Site server high availability in Configuration Manager

The release of ConfigMgr 1806 introduced the concept of high availability of the Site server by adding an additional primary site as passive node.
This post takes you through a step by step journey in configuring a highly available Site Server.
Here's a high-level architecture overview of the configuration which depicts a remote SQL AlwaysOn availability group hosting the ConfigMgr database and a remote shared Content Library.

 

Prerequisites

• The site server in passive mode can be on-premises or cloud-based in Azure.
  
• Both site servers must be joined to the same Active Directory domain.
  
• The site is a standalone primary site.
  
• Both site servers must use the same site database, which must be remote each site server.
  
  • Both site servers need sysadmin permissions on the instance of SQL Server that hosts the site database.
    
  • The SQL Server that hosts the site database can use a default instance, named instance, SQL Server cluster, or a SQL Server Always On availability group.
    
  • The site server in passive mode is configured to use the same site database as the site server in active mode. The site server in passive mode only reads from the database. It doesn't write to the database until after it's promoted to active mode.
    
• The site content library must be on a remote network share. Both site servers need Full Control permissions to the share and its contents.
  
  • The site server can't have the distribution point role. The distribution point also uses the content library, and this role doesn't support a remote content library. After moving the content library, you can't add the distribution point role to the site server.
  • Create a Shared Folder
  • Add the System/Computer Accounts of the both the Site Server (Active and Passive) with full permissions to this share.
    
  • Open ConfigMgr Console > Administration > Site Configuration > Sites
  • Click Manage Content Library from the ribbon menu
    
  • From the dialog, specify a folder inside the share (Not the root of the share) and click Move.
    Selecting the root of the share will result in the following error - CContentDefinition::SyncFolder failed; 0x800700a1    SMS_DISTRIBUTION_MANAGER
    
    
  • The console will show the move in-progress. You can also refer to the DistMgr.log
    
• The site server in passive mode:
  
  • Must meet the prerequisites for installing a primary site.
    
  • Must have its computer account in the local Administrators group on the site server in active mode.
    
  • Installs using source files that match the version of the site server in active mode.
    
  • Can't have a site system role from any site prior to installing the site server in passive mode role.
    
    
• Both site servers can run different OS or service pack versions, as long as both are supported by Configuration Manager.
  
  

  Passive Site Server - Prerequisites

  Operating System:

  The passive site server can run any supported OS and doesn't need to match the existing Primary Site Server OS.
  This enables the scenario where you might want to move to a new OS for your Primary Site without performing an in-place upgrade or a backup/restore.
  

  OS Features and ADK

• Download and Install ADK
  

Install the following features –

• Remote Differential Compression
• Remote Server Administration Tools > Windows Server Update Services Tools [WSUS sync will fail without this]
  

Permissions:

Add the System/Computer account of the Passive Site Server to the following locations –

• Content Library Share – In case you missed from the previous step of moving the content library.
• Administrators Group of Active/Current Primary Site Server.
• Administrators Group of SQL Server (All nodes for SQL Clusters/AlwaysOn).
• SMS Admins group on all SMS Providers.
• System Management Container in AD.
• SysAdmin on SQL Server (All nodes for SQL AlwaysOn). – Follow the instructions below –
  • Launch SQL Server Management Studio
  • Expand Security and select the machine account of the current Active Primary Site (Contoso\CM1$)
  • Right click and choose Script Login as > CreateTo > New Query Editor Window
    
  • Replace the computer account of the Active Primary Site to the Passive Primary Site and click Execute.
    
  • Expand Databases > ConfigMgr DB CM_P01 > Security
  • Select the machine account of the current Active Primary Site (Contoso\CM1$)
  • Right click and choose Script Login as > CreateTo > New Query Editor Window
    
  • Replace the computer account of the Active Primary Site to the Passive Primary Site and click Execute.
    

Add a site server in passive mode

For more information on the general process of adding roles, see Install site system roles.

1. In the Configuration Manager console, go to the Administration workspace, expand Site Configuration, select the Sites node, and click Create Site System Server in the ribbon.
   
2. On the General page of the Create Site System Server Wizard, specify the server to host the site server in passive mode. The server you specify can't host any site system roles before installing a site server in passive mode.
   
3. On the System Role Selection page, select only Site server in passive mode.
   
   Note

   The wizard performs the following initial prerequisite checks on this page:
   

   • The selected server isn't a secondary site server
   • The selected server isn't already a site server in passive mode
   • The site's content library is in a remote location

   If these initial prerequisite checks fails, you can't continue past this page of the wizard.
4. On the Site Server In Passive Mode page, provide the following information that's used to run setup and install the site server role on the specified server:
   
   • Choose one of the following options:
     
     • Copy installation source files over the network from the site server in active mode: This option creates a compressed package and sends it to the new site server.
       
     • Use the source files at the following location on the site server in passive mode: For example, a local path to which you already copied the source files. Make sure this content is the same version as the site server in active mode.
       
     • (Recommended) Use the source files at the following network location: Specify the path directly to the contents of the CD.Latest folder from the site server in active mode. For example, \\Server\SMS_ABC\CD.Latest where "Server" is the name of the site server in active mode, and "ABC" is the site code.
       
   • Specify the local path at which to install Configuration Manager on the new site server. For example: C:\Program Files\Configuration Manager
     
5. Complete the wizard. Configuration Manager then installs the site server in passive mode on the specified server.
   

Adding the Passive Site Server system is straight forward.

• Create a new Site System Server from the Administration node.
  
• Browse the desired Passive Primary Site Server FQDN and click Next
  
• From the Role Selection page, choose Site server in passive mode and click Next
  
• Choose your desired option to provide the Source files.
• Specify the Installation directory. [do not choose the root of the Program Files, it must be a directory inside and doesn't needs to be already present]
  
• Click Next to complete and finish the wizard.
  
• Validate the progress in the FailOverMgr.log

The Scheduler and Sender creates job to copy the files to the Passive Site Server. You can also check the ConfigMgrSetup.log on the root of the Passive Site Server.

Refer the Installation Workflow in this link.

• Validate the successful completion on the console. Both the Active and Passive Site Servers with status OK

The following Registry Keys are created which reflects the Passive Site Server –

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Identification
  
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Site Failover
  

Troubleshooting Installation

If you experience issues while installation, let's say you missed a prerequisite and the installation failed, refer the below steps.

• The Console status shows the Passive Site Server as Installation failed. You will get the right click option to Retry Installation
  
• The reason for the failure is available under Monitoring > Site Server Status
• Click on Show Status to view the reason of failure.
  
  
• Once you resolve the issue, click Retry Installation.

Console

The ConfigMgr console is not installed as a part of the Passive Site Server installation and needs to be manually installed.

• Go to Installation directory > Tools > ConsoleSetup folder to initiate the installation.
  
• Connect to the Passive Primary Site Server

Site server promotion

Similarly as with backup and recovery, plan and practice your process to change site servers. Consider the following points in your promotion plan:

• Practice a planned promotion, where both site servers are online. Also practice an unplanned failover, by forcibly disconnecting or shutting down the site server in active mode.
  
• Determine your operational processes during failover, and what to communicate with other Configuration Manager administrators.
  
• Before a planned promotion:
  
  • Check the overall status of the site and site components. Make sure everything is healthy as normal for your environment.
    
  • Check content status for any packages actively replicating between sites.
    
  • Don't start any new content distribution jobs.
    
    Note

    If file replication between sites is in progress during failover, the new site server may not receive the replicated file. If this happens, redistribute the software content after the new site server is active.
    

    Process to promote the site server in passive mode to active mode

    This section describes how to change the site server in passive mode to active mode. To access the site and make this change, you need to be able to access an instance of the SMS Provider.
    

    By default, only the original site server has the SMS Provider role. If this server is offline, you can't connect to the site as no provider is available. When you add the site server in passive mode, the SMS Provider isn't automatically added. Add at least one additional SMS Provider role to your site for a highly available service.

    Tip

    The Configuration Manager console requests the list of available SMS Providers from WMI on the site server. When you install multiple SMS Providers at a site, the site randomly assigns each new connection request to use an installed SMS Provider. You can't specify the SMS Provider location to use with a specific connection session. If your console is unable to connect to the site because the current site server is offline, specify the other site server in the Site Connection window.

    1. In the Configuration Manager console, go to the Administration workspace, expand Site Configuration, and select the Sites node. Select the site, and then switch to the Nodes tab. Select the site server in passive mode, and then click Promote to active in the ribbon. Click Yes to confirm and continue.
       
    2. Refresh the console node. The Status column for the server you're promoting displays in the Nodes tab as Promoting.
       
    3. After the promotion is complete, the Status column shows OK for both the new site server in active mode, and for the new site server in passive mode. The Server Name column for the site now displays the name of the new site server in active mode.
       

    
    
    Its now time to test the Passive Site Server by promoting it as Active.
    

    • Console > Administration > Site Configuration > Sites > Nodes Tab
    • Select Passive Site Server > Right click and choose Promote to Active and confirm.
      
    • Note the change in Status from OK to Promoting (Passive to Active) and Installing for the Active to Passive site.
      
      Subsequent failover will only change to Promoting for the Passive Site as it doesn't need to install any components
      
    • Review the FailOverMgr.log on both the nodes.
    • The Mode (Active/Passive) switches between the two Site Servers and Status to OK.
      
    • The Primary Site Server name changes to the Passive Site Server which we just promoted to Active.
      

    Here's a Flowchart - Promote site server (planned)
    

    Promote Passive Site Server – Unplanned [30-minute delay]

    This will be an actual disaster scenario where the Active Primary Site Server is offline, and you need to promote the Passive Site Server to Active. There is no automatic failover.
    The steps are same as above to switch a Passive Site Server to Active via the ConfigMgr Console.
    Note – There is a 30-minute wait before the Passive Site Server switches to Active mode. Refer the Unplanned Workflow snippet below. The time start when you click Promote Active and not since the server is actually offline which could be longer.
    I had to restart the Site Server to fully initialize and act as an Active Site Server.
    
    

    
    

Limitations

• A single site server in passive mode is supported at each primary site.
  
• A site server in passive mode isn't supported in a hierarchy. A hierarchy includes a central administration site and a child primary site. Only create a site server in passive mode at a standalone primary site.
  
• A site server in passive mode isn't supported at a secondary site.
  
• Promotion of the site server in passive mode to active mode is manual. There's no automatic failover.
  
• Site system roles can't be installed on the new server before you add the site server in passive mode.
  
  Note

  After it installs the site server in passive mode, you can add additional roles as necessary. For example, the SMS Provider, or a management point at a primary site.
• For roles like the reporting point that use a database, host the database on a server that's remote from both site servers.
  
• The SMS Provider doesn't install on the site server in passive mode. Connect to a provider for the site to manually promote the site server in passive mode to active mode. Install at least one additional instance of the provider on another server.
  
• The Configuration Manager console doesn't automatically install on the site server in passive mode.