Offline Servicing in SCCM is the process through which you can inject software updates in your operating system WIM files.

This process can alleviate your build and capture yearly/bi-yearly WIM updates that you most likely run in your enterprise. However, as much as this process is great to shorten your gold image updates, it’s still not perfect. Why? The answer is quite simple. Even if your gold image contains products such as Microsoft Office, offline servicing will not apply Office patches even though these are downloaded to your Software Update Point. Only core Windows applications can get patched through this process.

What are the type of core applications that you can apply patches to? Obviously, Windows, Internet Explorer, .Net Framework and so on and so forth. (also called CBS, for Component Based Servicing)

SCCM Offline Servicing Overview

Here’s what happens in the background when you start the SCCM Offline servicing process :

  1. SMS_Executive starts the SMS_Offline_Servicing_Manager either via a schedule or manually, depending on how you configured it
  2. SCCM copies your WIM in a temporary folder
  3. The WIM gets mounted (or extracted if you will) to a mount directory
    • By using DISM the Offline Servicing will attempt to see if a given software update is applicable (installed or not) to your WIM file. If not, it injects it
  4. This gets repeated for all software updates
  5. The image gets unmounted and the WIM is rebuild
  6. A backup of the WIM is created
  7. The new WIM gets copied back to its original location
  8. Your distribution point gets updated (if you chose to update them) or else, you should plan to update them

How to Initiate SCCM Offline Servicing

So now that we have all this theory explained, let’s get our hands dirty. How do we actually do this?

  • From the SCCM console, navigate to Software Library / Operating System / Operating System Images
  • Right click on your image you wish to inject patches to and choose Schedule Updates

sccm offline servicing

  • You can either choose to select all software updates or only a subset. Make sure the correct architecture is selected for your Wim and click Next 

sccm offline servicing

  • Set a Schedule if you want to plan ahead, if not, choose As soon as possible. To your choosing, select to Continue on error and Update the distribution points with the image, click Next

sccm offline servicing

  • Validate your selections and click Close

sccm offline servicing

Monitoring

You can monitor the process via 3 log files :

  • OfflineServicingMgr.log  – ConfigMgrInstallPath\Logs

You can refer to the high level steps above to match the numbers in the screenshots with the steps

  • SMS_Executive calls SMS_OFFLINE_SERVICE_MANAGER (1)

sccm offline servicing

  • A backup is taken (2)

sccm offline servicing

  • WIM file gets mounted (3)

sccm offline servicing

  • Updates get applied (4)

sccm offline servicing

  • WIM gets unmounted (5)

sccm offline servicing

  • The backup copy is moved (6)

sccm offline servicing

  • WIM gets copied back (7)

sccm offline servicing

  • DISM.log  – Windows\Logs\Dism\DISM.log

You can also view the details of what DISM does patch per patch in this log. Take heed though, DISM.log tends to be very chatty/verbosy.

  • DistMgr.log – ConfigMgrInstallPath\Logs

To view your WIM file get distributed on all your DPs.

Here’s to hoping this clears up the whole Offline Servicing for you all!

Comments (14)

thomas chandler

11.07.2019 AT 02:47 PM
I have a windows 64 bit image i'm tring to schedule 4 updates that are listed. it goes through the process, but does not install them. in the update tab is list them as applicable. what can I do to get past this. I get an error fail to install error code 2095 I even try to inject these manaually and I still cannot get them into the image. this is very important that I get these four updates into this image

David Leemans

02.23.2018 AT 10:44 AM
Same problem here (Ent 2016 LTSB wim) : When performing the steps to update the .wim file with the latest Win10 updates, everything looks great: the selected updates are successfully added to the image. And with deployment it all looks good too. But after deploying the TS to a new computyer, for some reason, these same updates that were already slipstreamed in the image will get offered by Software Center again, and the computer will try to install them again. I can’t find out why this happens. When looking at the Update history on this new client computer, the slipstreamed updates are not even there ? Even worse, sometimes SCCM will even try to install older Cumul. Updates for Win10 than the ones already slipstreamed in the wim file? It makes me wonder if I should even bother at all updating my wim file every month, since this is definitely not working the way it is intended. I mean, what's the point of waisting time installing updates on your wim file, if they are being reinstalled again after deployment anyway ? MS needs to fix this.

Glenn Turner

02.12.2018 AT 11:28 PM
Does anyone know how to configure the disk used for mounting the wim? It's trying to use the disk we've installed ConfigMgr on, with 30GB free, instead of the one with 100GB+ free.

Brian

04.30.2019 AT 04:03 PM
Under Administration --> Sites --> Config Site Components --> OS Deployment. Change "Auto" to the drive letter you want to use.

Dan

01.29.2018 AT 11:18 AM
Can I still build machines while the update process is running?

Jordan

01.22.2018 AT 09:52 AM
Hi, I injected updates from 2017-11 to 2018-01 into my 1709 WIM, but when I image a machine I don't see the updates installed and Windows is telling me its missing critical updates. Has anyone else experienced this?

Luke

11.30.2017 AT 02:10 AM
Mine fails when unmounting the image...tried twice now, I'm using SCCM 1706 trying to service a Win 10 1703 image on Server 2012 R2 with latest updates.

AJP

11.16.2017 AT 03:09 PM
Can you update a Windows 10 1703 image (wim file) with updates for Windows 10 1709? Or can you inject updates to raise the 1703 build to 1709?

Jonathan Lefebvre

11.16.2017 AT 10:21 PM
Hi AJP, Why no grab the latest WIM for 1709? I don't think you can upgrade a WIM offline from 1703 to 1709. For sure the offline servicing will not help for this. Jonathan

Unsatisfied

11.01.2017 AT 03:20 PM
I'm still confused as to how to appropriately use this function. I select all the updates, but it seems to be pulling the list of updates from MS? So there's a crap ton of updates that do not at all apply to our environment. And I sure the heck am not going to write down all the updates kb's, and then go through this list one by one unselecting stuff. 😐 You need to fix this Microsoft. I'm getting tired of this half-finished stuff hitting the market.

RAIL_BOY

02.06.2020 AT 01:16 AM
Have you tried using the filter option under the 'Select/Unselect All' checkbox. Just type the OS yo u are using 😉

James Leroux

09.29.2017 AT 07:36 AM
Same here... 1610 wim, aplied the sept rollup via offline servicing... all looked good. Built a machine, and it promptly downloaded and installed the rollup. Not good.

Tapsee

06.22.2017 AT 06:23 AM
I have the same issue what Rob has. Has anybody a solution or a point where i can look?

Rob

05.19.2017 AT 05:20 AM
We have some issues when using this method, I was wondering if you could shed a light. We are deploying windows 10 pro (14393). Our SCCM runs at 1610. When I perform the steps to update the .wim file with the updates everything looks great, DISM logs look good, updates are successfully added to the image. And with deployment it all looks good too. When the deployment is finished, when I run "winver" it shows the correct updated buildnumber (in our case 14393.1198). But then the trouble starts, because for some reason the same updates that were slipstreamed in the image will get offered by Software Center again, and the computer will try to install them again. I can't seem to find out why this happens. It feels like SCCM doesn't detect the updates that were slipstreamed. The only solution for us so far has been to use the non-updated .wim and add a "apply updates" step to our task sequence. Downside is that this takes much longer. Am I overlooking something?