Configuration Manager update 2403 is the recently released update for Microsoft Configuration Manager current branch. 2403 update is available as in-console update and is also available soon as baseline version after general availability.
Following is the benefit of in-console update:
In-console updates provides greater flexibility of upgrading the SCCM Current Branch by getting updates of SCCM within SCCM console only.
- You just need to make sure that “Service connection point site system role” should be installed on SCCM to make sure synchronization schedule pull latest updates for SCCM.
- Once you install in-console update on CAS site, updates will be automatically applied to Primary sites. For secondary sites, you need to initiate it manually.
Configuration Manager Supported Versions:
Configuration Manager 2309, 2303 and 2211 are the other supported versions when publishing this post. If you are doing fresh setup of SCCM, you can download and use this Baseline version as baseline media for installation through Volume Licensing Service.
| Version | Availability date | Support end date | Baseline | In-console update |
| 2403 (5.00.9128) | 22 April, 2024 | 22 October, 2025 | Yes | Yes |
| 2309 (5.00.9122) | 9 October, 2023 | 9 April, 2025 | No | Yes |
| 2303 (5.00.9106) | 10-Apr-23 | 10-Oct-24 | Yes | Yes |
| 2211 (5.00.9096) | 05-Dec-22 | 05-Jun-24 | No | Yes |
Servicing Support for Configuration Manager
Microsoft usually releases update for Configuration Manager current branch version 2 times a year. The current version released is 2403 and next one will be version 2409. Previously Configuration Manager updates were released 3 time a year. Check the link for more details on change in cadence for Configuration Manager
Each update is supported for a period of 18 months. For 18 months of lifecycle, initial 4 months are for Security & Critical Updates while next 14 months are for Security Updates only. Above mentioned table can be used to see the servicing life cycle for Configuration Manager updates (supported versions of Configuration Manager including both Baseline and In-console update)
Following link can be used as a reference for supported versions
Upgrade the ADK to the supported ADK version
Make sure to have supported Windows ADK version, following is the table showing support for existing ConfigMgr versions:
| Windows ADK version | ConfigMgr 2211 | ConfigMgr 2303 | ConfigMgr 2309 | ConfigMgr 2403 |
| Windows 11 (10.1.22621) | Yes | Yes | Yes | Yes |
| Windows 11 (10.1.22000) | Yes | Yes | Yes | Yes |
| Windows Server 2022 (10.1.20348) | Yes | Yes | Yes | Yes |
| Windows 10, version 2004 (10.1.19041) | Yes | Yes | Yes | Yes |
If you have any old version of ADK installed, uninstall it first and get the latest version installed as per the mentioned ADK versions in the table.
What’s new in SCCM 2403
For detailed list on what’s new in version 2403 of Configuration, you can follow this What’s new in version 2403
Following are the improvements and new features, important things to be noted down is:
- Microsoft Azure Active Directory rebranded to Microsoft Entra ID
- Automated diagnostic Dashboard for Software Update Issues
- Introducing centralized search box: Effortlessly find what you need in the console!
- Added Folder support for Scripts node in Software Library
- HTTPS or Enhanced HTTP should be enabled for client communication from this version of Configuration Manager
- Windows Server 2012/2012 R2 operating system site system roles are not supported from this version of Configuration Manager
- Support for ARM 64 Operating System Deployment
- Enhancement in Deploying Software Packages with Dynamic Variables
- Upgrade to CM 2403 is blocked if CMG V1 is running as a cloud service (classic)
Following is the Checklist for installing update 2403 for Configuration Manager
Early update ring – Download opt-in script
As Configuration Manager version 2403 has released recently only, it is available for early update ring. We need to opt in for installation, ie we have to download the Version 2403 opt-in script
Once downloaded (EnableEarlyUpdateRing2403.exe), execute it to extract EnableEarlyUpdateRing2403.ps1
Open PowerShell as Administrator, and run following command:
.\enableearlyupdatering2403.ps1 -siteServer <SiteServername>(Replace <SiteServerName> with your SCCM server)
Configuration Manager 2403 will be made available immediately under Updates and Servicing.
Install Configuration Manager 2403 update
Login to SCCM server, open Configuration manager console and navigate to \Administration\Overview\Updates and Servicing, we can see new version available “Configuration Manager 2403” version 5.00.9128.1000.
Downloading should start automatically, if not should Right click “Configuration Manager 2403” and click on download.
The status of the update will soon change from available to downloading. It will download the update in cab format (eed8001a-1fe8-45ce-b689-577e557bf8ea.cab) which can be monitored through dmpdownloader.log and the location of update will be:
D:\Program Files\Microsoft Configuration Manager\EasySetupPayload
Following info you can see in the dmpdownloader.log:
Download content for payload eed8001a-1fe8-45ce-b689-577e557bf8ea
Redirected to URL https://configmgrbits.azureedge.net/release/2403E10/FR_9128.1005/EED8001A-1FE8-45CE-B689-577E557BF8EA/EED8001A-1FE8-45CE-B689-577E557BF8EA.cab
Redirected to URL https://download.microsoft.com/download/d/a/a/daa06e3f-8131-4786-ad90-18a72aced1eb/2403FR/ConfigMgr.Update.Manifest.cab
Once downloaded, cab file will be extracted with in same folder and original cab will be deleted, you will be able to see following folder:
D:\Program Files\Microsoft Configuration Manager\EasySetupPayload\eed8001a-1fe8-45ce-b689-577e557bf8ea
Once update is download, you will see the status as “Ready to Install” for “Configuration Manager 2403”
Run Prerequisite Check
Select “Configuration Manager 2403”, right click and select “Run Prerequisite Check”, the status will change to “Checking prerequisites”. Verify CMUpdate.log for process initiation and verify c:\ConfigMgrPrereq.log for success or failure.
My case the Prerequisite check failed. I found following error while navigating to \Monitoring\Overview\Updates and Servicing Status and click on Show Status to get:
[Failed]:HTTPS or Enhanced HTTP are not enabled for client communication. HTTP-only communication is deprecated and support will be removed in a future version of Configuration Manager. Enable a more secure communication method for the site either by enabling HTTPS or Enhanced HTTP. For more information, see https://go.microsoft.com/fwlink/?linkid=2155007.
[Failed]:Slide Co-Management workload slider for resource access policies towards Intune. Remove the certificate registration point site system role and all policies for company resource access features in Configuration Manager. These features are no longer supported as of March 2022 in Configuration Manager. Company resource access includes email, certificate, VPN, Wi-Fi, and Windows Hello for Business profiles. See https://go.microsoft.com/fwlink/?linkid=2186198 for more details.
After resolving the issues, initiate the Run prerequisite check again.
CMUpdate will show you multiple stages of Prerequisite check which can be seen as SubStageID such as 0xe0005.
Wait for last stage to get it completed.
You will see following in CMUpdate.log:
Content replication succeeded. Start extracting the package to run prereq check...
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xd0005, IsComplete=1, Progress=1, Applicable=1)
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xd0005, IsComplete=1, Progress=25, Applicable=1)
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xd0005, IsComplete=2, Progress=100, Applicable=1)
Running prereq checking against Server [SCCM01.MANBAN.COM] ...
ConfigMgrprereq.log will show:
******* Prerequisite checking is completed. *******
We got the result “Prerequisite check passed”, we can continue with installation now, but in production environment make sure to get rid of any warnings that appears which can be checked through Updates and servicing status.
Initiate Install Update Pack
Open SCCM Console, click on Administration Tab, go to Overview > Updates and Servicing. On right Pane you will be able to see now “Configuration Manager 2403”, from the top ribbon select “Install Update Pack”.
This will launch Configuration Manager Update Wizard, under General page don’t check the box Ignore any prerequisite check warnings and install this update regardless of missing requirements. Click Next.
Under Features included in update pack page, select the options you want to enable or leave it as default. You can enable this at later stage as well. Click Next
Under Client Update Settings page, select Validate in pre-production collection and select the collection used for this so that you can test new client agent on few systems before rolling out in production. Click Next.
Under License Terms page, check the box “I accept these License Terms and Privacy Statement”. Click Next.
Under Cloud Attach page, check the box “Enable uploading Microsoft Defender for Endpoint data for reporting on devices uploaded to Microsoft Intune” and click Next.
You will get completion status, click on Close to exit.
Under SCCM Console, you will see the installation status showing as Installing.
You can monitor the installation through Monitoring \ Overview \ Updates and Servicing Status and through CMUpdate.log.
Navigate to \Monitoring\Overview\Updates and Servicing Status, select Configuration Manager 2403, right click and select Show Status.
Installation Status will show the installation progress.
After waiting for some time, Update Pack installation status will show success in cmupdate.log with message:
Content replication succeeded. Start extracting the package to run prereq check...Update pack install status will show the upgrade has been completed.
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xe0005, IsComplete=2, Progress=100, Applicable=1)
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xe0006, IsComplete=1, Progress=1, Applicable=1)
MonitorDrsReplication waiting for server to be in replication active state for maximum 1800 second .
check current replication details
successfully detected the site server is in ReplicationInactive state.
Successfully reported ConfigMgr update status (SiteCode=MAN, SubStageID=0xe0006, IsComplete=2, Progress=100, Applicable=1)Once installation is done, and you try to open the SCCM console, this will ask you to update your console with version 5.2309.1113.1000. Click on Ok to initiate download and install.
Download of Adminconsole.msi will happen at following location:
C:\Program Files (x86)\ConfigMgr10\AdminconsoleSetup\{964BCF44-03E0-4AF3-BEBF-C4806BEE4595}
Adminconsole.msi will be visible which will be executed automatically.
Downloading & installation of console can be verified through log file:
c:\ConfigMgrAdminUISetup.log
c:\ConfigMgrAdminUISetupVerbose.log
Once completed you can verify the site version and control version (by clicking on top left of the SCCM ribbon and selection option “About Configuration Manager”.
Version 2403
Console Version: 5.2403.1165.1000
Site Version: 5.0.9128.1000
Navigate to \Administration\Overview\Updates and Servicing, we can see Configuration Manager 2403 showing status as “Installed”
Client Update
We can see the Production client version is 5.00.9106.1000 and Pre-production client version is 5.00.9128.1005 under \Administration\Overview\Site Configuration\Sites.
Updated client version (5.00.9128.1005) is currently Pre-production client version which is targeted on collection “Pilot Client” as we selected during installation Phase. Under Hierarchy Settings Properties, we must make sure to check the box “Upgrade all clients in the hierarchy using production client”
Source of this client version is created in StagingClient under Microsoft Configuration Manager Folder:
Promote Pre-production Client
If you want to promote the Pre-production client in production environment, then navigate to \Monitoring\Overview\Client Status. Right click Pre-production Client Deployment and select Promote Pre-production Client.
Promote Pre-production Client window will appear, click on Promote to replicate the changes in the environment using new SCCM client package.
Update Boot image
For better support with your boot images, it is recommended to update the client version in boot image as well, though old one will also work fine. Benefit of having latest client version in boot image is better support and compatibility.
Navigate to \Software Library\Overview\Operating Systems\Boot Images, select the boot image and click Update Distribution Points. You will be represented with current Windows ADK version and current client version and showing the old client version as well.
You don’t require to select “Reload this boog image with the current Windows PE version from the Windows ADK”, this option is only required when you have updated the ADK.
The consequences of reloading the boot image is, you are going to loose all kind of customization done (if any) within the boot image such as injecting MsDart binaries, increasing smsts.log file size using smsts.ini etc, everything will be lost. For more info on find the link on Customize boot image
Once the Boot Image is updated, you can see the Client Version changes from 5.00.9106.1000 to 5.00.9106.1000
Important Links
What’s new in version 2403 – Configuration Manager | Microsoft Learn
Checklist for 2403 – Configuration Manager | Microsoft Learn
Updates and servicing – Configuration Manager | Microsoft Learn
Discover more from SCCM | Intune | Device Management| Enterprise Mobility & Security
Subscribe to get the latest posts sent to your email.
For http/https error: follow the link: https://learn.microsoft.com/en-us/mem/configmgr/core/servers/deploy/install/list-of-prerequisite-checks#enable-site-system-roles-for-https-or-enhanced-http
How you fixed the prerequisites errors. I am getting the same errors