In Part 1 of this series, we covered the planning and preparation phase for upgrading your SCCM 2012 hierarchies to SP1. Part 2 focused on upgrading Primary Site servers. The process for upgrading Secondary Sites is much the same as the process for provisioning them.

Essentially, you perform the upgrade from within the management console for the Primary Site which owns the Secondary Site in question. So, it goes without saying then, that you cannot upgrade a Secondary Site before you upgrade its parent Primary Site. However, and there is a “however” here, I found some road bumps in the Secondary Site upgrade process that I felt are important to share, so hopefully this helps you avoid some of the headaches I encountered.

Secondary Sites review ^

It might be a good time to review what makes Secondary Sites special, and why you would want (or need) to create them, particularly with respect to SCCM 2012. According to Microsoft, you should consider implementing a Secondary Site if you meet one or more of the following conditions:

  • You do not require a local administrator at the remote site
  • You have to manage the transfer of deployment content to sites lower in the hierarchy
  • You have to manage client information that is sent to sites higher in the hierarchy

To review what distinguishes a Secondary Site from a Primary Site or CAS:

  • A Secondary Site can only be created from within the management console of a CAS or Primary Site
  • When creating a Secondary Site, if no existing SQL Server instance is available, SQL Server Express is automatically installed.
  • After a Secondary Site is created, it automatically configures SQL database replication with its parent site.
  • Database communication between a Secondary Site and its Parent Primary Site is done with SQL Server database replication.
  • Secondary sites can route file-based content to other Secondary Sites with a common parent Primary Site.
  • Secondary sites are automatically configured as Management Point and Distribution Point roles.

In most situations, a Primary Site is preferred, but there are situations where it’s not feasible, so a Secondary Site is the next-best solution. So, how do we approach the upgrade of a Secondary Site?

Secondary Site readiness assessment ^

When I first attempted to upgrade my Secondary Site, I started on the assumption that it was going to be as simple as clicking the “Upgrade” link in the management console on the parent Primary Site. But alas, it wasn’t quite that simple, for me at least (and based on my own research, I’m not alone).

To get started, open the SCCM 2012 management console, connected to the parent Primary Site for the Secondary Site you wish to upgrade. Select “Administration” and navigate to Overview / Site Configuration / Sites and review the details in the right-hand panel. It helps to right-click on the row of column headings, and add the “Build Number” column, to see the versions of each site in your hierarchy. But this isn’t absolutely necessary, as you can see the Build Number (version), when you select a Site and look in the details in the lower panel. As you can see in the screenshot below, the Primary Site is on Build 7804 (SP1), while the Secondary Site is on Build 7711 (RTM).

Primary Site SCCM 2012 SP1 - Secondary Site SCCM 2012

Primary Site SCCM 2012 SP1 - Secondary Site SCCM 2012

As I mentioned before, you cannot upgrade a Secondary Site unless its parent Primary Site has been upgraded first. Since I already upgraded the associated Primary Site, I’m ready to proceed.

A quick review ^

My lab setup has the Primary Site and Secondary Site deployed on the RTM build of Configuration Manager 2012, using Windows Server 2008 R2 for both Site Servers. The Primary Site is using SQL Server 2008 R2 (with SP2 and CU6), while the Secondary Site is using SQL Server Express 2008 R2. When upgrading the Primary Site, I followed what was discussed in Part 2 of this series, so that it is now on Build 7804.

Starting the Secondary Site upgrade ^

My first inclination was to click the Upgrade link in the main Ribbon menu, and follow the prompts to an easy upgrade, but that isn’t what I encountered. But let’s see where this goes first, and then we can look at how to address the issues I encountered.

SCCM 2012 SP1 Upgrade link

SCCM 2012 SP1 Upgrade link

The first thing you’ll see is a confirmation dialog form, asking you to choose Yes to continue, or No to cancel. If you choose Yes, a series of dialog forms is opened, walking you through some prompts to decide how you wish to perform the upgrade.

Continue upgrade to SP1

Continue upgrade to SP1

If you configured the Secondary Site server in accordance with Microsoft’s documented guidance you should be in good shape. If you missed anything, you will find out when you view the Installation Status summary report. Some common things that get overlooked:

  • Forgetting to select the appropriate Roles and Features to support a Management Point and Distribution Point role:
    • Web Server Role: ISAPI extensions, Windows Authentication, IIS6 Management services, HTTP Redirection, IIS Management Tools and Scripts, BITS, and Remote Differential Compression. Also, .NET Framework 3.5 SP1 and .NET Framework 4.0 (along with the usual latest updates)
  • Forgetting to open Windows Firewall ports to allow for SQL Server replication traffic
  • Improper configuration of local Administrators group membership (Primary Site server, special accounts, etc.)
  • Improper or missing AD security delegation rights for the Secondary Site server on the “System Management” container.
  • DNS configuration issues, replication problems, etc.
  • Misconfigured Site Boundaries or Boundary Groups (as well as un-expected AD Sites and Subnets modifications)
  • Improper NIC configuration settings
  • Forgetting to apply updates to SQL Server Express instances on Secondary Site servers.
  • Improper SQL Server Network configuration settings (more on this later)

If you find yourself in the situation where even one of the above issues applies, you really need to stop and get those resolved before attempting to upgrade to SCCM 2012 SP1. Otherwise, you will be setting yourself up for a repeated cycle of errors and chasing down fixes, and that’s no fun.

For what it’s worth, I made it through the whole list above and was run over by the last two. I kept forgetting to install CU6 for SQL Server Express on my Secondary Site servers, which will cause the SP1 upgrade process to fail, but after a very long wait. The first clue will be found in the Installation Status log view, with an entry something like this.

Secondary Site Installation Status

Secondary Site Installation Status

I will cover network configuration settings in the next section below.

SQL Server network settings ^

One of the problems I ran into, which was pointed out by my trusty colleague, Justin Chalfant, has to do with the ports used by the SQL Server Express services on the Secondary Site server. It appears that, by default, it wants to leave the TCP Port value blank, and enters a zero (0) in the TCP Dynamic Ports field for each of the IP addresses.

To remedy this, drill down into the Start Menu on your Secondary Site server and open the SQL Server Configuration Manager. Expand SQL Server Network Configuration in the left-hand tree-view panel, and click on Protocols for CONFIGMGRSEC. In the right-hand details panel, right-click TCP/IP and select Properties (or you can double-click on it). Select the IP Addresses tab, and change all of the entries for TCP Dynamic Ports to blank (highlight the current value and press DEL), and change the TCP Port value to 1433. Repeat this set of changes for each block of entries until you reach the bottom of the list. When finished, click Apply and OK.

SQL Server Dynamic TCP Ports

SQL Server Dynamic TCP Ports

When this is done, you will need to restart the SQL Server Service on the Secondary Site server. You can do this from within the same console by selecting SQL Server Services near the top of the left-hand tree-view panel. Then right-click on SQL Server (CONFIGMGRSEC) and select Restart.

Restart SQL Server

Restart SQL Server

Ready to upgrade? ^

Not so fast! Before you embark on the Service Pack 1 installation on your Secondary Site Server, you should run the SCCM 2012 SP1 Prerequisite Checker. If you recall from Part 2, it may seem unnecessary, but it is still the recommended path to take. Here’s what to do:

  1. Open the SCCM 2012 SP1 installation media (DVD drive, USB thumb drive), or make note of the UNC path to access it from a network share or whatever. Make SURE this is the media which includes SP1! Do not use the RTM installation media for this.
  2. Open a CMD console with administrator rights.
  3. Navigate to the folder: SMSSETUP\bin\x64.
  4. Enter the following command expression: prereqchk.exe /SEC <FQDN> /INSTALLSQLEXPRESS /Ssbport 4022 /Sqlport 1433

Where <FQDN> is the fully-qualified domain name of your Secondary Site server.

For example: If your Secondary Site server is named “S01” and resides on the “” domain:

prereqchk.exe /SEC /INSTALLSQLEXPRESS /Ssbport 4022 /Sqlport 1433

SCCM 2012 SP1 Installation Prerequisite Check

SCCM 2012 SP1 Installation Prerequisite Check

The two warnings are caused by the 4 GB of memory allocated to my Secondary Site server virtual machine. For a lab/testing environment this can be ignored, but in a production environment you should follow the recommended guidance from Microsoft to ensure you are running in a supported configuration.

Ready to upgrade! ^

Now that everything appears to be ready to go, it’s time to run the Service Pack 1 upgrade. Again, you do this from within the management console connected to the parent Primary Site. Select the Secondary Site, and click the Upgrade link in the Ribbon menu bar. Confirm by clicking Yes to proceed.

Ready to upgrade

Ready to upgrade

You have chosen to upgrade secondary site

You have chosen to upgrade secondary site

When you click Yes, you should see the State value change from Active to Upgrade. It will remain that way until you refresh the view after the upgrade is finished. However, I strongly recommend you click the Show Install Status link in the Ribbon menu, to view the processing log as it runs. The downside to this viewer is that, unlike the CMTrace.exe utility, it does not automatically refresh. You have to manually click Refresh to update the view. Either way, the processing log results are a crucial means for making sure things are working correctly, and when they’re not, it shows enough detail to point you towards the root cause.

Log files you will want to inspect during and after the upgrade process will be found in the root of the C:\ drive on the site server. They include ConfigMgrPrereq.log and ConfigMgrSetup.log. Both of these are very helpful and will become second-nature to you when installing and upgrading site servers.

Configuration Manager logs

Configuration Manager logs

When the upgrade process is finished, the log (when viewed in the Show Install Status viewer) should have only green marks for each task, with the top-most entry indicating a successful upgrade.

Secondary Site Installation Status 2

Secondary Site Installation Status 2

Back in the main console view, click the Refresh link and you should see Active in the State column for the Secondary Site. If you enabled the display of the Build Number, it should also show 7804 after the refresh. You are done with the upgrade for this Secondary Site!

Configuration Manager Build 7804

Configuration Manager Build 7804

Resources ^

Coming up next ^

In the next article (Part 4), I will cover the various ways you can upgrade your Configuration Manager 2012 Clients to Service Pack 1.

Articles in series

Configuration Manager (SCCM) 2012 SP1 upgrade

  1. Luis 9 years ago

    My upgrade is failing, the following error occurs: Failed to connect to the sql server.
    Remembering that I can do the telnet port on all sql servers and I can connect remotely to the bank.
    Thanks, awaiting aid

  2. David Stein 9 years ago

    I appreciate the feedback, but I’m not really a substitute for “real” tech support. It sounds like you need to walk through the basics, such as, verifying the security settings on the database itself, connectivity to the SQL host server, credentials being used and so on.

  3. Fred 9 years ago

    Hi David,

    Great article, I have just one question – when updating the DB of the Secondary Site, which Update do I use? Does the SQL Server 2008 R2 SP1 CU6 Hotfix also apply to Server Express? I have 10.51.2500 installed which is SQL 2008 R2 Express SP1. I can’t find any CU6 directly appling to this SQL Epress version 🙁



Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account