Deploying updates to passive servers using SCCM 2012 R2



This article shows how to deploy updates to passive servers using SCCM 2012 R2. 


SCCM Server Installation and Configuration

The following conditions must be met by the SCCM server:

  • The SCCM server must be a member of the same domain in which the Primary target server is.
  • The SCCM server must be created and configured before it'll be used to create a cluster, in order to find the Primary server.

For demonstrative purpose, the example SCCM server is configured as follows:

  • IP =
  • FQDN = rk-manager.eng.c
  • site code = RKA.
  • Networking wise, the SCCM server can be configured using 2 NICs. One is configured for internet access and one to access the Active Director. For example:
    • Ethernet0 (configured in a subnet without internet connection):
      • IP address:;
      • Subnet Mask:;
      • Default Gateway:;
      • Prefer DNS server:
    • Ethernet1 configured to an internet access connection.
  • Make sure the SCCM/WSUS is be able to download updates from the Microsoft site before deployment. You might have to disable the Ethernet0 adapter while downloading updates and enable it after for deployment.


Prepare and Install Neverfail Engine

  1. Make sure the Primary target server is in the same domain as the SCCM server.
  2. Install the following features before installing the Neverfail Engine cluster:
    • Background Intelligent Transfer Service (BITS), with:
      • Compact Server
      • IIS Server Extension
    • Remote Differential Compression
    • Remote Server Administration Tools, with:
      • Role Administration Tools, with:
        • Web Server (IIS) Tools
        • Windows Deployment Services Tools
      • Feature Administration Tools, with:
        • BITS Server Extension Tools
    • SNMP Services, with:
      • SNMP Service
      • SNMP WMI Provider
    • BranchCache
  3. Using SCCM, install the Configuration Manager Client on the server.
  4. Make sure the updates are set to Managed by your system administrator in Control Panel > Windows Updates.
  5. Make sure the Configuration Manager is available in Control Panel.
  6. Make sure the Software Center is available in Start Menu > Apps.
  7. Deploy Neverfail Engine and create the cluster.


Configure Neverfail Engine Cluster

  1. Configure the hosts file at c:\windows\system32\drivers\etc:
    • hosts:
      •     rk-manager.eng.cj
      •     rk-manager
    • lmhosts:
      • rk-manager #PRE
      • "SMS_RKA \0x1A" #PRE
      • :MP_001 \0x1A" #PRE
  2. Configure passive node management using the Configure Server Wizard's Management tab:
    • Add a management name and a management IP address; the DNS box needs to be checkedwhen configuring the management IP. For example:
      • passive management name: rk-secondary
      • management IP:


Enable Passive Node Patching

Configure the SCCM Server

  1. Update the 'hosts' file at c:\windows\system32\drivers\etc using the IP address and name of the server that was configured with management names and IPs. For example:
    •     rk-secondary
  2. Launch the SCCM an navigate to AdministrationSite Configuration > Servers and Site System Roles:
    • Create a System Server; this should be done for each server in the cluster (it is not needed for the active).
    • Name: use the management name (e.g. rk-secondary.eng.cj).
    • The FQDN: use the management IP (e.g.
    • Setup the account using the 'New Account' option.
    • The account needs to be one that can be used to acces SCCMand the passive server, for example the domain Administrator account.
    • In Verify > Network share: type the path \\passiveManagementName\Admin$ (e.g. rk-secondary\admin$) and browse.
    • Test the connection.


  1. Add Distribution point.
  2. Select Install and configure IIS if required by Configuration Manager.
  3. Select Enable and configure BrandCache for this distribution point.
  4. Description: passive server name (e.g. rk-secund)
  5. DO NOT enable pull content from other distribution points (not supported).
  6. Add local boundary groups.
  7. Finish the configuration.

The SCCM will add the machine in Assets and Compliance > Devices in somewhere between a couple of minutes and a few hours, depending on the connection. 



Updates deployment will not be immediate. It can take several minutes to start, but the process can be accelerated by running the Software Uptest Scan Cycle from each server in the cluster. This option can be found in Control Panel > All Control Panel  Items Configuration Manager > Actions.

This method can be used to also manage the Primary server while in the passive state.

The active server is managed by using the original name, while the passives using the management name.



0 out of 0 found this helpful



Please sign in to leave a comment.