade details and hotfixes.

The ConfigMgr 2403 update (KB26186448) for the current branch is available as an in-console update. You can install this update on sites that run version 2211 or later.

ConfigMgr 2403 is a production-ready release, and it is the first current branch release of the year 2024. ‘24‘ stands for the year 2024, and ‘03‘ for the month of March. Upgrading to the current SCCM branch, version 2403, will bring the latest bug fixes and new features to your site.

Before the release of Configuration Manager 2403, Microsoft released Configuration Manager 2303 and SCCM 2309 current branch update for the year 2023. According to the SCCM release cadence, Microsoft changed their release cycle from three current branch updates per year to two CB updates per year. So the year 2024 will see two current branch releases: 2403 and 2409.

You can use the steps covered in this guide to upgrade your Configuration Manager setup running in production to release version 2403. After applying the SCCM 2403 update, make sure you apply all the latest hotfixes for that version to get rid of any remaining bugs or issues. Also see What’s new in version 2403 of Configuration Manager current branch.

SCCM 2403 New Features

The following new features are included with the SCCM 2403 release:

  • Windows Server 2012/2012 R2 operating system site system roles are not supported from this version of Configuration Manager
  • Microsoft Azure Active Directory rebranded to Microsoft Entra ID
  • Automated diagnostic Dashboard for Software Update Issues
  • The console now has a centralized search box
  • Added Folder support for Scripts node in Software Library
  • HTTPS or Enhanced HTTP, should be enabled for client communication from this version of Configuration Manager
  • Resource access profiles and deployments will block Configuration manager upgrade
  • The Save-CMSoftwareUpdate cmdlet now has a new parameter called SoftwareUpdateO365Language.
  • Support for ARM 64 Operating System Deployment
  • Enhancement in Deploying Software Packages with Dynamic Variables
  • Upgrade to CM 2403 is blocked if CMG V1 is running as a cloud service (classic)

All the above new features are covered in the following guide: Top 10 new features in Configuration Manager version 2403.

SCCM 2403 Release Date

Microsoft released SCCM 2403 on April 22, 2024. Support for SCCM 2403 ends on October 22, 2025. The 2403 version of SCCM is a baseline version. When installing a new site, you can download and use the 2403 baseline version, but remember that the baseline media will be available only after global availability.

Important: You cannot upgrade to SCCM 2403 if you are running older versions of ConfigMgr, such as SCCM 2012 or SCCM 2012 R2. If you are still running an older version of Configuration Manager, you must upgrade to the current branch first. Please refer to the SCCM in-place upgrade paths for more information.

General Availability of Configuration Manager 2403

Configuration Manager version 2403 is generally available for everyone. As you know, when the update becomes generally available, you don’t have to run any scripts because the update is available in the console for installation.

Installing Previous Hotfixes Before Upgrading

There were plenty of hotfixes and rollups for ConfigMgr version 2309 and earlier versions, some of which also featured out-of-band hotfixes. Most administrators want to know if they should install all the existing hotfixes before updating to version 2403. The answer is ‘No.’ That’s because the new SCCM 2403 release will contain all previously issued hotfixes for Configuration Manager. So you can safely skip the old hotfixes and directly install the KB26186448 update.

The following hotfixes are already included with the 2403 version:

Windows ADK Support for version 2403

SCCM 2403 supports both the latest versions of the Windows 10 ADK and the Windows 11 ADK.

If you have installed an older version of ADK on your SCCM server and are upgrading your Windows 10 to newer versions like Windows 10 20H2 or Windows 10 21H2, you must upgrade your ADK to the latest version available. Use the following guide to update ADK on SCCM server.

SCCM 2403 Upgrade Checklist and Prerequisites

Before you upgrade to Config Manager version 2403, please go through the upgrade checklist and prerequisites.

  • Starting in version 2403, the Configuration Manager upgrade will be blocked if you are running Windows Server 2012/2012 R2. To resolve this, upgrade the servers to a higher version, such as 2016, 2019, or 2022.
  • Configuration Manager 2309 and 2403 will require the latest version of the Microsoft ODBC driver for SQL Server. The ODBC driver for SQL Server needs to be installed on site servers before upgrading to the 2403 version. Microsoft recommends installing SNAC 11.0 with the latest ODBC driver, version 18.1.0 or later. This prerequisite is required when you create a new site or update an existing one and for all remote roles.
  • To apply this update to your sites, ensure you have installed SCCM version 2211 or later.
  • If you’re running a multi-tier hierarchy, start at the top-level site in the hierarchy. Perform the CAS upgrade first, then begin the upgrade of each child site. Complete the upgrade of each site before you begin to upgrade the next site.
  • Ensure that you are running a supported Operating System for SCCM.
  • Starting with the current branch 2303, SQL Server 2022 support has been added. SCCM 2403 will support the following versions of SQL: SQL 2017, SQL 2019, and SQL 2022.
  • If you’re running a SCCM version older than version 1910, check the SCCM In-place upgrade paths for proper upgrade paths.
  • The Configuration Manager should have an online service connection point before you upgrade to 2403.
  • You must remove the enrollment point, enrollment point proxy, and device management point roles before upgrading to version 2403.

Install Windows Updates on SCCM Server

Before you upgrade your SCCM server to version 2403, we recommend installing the latest Windows updates on the server. This ensures that your server is patched with the most recent updates and prevents any errors during the upgrade.

Most ConfigMgr administrators patch the Windows servers regularly using the ADR. However, if there is any pending restart, make sure you reboot the server, as this may halt the upgrade. For more details, refer to the article on Fix Configuration Manager Pending System Restart error.

On the Configuration Manager server, click Settings > Update and Security. Install any pending updates on the server and reboot the server.

SCCM 2309 Upgrade Guide Snap1
Install the latest updates on ConfigMgr Server

Installing the latest Microsoft ODBC Driver for SQL Server

Configuration Manager current branch versions 2309 and 2403 have an error prerequisite rule that checks for Microsoft ODBC Driver 18 for SQL setup. Before performing the upgrade on any site system servers, this needs to be manually installed. The installation of Microsoft ODBC Driver 18 does not require a restart.

Use the following download link to get the most recent version of the ODBC driver for SQL Server. Refer to the following to install or upgrade the ODBC driver on SCCM Server.

Run EnableEarlyUpdateRing 2403 PowerShell script

To get the SCCM 2403 update in the console, you must download and install the version 2403 opt-in script on the SCCM server. Use the following link to get the 2403 opt-in script. Extract the contents to a folder, and you will find a PowerShell script named enableearlyupdatering2403.ps1.

Follow these steps to run enableearlyupdatering2403.ps1:

  • First, close the Configuration Manager console.
  • On your SCCM server, launch PowerShell as an administrator.
  • Change the path to the script location and run the enableearlyupdatering2403.ps1 PowerShell script.
  • Enter the site server name (top-level site server name or IP address), and the script will download the SCCM 2403 update in the SCCM console.
Run EnableEarlyUpdateRing 2403 PowerShell script
Run EnableEarlyUpdateRing 2403 PowerShell script

After running the above PowerShell script, the update download begins. The SCCM server will download the update 2403 package from Azure servers, and the download progress can be viewed in dmpdownloader.log.

Wait for ConfigMgr update 2403 to download and extract all the files needed for the upgrade. The update state changes from ‘Downloading‘ to ‘Ready to Install‘ in the console.

Configuration Manager 2403 Update Download
Configuration Manager 2403 Update Download

SCCM 2403 Update Stuck Downloading in Console

On several setups, we have noticed that the SCCM 2403 update gets stuck in the downloading state. Hence, we have published a dedicated article to help you out: https://www.prajwaldesai.com/fix-sccm-update-stuck-downloading-state/.

Listed below are some common reasons why the upgrade prerequisite check fails and the solution to those errors and warnings.

  • The site database has a backlog of SQL change tracking data: Solution
  • Configuration Manager Pending System Restart: Solution
  • SQL Server Native Client Version: Solution
  • SCCM Update Stuck at Downloading State: Solution
  • Enable site system roles for HTTPS or SCCM Enhanced HTTP: Solution
  • Recommended version of the Microsoft .NET Framework. Warning: The Configuration Manager 2309/2403 update requires at least DotNet version 4.6.2 but recommends the latest version 4.8: Solution
  • ConfigMgr Database Upgrade Error 0x87d20b15: Solution
  • Co-Mgmt slider is not pointed to Intune: Solution
  • SQL client prerequisites are missing for Config Manager setup: Solution

Run SCCM 2403 Prerequisite Check

Before you install the SCCM 2403 update, you must always run the prerequisite check. The prerequisite check will determine if update 2403 can be installed without any issues.

Note: You can run the prerequisite check only when update 2403 shows the status as Ready to Install. If the update is stuck or is not downloading, please use the solutions described above.

Perform the following steps to initiate the SCCM 2403 prerequisite check on the server:

  • Launch the Configuration Manager console.
  • Navigate to Administration > Overview > Updates and Servicing.
  • Right-click Configuration Manager 2403 Update and select Run Prerequisite Check.
Run SCCM 2403 Prerequisite Check
Run SCCM 2403 Prerequisite Check

After you run a prerequisite check for an update, it takes a while to actually begin the prerequisite check process. You can monitor all the prerequisite checks in the monitoring node of the console. In addition, you can also review the ConfigMgrPreReq.log to know the status of the prerequisite check. Take a look at a list of all the SCCM log files useful for monitoring the upgrades.

SCCM 2403 Prerequisite Check Completed
SCCM 2403 Prerequisite Check Completed

SCCM 2403 Upgrade

To perform the SCCM 2403 upgrade, you can try these steps:

  • Launch the Configuration Manager console.
  • Navigate to Administration > Overview > Updates and Servicing Node.
  • Right-click Configuration Manager 2403 Update and select Install Update Pack.
Start SCCM 2403 Upgrade
Start SCCM 2403 Upgrade

The following components have been updated in Configuration Manager version 2403:

  • Configuration Manager site-server updates
  • Configuration Manager console updates
  • Configuration Manager client updates
  • Fixes for known issues
  • New Features

Since we have already performed the prerequisite check, you can enable the checkbox to ignore the prerequisite check warnings. Click Next.

SCCM 2403 Upgrade Updates
SCCM 2403 Upgrade Updates

On the Features tab, check the boxes for the new 2403 features you want to enable during the upgrade. You can enable these new features after installing the update from Administration > Updates and Servicing > Features. Click on Next to continue.

For Client Update Options, select the desired option for updating the clients in your hierarchy. There are two client update options available while installing the update.

  • Upgrade without validating: This option allows updating only client members of a specific collection.
  • Validate in pre-production collection: With this option, you can validate the client update on members of the pre-production collection while keeping your production client package intact.

Please refer to the SCCM client upgrade options to understand the options available for upgrading the client agents automatically to the latest version. Select the desired client agent update option and click Next to continue.

SCCM 2403 Client Upgrade Options
SCCM 2403 Client Upgrade Options

On the License Terms tab, accept the license terms that are mandatory to install the 2403 update and click Next.

SCCM 2403 Upgrade License Terms
SCCM 2403 Upgrade License Terms

If you have already enabled SCCM Cloud Attach (Tenant Attach) with Intune, you will see an option to upload the Microsoft Defender for Endpoint Data for reporting on devices uploaded to Intune. If your SCCM setup does not include tenant attach, you can skip this step and proceed to the next step.

In the Summary window, you see a summary of the settings that you have configured for installing the SCCM 2403 update. Review them and click Next.

On the Completion window, click Close. This completes the steps for installing the SCCM 2403 update.

SCCM 2403 Upgrade Guide
SCCM 2403 Upgrade Guide

Monitor the Upgrade

A Configuration Manager administrator can monitor the 2403 upgrade process using the following steps:

  • In the Configuration Manager Console, go to the Monitoring workspace.
  • Select Overview > Updates and Servicing Status.
  • Right-click the Configuration Manager 2403 update and select Show Status.
  • You can also review the 2403 upgrade by reviewing the CMUpdate.log file located on the site server.
Monitor the ConfigMgr 2403 Upgrade
Monitor the ConfigMgr 2403 Upgrade

Upgrading the ConfigMgr Console

After installing the SCCM 2403 update, the old console version will be uninstalled, and a newer console version will be installed. You should not skip the console upgrade process because you will be unable to use an older version of the console.

To upgrade the Configuration Manager console to the latest version, you can either refresh the console once or close and launch the console. For some of you, a yellow notification bar appears just below the top ribbon. Click Install the new console version to begin the console upgrade. During the console upgrade, if you encounter any issues, you can always review the ConfigMgr Console log files.

Upgrading the ConfigMgr Console to 2403
Upgrading the ConfigMgr Console to 2403

After upgrading to version 2403, the final Configuration Manager console version is 5.2403.1165.1000. If the console upgrade fails, restart the server and try again. If the console upgrade is failing with a specific error, you can let us know in the comments section.

Verify SCCM 2403 Upgrade

After the SCCM 2403 console upgrade is complete, launch the console and select About Microsoft Configuration Manager.

The following details confirm that your site has been upgraded to version 2403.

  • Microsoft Configuration Manager Version: 2403
  • Console Version: 5.2403.1165.1000
  • Site Version: 5.0.9128.1000
Verify SCCM 2403 Upgrade
Verify SCCM 2403 Upgrade

You can manually verify the SCCM 2403 build number and version with the following steps:

  • In the ConfigMgr console, navigate to Administration > Site Configuration > Sites.
  • Right-click your site and select Properties.
  • The version is 5.00.9128.1000 and the build number is 9128.
Verify SCCM 2403 Upgrade
Verify SCCM 2403 Upgrade

Update Boot Images to the latest version

After upgrading to Configuration Manager 2403, the default boot images (x64 and x86) will automatically update on all the distribution points. If it’s not updated, you can manually update the boot images using the following procedure for Boot Image (x64) and Boot Image (x86):

  • Launch the Configuration Manager console.
  • Go to the Software Library > Operating Systems > Boot Images.
  • Right-click the boot image and select Update Distribution Points.

Upgrading Clients to the latest version

The production client version of SCCM 2403 is 5.00.9128.1005. The recommended method to upgrade SCCM 2403 clients is by using the Automatic Client Upgrade feature. This will upgrade all the clients in your production setup to version 5.00.9128.1005.

Using the automatic client upgrade, you can upgrade the clients to the 2403 version.

  • In the SCCM console, go to Administration > Site Configuration > Sites.
  • Click Hierarchy Settings in the top ribbon and select the Client Upgrade tab.
  • Tick the checkbox “Upgrade all clients in the hierarchy using production client“.
  • Set the required number of days for an automatic client upgrade to occur. Click Apply and OK.
Upgrading Clients to the latest version
Upgrading Clients to the latest version

Device Collection for SCCM 2403 Clients

There is a chance that the automatic client upgrade will fail on multiple computers, leaving clients with older versions of agents. In such situations, you can create a device collection in SCCM to find all the computers running an older version of the SCCM 2403 client agent. Refer to the following guide to create a device collection 2403 clients.

You can use the query below to find clients that have not been updated to the latest version for the 2403 build. The query will list all the computers that don’t have the latest client agent version, 5.00.9128.1005.

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.9128.1005'

SCCM 2403 Post-Update Checklist

Microsoft recommends the following post-update checklists after installing a SCCM 2403 upgrade:

  • Confirm version and restart the server (if necessary)
  • Confirm site-to-site replication is active
  • Update Configuration Manager consoles to the latest version
  • Reconfigure database replicas for management points
  • Reconfigure availability groups
  • Reconfigure any disabled maintenance tasks
  • Restore hardware inventory customizations
  • Restore user state from active deployments
  • Update Client Agents
  • Check for expired third-party extensions
  • Enable any custom solutions
  • Update boot images and media
  • Update PowerShell to help content

SCCM 2403 Hotfixes

Currently, there are no hotfixes released for 2403 update, and we can confidently say it’s a production-ready release. The SCCM 2403 upgrade can be performed safely on your production server.

The following issue has been addressed in the globally available release of the 2403 update. Searching for software updates can cause the Configuration Manager console to terminate unexpectedly on Windows Server 2022.

Configuration Manager 2403 Known Issues

If you’re updating to version 2403, there is a known issue with this version. An updated version of the Microsoft Security Client Policy Configuration Tool, ConfigSecurityPolicy.exe, is available to resolve the Endpoint Protection policy issue described in this note.

The updated tool, version 4.18.24040.4, is distributed with the April 2024 monthly Microsoft Defender platform update. At the time of this writing, the platform update is in the process of global distribution, and should be broadly available in all regions by May 17, 2024.

Once the platform update is installed on affected clients, endpoint protection policies are reapplied from Intune within 8 hours. The “Manage Endpoint Protection Client on client computers” setting in Configuration Manager can be changed back to “Yes” as required.

Share This Article
Prajwal Desai
Posted by Prajwal Desai
Follow:
Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.
1 Comment