Starting with SCCM 1606, a new pre-release feature allows to configure server group settings for a collection. This is a major change that gives much more flexibility to your patch management process as you can coordinate maintenance operation to optimize server up-time.

Server groups permit to define specific collection settings for software updates installation :

  • Allow a percentage of machines to be updated at the same time
  • Allow a number of machines to be updated at the same time
  • Specify the maintenance sequence
  • Configure PowerShell scripts to run custom actions before and after your deployments

How does SCCM Server Groups works ?

The Technet explanation is pretty clear :

When you deploy software updates to a collection that has server group settings configured, SCCM determines how many computers in the collection can install the software updates at any given time and makes the same number of deployment locks available. Only computers that get a deployment lock will start software update installation. When a deployment lock is available, a computer gets the deployment lock, installs the software updates, and then releases the deployment lock when software updates installation successfully completes. Then, the deployment lock becomes available for other computers. If a computer is unable to release a deployment lock, you can manually release all server group deployment locks for the collection.

SCCM Server Group Requirement

Since this is a pre-release feature, after your 1606 upgrade, you must enable the feature manually :

  • Go to Administration \ Site Configuration \ Sites
  • Select your site and click on the Hierarchy Settings icon on the top ribbon

SCCM Server Group

  • In the General tab, check the Consent to use Pre-Release features and click Ok

19772-222

  • Go to Administration \ Cloud Services \ Updates and Servicing \ Features
  • Right-click Pre-Release – Server groups and select Turn On

SCCM Server Group

Create a Collection for a Server Group

The server group settings are configured in the properties of a device collection. To create a collection and configure the server group settings:

  • Create a device collection that contains the desired computers in the server group
  • Go to  Assets and Compliance \ Device Collections, right-click the collection you just created and then select Properties
  • On the General tab, check the All devices are part of the same server group box and  click Settings

SCCM Server Group

  • On the Server Group Settings page, specify one of the following settings:
    • Allow a percentage of machines to be updated at the same time: Specifies that only a certain percentage of clients are updated at any one time. If, for example, the collection has 10 clients, and the collection is configured to update 30% of clients at the same time, then only 3 clients will install software updates at any given time.
    • Allow a number of machines to be updated at the same time: Specifies that only a certain number of clients are updated at any one time.
    • Specify the maintenance sequence: Specifies that the clients in the collection will be updated one at a time in the sequence that you configure. A client will only install software updates after the client that is ahead of it in the list has finished installing its software updates.
  • Specify whether to use a pre-deployment (node drain) script or post-deployment (node resume) script

SCCM Server Group

Deploy Software Updates to the Server Group and Monitor Status

To deploy software updates to the server group collection, you use the typical deployment process. After you deploy the software updates, you can monitor the software update deployment in the SCCM console. In addition to the standard monitoring views for software updates deployment, the Waiting for lock state is displayed when a client is waiting for its turn to install the software updates. You can review the UpdatesDeployment.log file for more information.

Clear the Deployment Locks for Computers in a Server Group

When a computer fails to release a deployment lock, you can manually release all server group deployment locks for the collection. It’s recommended to clear locks only when a deployment is stuck updating computers in the collection and there are computers that are still not compliant.

To clear a deployment lock :

  • Go to Assets and Compliance / Device Collections
  • Right-click the desired collection and select Clear Server Group Deployment Locks

SCCM Server Group

We’ll keep an eye on this feature and hope it makes it to a production feature in the next SCCM release. We’ll update this post if new features are added.

Comments (16)

Zoltan

03.11.2019 AT 09:11 AM
Hi All, Is there anyone who experinced the following? I have a collection with 32 servers, on the collection server group is set up with 100% of allow to be updated at the same time, however only 1 server updating in the same time, the rest have lock state 0. What I would only need in this server group function are the drain and resume script, I don't want to update my server one by one. Any Idea? Thank you! Zoltan

Russ

08.17.2018 AT 09:19 AM
so, how do you turn it OFF? its "on", but not using the setting, yet we have thousands of PC's saying.. "Waiting for turn to start updates." and not installing...

SaiK

10.05.2018 AT 07:02 AM
you can run the following powershell command to find out if you have any collections that have this grouping enabled. if it returns any then go to that collection and uncheck "All devices are part of same server group" Get-CMCollection | Where-Object UseCluster -EQ "True" | Select Name,CollectionID

J Y

12.29.2017 AT 03:25 PM
I hope SCCM will support patching the idled cluster nodes before nodes with resources running. That will avoid the second drain action. Or if the patch order list can be updated via PowerShell I'm okay too. Just need to have a way to update the list ahead of time while my script determines the patch order based on the live cluster info.

Scott S.

10.15.2017 AT 06:21 AM
his is grayed out in the screen shot, so how do you get it to work? Mine is grayed out too.

Joe Rianto

06.26.2017 AT 03:32 AM
any news/update on this specific pre-released feature : server group ? is it worth it to create a case at microsoft, because we are already using it for production environment, but there are still some buggies. for the rest it works perfect short explaination: some clusters are updated fine by this mechanism, others not. what i found out is that some nodes are waiting for the call (status 0 to 1 ) but not getting one(updatedeployment.log), and the rest are not even been written in this table called : Deploy mutex, that should be the case. if they are finished and updated correctly they should be seen in this table with status 2. now we have a couple of nodes that do not have this status 2 or are even not seen in this table. anyone recognize this issue too ? any suggestions/advices/tips.. very appreciated.!

Joe Rianto

06.26.2017 AT 03:58 AM
an update on my first comment: strange behaviour of the server group feature option that has been selected within the collection. i have configured for each cluster a separated collection and for all these "cluster" collections i have choosen for the option "Allow a number of the machines to be updated at the same time" , checking the logs again, 2 nodes of 8 have updated at the same time, while i only gave the number of 1 to update a node per 1 and then boot , (the rest handled by powershell). then the workaround for this issue what i do is , flush the table for this cluster collection , create a temp maintenance window, and let it run again, then it works without any issue.

Jonathan Lefebvre

06.28.2017 AT 08:41 AM
Hi Joe, I've asked recently about the status of Server Groups and there was not much more information available at the time. SCCM team was busy with Windows 10 Upgrades... Feel free to report bugs on Connect. That would sure help! https://connect.microsoft.com/ConfigurationManagervnext/Feedback Jonathan

Joe

06.29.2017 AT 08:25 AM
Hi Jonathan, thanks for the info! i have already created a case at Microsoft premium support. they are working on the case.. will keep ya up-to-date.

jack

02.09.2017 AT 10:41 AM
What if the per-release feature is "on" and the "Consent to use Pre-Release features" was never checked. I did use the Server Group feature. My first take is that it moves through the process to fast. Nodes were rebooting 2-3 minutes apart. Thinking I might want to use the Node drain script to allow more time between patching.

Ravinder Jaiswal

01.30.2017 AT 05:36 AM
Can you paste the scripts to drain and resume nodes

brachus

12.15.2016 AT 02:49 PM
Do you have to deploy the updates to the exact collection where you set the Server Group flag? i.e. We have a update collection for Server 2012 and another for Server 2016 that each have their own ADR.

Just Lurking

06.21.2017 AT 08:01 PM
I'm curious about this too, is it possible to have an ADR deploy to a collection eg: auto update and auto reboot collection that includes collections for server groups? If so, how would it remediate those included collections?

Sam

11.08.2016 AT 11:02 AM
Any recommendations for scripts to drain and resume nodes? We are wanting to use this feature to drain a node, patch that node, then bring resources back, see how the server reacts to patches for a few days, then patch the other node. I've got some Powershell scripts that work great when I'm logged into the server I'm just not sure how the scripting works within this feature. Thanks!

Dooley Do

05.17.2017 AT 10:37 AM
For a standard Windows cluster try these: Suspend-ClusterNode -drain Resume-ClusterNode -Failback Policy Just test these via Powershell first on the nodes then apply to your server group