SCCM 2403 Upgrade: A Step-by-Step Guide
This article is a complete step-by-step SCCM 2403 upgrade guide that covers all you need to know to update your existing SCCM servers to version 2403. It also covers all the new features in 2403, including the console and client upgrade details and hotfixes.
The ConfigMgr 2403 update (KB26186448) for the current branch is available as an in-console update. You can install this update on sites that run version 2211 or later.
ConfigMgr 2403 is a production-ready release, and it is the first current branch release of the year 2024. ‘24‘ stands for the year 2024, and ‘03‘ for the month of March. Upgrading to the current SCCM branch, version 2403, will bring the latest bug fixes and new features to your site.
Before the release of Configuration Manager 2403, Microsoft released Configuration Manager 2303 and SCCM 2309 current branch update for the year 2023. According to the SCCM release cadence, Microsoft changed their release cycle from three current branch updates per year to two CB updates per year. So the year 2024 will see two current branch releases: 2403 and 2409.
You can use the steps covered in this guide to upgrade your Configuration Manager setup running in production to release version 2403. After applying the SCCM 2403 update, make sure you apply all the latest hotfixes for that version to get rid of any remaining bugs or issues. Also see What’s new in version 2403 of Configuration Manager current branch.
SCCM 2403 New Features
The following new features are included with the SCCM 2403 release:
- Windows Server 2012/2012 R2 operating system site system roles are not supported from this version of Configuration Manager
- Microsoft Azure Active Directory rebranded to Microsoft Entra ID
- Automated diagnostic Dashboard for Software Update Issues
- The console now has a centralized search box
- Added Folder support for Scripts node in Software Library
- HTTPS or Enhanced HTTP, should be enabled for client communication from this version of Configuration Manager
- Resource access profiles and deployments will block Configuration manager upgrade
- The Save-CMSoftwareUpdate cmdlet now has a new parameter called SoftwareUpdateO365Language.
- Support for ARM 64 Operating System Deployment
- Enhancement in Deploying Software Packages with Dynamic Variables
- Upgrade to CM 2403 is blocked if CMG V1 is running as a cloud service (classic)
All the above new features are covered in the following guide: Top 10 new features in Configuration Manager version 2403.
Issues fixed in global SCCM version 2403
KB26186448 is the official KB number for the SCCM 2403 release. The following issues are resolved after installing the 2403 version of Configuration Manager:
- The Save-CMSoftwareUpdate PowerShell cmdlet doesn’t download languages unless they’re explicitly selected in the properties of the Software Update Point. This issue affects environments using scripts for downloading update content.
- A task sequence fails if the Install Dynamic Software action is used for multiple packages, and the source version of one of those packages changes while the task sequence is running.
- The Set-CMScript PowerShell cmdlet fails with the “Invalid input argument (ScriptName)” error message, even when a name is provided.
- Enabling the “Stop managing updates” custom client setting doesn’t remove the local policy for managing WSUS settings.
- The cloud management gateway provisioning process fails if FIPS policy is enabled for the service connection point.
- Application icons aren’t appearing consistently in the Software Center for available apps.
- State message processing stored procedures are updated to prevent a flood of client state messages from filling the site server database.
- The Configuration Manager prerequisite checker fails on a primary or secondary site server if a local named instance of SQL server is used with a custom port.
- The Enable BitLocker step of an operating system deployment task sequence is now more resilient when verifying the presence of an escrow key. The changes reduce the chance of failure in the task sequence.
- The link “Select the restart experience to be shown to end users” now points to the correct location in the Computer Restart section of the default client settings properties window.
- The 256-bit AES block encryption algorithm (CALG_AES_256) and Elliptic curve Diffie-Hellman key exchange algorithm (CALG_ECDH) are supported starting with this release. The 128-bit AES block encryption (CALG_AES_128) and RSA public key exchange algorithm (CALG_RSA_KEYX) are removed. These changes improve support for environments using the Federal Information Processing Standard (FIPS).
- Content download can fail to resume on a client if the source is a peer computer, and that peer is offline or the download isn’t completed within 24 hours.
- Redundant storage checks are removed from the package transfer manager component, which increases the efficiency of transferring content to a cloud management gateway.
SCCM 2403 Release Date
Microsoft released SCCM 2403 on April 22, 2024. Support for SCCM 2403 ends on October 22, 2025. The 2403 version of SCCM is a baseline version. When installing a new site, you can download and use the 2403 baseline version, but remember that the baseline media will be available only after global availability.
Important: You cannot upgrade to SCCM 2403 if you are running older versions of ConfigMgr, such as SCCM 2012 or SCCM 2012 R2. If you are still running an older version of Configuration Manager, you must upgrade to the current branch first. Please refer to the SCCM in-place upgrade paths for more information.
General Availability of Configuration Manager 2403
Configuration Manager version 2403 is generally available for everyone. As you know, when the update becomes generally available, you don’t have to run any scripts because the update is available in the console for installation.
Installing Previous Hotfixes Before Upgrading
There were plenty of hotfixes and rollups for ConfigMgr version 2309 and earlier versions, some of which also featured out-of-band hotfixes. Most administrators want to know if they should install all the existing hotfixes before updating to version 2403. The answer is ‘No.’ That’s because the new SCCM 2403 release will contain all previously issued hotfixes for Configuration Manager. So you can safely skip the old hotfixes and directly install the KB26186448 update.
The following hotfixes are already included with the 2403 version:
- Configuration Manager 2309 Upgrade Guide
- Configuration Manager 2309 Hotfix KB26129847
- Hotfix Rollup KB25858444 for SCCM 2309
Windows ADK Support for version 2403
SCCM 2403 supports both the latest versions of the Windows 10 ADK and the Windows 11 ADK.
- For Windows 10, you can install the Windows ADK for Windows 10 version 2004.
- For Windows 11, you can install the Windows ADK for Windows 11 version 23H2.
If you have installed an older version of ADK on your SCCM server and are upgrading your Windows 10 to newer versions like Windows 10 20H2 or Windows 10 21H2, you must upgrade your ADK to the latest version available. Use the following guide to update ADK on SCCM server.
SCCM 2403 Upgrade Checklist and Prerequisites
Before you upgrade to Config Manager version 2403, please go through the upgrade checklist and prerequisites.
- Starting in version 2403, the Configuration Manager upgrade will be blocked if you are running Windows Server 2012/2012 R2. To resolve this, upgrade the servers to a higher version, such as 2016, 2019, or 2022.
- Configuration Manager 2309 and 2403 will require the latest version of the Microsoft ODBC driver for SQL Server. The ODBC driver for SQL Server needs to be installed on site servers before upgrading to the 2403 version. Microsoft recommends installing SNAC 11.0 with the latest ODBC driver, version 18.1.0 or later. This prerequisite is required when you create a new site or update an existing one and for all remote roles.
- To apply this update to your sites, ensure you have installed SCCM version 2211 or later.
- If you’re running a multi-tier hierarchy, start at the top-level site in the hierarchy. Perform the CAS upgrade first, then begin the upgrade of each child site. Complete the upgrade of each site before you begin to upgrade the next site.
- Ensure that you are running a supported Operating System for SCCM.
- Starting with the current branch 2303, SQL Server 2022 support has been added. SCCM 2403 will support the following versions of SQL: SQL 2017, SQL 2019, and SQL 2022.
- If you’re running a SCCM version older than version 1910, check the SCCM In-place upgrade paths for proper upgrade paths.
- The Configuration Manager should have an online service connection point before you upgrade to 2403.
- You must remove the enrollment point, enrollment point proxy, and device management point roles before upgrading to version 2403.
Install Windows Updates on SCCM Server
Before you upgrade your SCCM server to version 2403, we recommend installing the latest Windows updates on the server. This ensures that your server is patched with the most recent updates and prevents any errors during the upgrade.
Most ConfigMgr administrators patch the Windows servers regularly using the ADR. However, if there is any pending restart, make sure you reboot the server, as this may halt the upgrade. For more details, refer to the article on Fix Configuration Manager Pending System Restart error.
On the Configuration Manager server, click Settings > Update and Security. Install any pending updates on the server and reboot the server.
Installing the latest Microsoft ODBC Driver for SQL Server
Configuration Manager current branch versions 2309 and 2403 have an error prerequisite rule that checks for Microsoft ODBC Driver 18 for SQL setup. Before performing the upgrade on any site system servers, this needs to be manually installed. The installation of Microsoft ODBC Driver 18 does not require a restart.
Use the following download link to get the most recent version of the ODBC driver for SQL Server. Refer to the following to install or upgrade the ODBC driver on SCCM Server.
Run EnableEarlyUpdateRing 2403 PowerShell script
To get the SCCM 2403 update in the console, you must download and install the version 2403 opt-in script on the SCCM server. Use the following link to get the 2403 opt-in script. Extract the contents to a folder, and you will find a PowerShell script named enableearlyupdatering2403.ps1.
Follow these steps to run enableearlyupdatering2403.ps1:
- First, close the Configuration Manager console.
- On your SCCM server, launch PowerShell as an administrator.
- Change the path to the script location and run the enableearlyupdatering2403.ps1 PowerShell script.
- Enter the site server name (top-level site server name or IP address), and the script will download the SCCM 2403 update in the SCCM console.
After running the above PowerShell script, the update download begins. The SCCM server will download the update 2403 package from Azure servers, and the download progress can be viewed in dmpdownloader.log.
Wait for ConfigMgr update 2403 to download and extract all the files needed for the upgrade. The update state changes from ‘Downloading‘ to ‘Ready to Install‘ in the console.
SCCM 2403 Update Stuck Downloading in Console
On several setups, we have noticed that the SCCM 2403 update gets stuck in the downloading state. Hence, we have published a dedicated article to help you out: https://www.prajwaldesai.com/fix-sccm-update-stuck-downloading-state/.
Listed below are some common reasons why the upgrade prerequisite check fails and the solution to those errors and warnings.
- The site database has a backlog of SQL change tracking data: Solution
- Configuration Manager Pending System Restart: Solution
- SQL Server Native Client Version: Solution
- SCCM Update Stuck at Downloading State: Solution
- Enable site system roles for HTTPS or SCCM Enhanced HTTP: Solution
- Recommended version of the Microsoft .NET Framework. Warning: The Configuration Manager 2309/2403 update requires at least DotNet version 4.6.2 but recommends the latest version 4.8: Solution
- ConfigMgr Database Upgrade Error 0x87d20b15: Solution
- Co-Mgmt slider is not pointed to Intune: Solution
- SQL client prerequisites are missing for Config Manager setup: Solution
Run SCCM 2403 Prerequisite Check
Before you install the SCCM 2403 update, you must always run the prerequisite check. The prerequisite check will determine if update 2403 can be installed without any issues.
Note: You can run the prerequisite check only when update 2403 shows the status as Ready to Install. If the update is stuck or is not downloading, please use the solutions described above.
Perform the following steps to initiate the SCCM 2403 prerequisite check on the server:
- Launch the Configuration Manager console.
- Navigate to Administration > Overview > Updates and Servicing.
- Right-click Configuration Manager 2403 Update and select Run Prerequisite Check.
After you run a prerequisite check for an update, it takes a while to actually begin the prerequisite check process. You can monitor all the prerequisite checks in the monitoring node of the console. In addition, you can also review the ConfigMgrPreReq.log to know the status of the prerequisite check. Take a look at a list of all the SCCM log files useful for monitoring the upgrades.
SCCM 2403 Upgrade
To perform the SCCM 2403 upgrade, you can try these steps:
- Launch the Configuration Manager console.
- Navigate to Administration > Overview > Updates and Servicing Node.
- Right-click Configuration Manager 2403 Update and select Install Update Pack.
The following components have been updated in Configuration Manager version 2403:
- Configuration Manager site-server updates
- Configuration Manager console updates
- Configuration Manager client updates
- Fixes for known issues
- New Features
Since we have already performed the prerequisite check, you can enable the checkbox to ignore the prerequisite check warnings. Click Next.
On the Features tab, check the boxes for the new 2403 features you want to enable during the upgrade. You can enable these new features after installing the update from Administration > Updates and Servicing > Features. Click on Next to continue.
For Client Update Options, select the desired option for updating the clients in your hierarchy. There are two client update options available while installing the update.
- Upgrade without validating: This option allows updating only client members of a specific collection.
- Validate in pre-production collection: With this option, you can validate the client update on members of the pre-production collection while keeping your production client package intact.
Please refer to the SCCM client upgrade options to understand the options available for upgrading the client agents automatically to the latest version. Select the desired client agent update option and click Next to continue.
On the License Terms tab, accept the license terms that are mandatory to install the 2403 update and click Next.
If you have already enabled SCCM Cloud Attach (Tenant Attach) with Intune, you will see an option to upload the Microsoft Defender for Endpoint Data for reporting on devices uploaded to Intune. If your SCCM setup does not include tenant attach, you can skip this step and proceed to the next step.
In the Summary window, you see a summary of the settings that you have configured for installing the SCCM 2403 update. Review them and click Next.
On the Completion window, click Close. This completes the steps for installing the SCCM 2403 update.
Monitor the Upgrade
A Configuration Manager administrator can monitor the 2403 upgrade process using the following steps:
- In the Configuration Manager Console, go to the Monitoring workspace.
- Select Overview > Updates and Servicing Status.
- Right-click the Configuration Manager 2403 update and select Show Status.
- You can also review the 2403 upgrade by reviewing the CMUpdate.log file located on the site server.
Upgrading the ConfigMgr Console
After installing the SCCM 2403 update, the old console version will be uninstalled, and a newer console version will be installed. You should not skip the console upgrade process because you will be unable to use an older version of the console.
To upgrade the Configuration Manager console to the latest version, you can either refresh the console once or close and launch the console. For some of you, a yellow notification bar appears just below the top ribbon. Click Install the new console version to begin the console upgrade. During the console upgrade, if you encounter any issues, you can always review the ConfigMgr Console log files.
After upgrading to version 2403, the final Configuration Manager console version is 5.2403.1165.1000. If the console upgrade fails, restart the server and try again. If the console upgrade is failing with a specific error, you can let us know in the comments section.
Verify SCCM 2403 Upgrade
After the SCCM 2403 console upgrade is complete, launch the console and select About Microsoft Configuration Manager.
The following details confirm that your site has been upgraded to version 2403.
- Microsoft Configuration Manager Version: 2403
- Console Version: 5.2403.1165.1000
- Site Version: 5.0.9128.1000
You can manually verify the SCCM 2403 build number and version with the following steps:
- In the ConfigMgr console, navigate to Administration > Site Configuration > Sites.
- Right-click your site and select Properties.
- The version is 5.00.9128.1000 and the build number is 9128.
Update Boot Images to the latest version
After upgrading to Configuration Manager 2403, the default boot images (x64 and x86) will automatically update on all the distribution points. If it’s not updated, you can manually update the boot images using the following procedure for Boot Image (x64) and Boot Image (x86):
- Launch the Configuration Manager console.
- Go to the Software Library > Operating Systems > Boot Images.
- Right-click the boot image and select Update Distribution Points.
Upgrading Clients to the latest version
The production client version of SCCM 2403 is 5.00.9128.1005. The recommended method to upgrade SCCM 2403 clients is by using the Automatic Client Upgrade feature. This will upgrade all the clients in your production setup to version 5.00.9128.1005.
Using the automatic client upgrade, you can upgrade the clients to the 2403 version.
- In the SCCM console, go to Administration > Site Configuration > Sites.
- Click Hierarchy Settings in the top ribbon and select the Client Upgrade tab.
- Tick the checkbox “Upgrade all clients in the hierarchy using production client“.
- Set the required number of days for an automatic client upgrade to occur. Click Apply and OK.
Device Collection for SCCM 2403 Clients
There is a chance that the automatic client upgrade will fail on multiple computers, leaving clients with older versions of agents. In such situations, you can create a device collection in SCCM to find all the computers running an older version of the SCCM 2403 client agent. Refer to the following guide to create a device collection 2403 clients.
You can use the query below to find clients that have not been updated to the latest version for the 2403 build. The query will list all the computers that don’t have the latest client agent version, 5.00.9128.1005.
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.ClientVersion != '5.00.9128.1005'
SCCM 2403 Post-Update Checklist
Microsoft recommends the following post-update checklists after installing a SCCM 2403 upgrade:
- Confirm SCCM version and restart the server (if necessary)
- Confirm site-to-site replication is active
- Update Configuration Manager consoles to the latest version
- Reconfigure database replicas for management points
- Reconfigure availability groups and any disabled maintenance tasks
- Restore hardware inventory customizations
- Restore user state from active deployments
- Update Client Agents
- Check for expired third-party extensions
- Enable any custom solutions
- Update boot images and media
- Update PowerShell to help content
Hotfixes released for 2403 version
Currently, there are two hotfixes released for the 2403 update: KB28290310 and KB28458746. We can confidently say it’s a production-ready release. The SCCM 2403 upgrade can be performed safely on your production server.
The following issue has been addressed in the globally available release of the 2403 update. Searching for software updates can cause the Configuration Manager console to terminate unexpectedly on Windows Server 2022.
Configuration Manager 2403 Known Issues
If you’re updating to version 2403, there is a known issue with this version. An updated version of the Microsoft Security Client Policy Configuration Tool, ConfigSecurityPolicy.exe, is available to resolve the Endpoint Protection policy issue described in this note.
The updated tool, version 4.18.24040.4, is distributed with the April 2024 monthly Microsoft Defender platform update. At the time of this writing, the platform update is in the process of global distribution, and should be broadly available in all regions by May 17, 2024.
Once the platform update is installed on affected clients, endpoint protection policies are reapplied from Intune within 8 hours. The “Manage Endpoint Protection Client on client computers” setting in Configuration Manager can be changed back to “Yes” as required.
Need more help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.