Share via

HTTPS configuration for SCCM site recovery

dhiraj Rakale 100 Reputation points
2023-08-07T05:54:34.5866667+00:00

Dear All,

We are planning to upgrade OS of SCCM site server from Windows server 2012 R2 to Windows Server 2019 using method of back up and Site recovery. We have configured it to use HTTPS communication. everything is working perfect in existing environment. Below is plan for us to upgrade OS of SCCM site server.

  1. Backup old SCCM site server using SCCM site maintenance task.
  2. Export ConfigMgr Web Server Certificate from site systems that run IIS
  3. Shutdown old SCCM site server and delete entry from AD.
  4. Bring new server with Windows Server 2019 OS and rename to exact the old one, even same IP and DNS. That means same FQDN and IP address as old one. Join to AD.
  5. Configure IIS and all pre-requisites including SQL
  6. Import ConfigMgr Web Server Certificate that was exported at step no 2
  7. Run setup.exe from cd.latest folder which was backup at step no 1.
  8. Use Site recovery method to recover site and database

so my queries here are,

  1. Will export (step no 2) and import (step no 6) of ConfigMgr Web Server Certificate is supported in this approach.
  2. As per my understanding no need to create and issue Client certificate for Windows computers since it is already there on end user devices and we are not changing FQDN of SCCM site server
  3. Am I missing any important steps with respect to configuring certificate for HTTPS communication. Do you think HTTPS communication will break using above steps post site recovery.

Kindly suggest.

Microsoft Security | Intune | Configuration Manager | Deployment
Microsoft System Center | Other
0 comments
Accepted answer
  1. Simon Ren-MSFT 40,346 Reputation points Microsoft External Staff
    2023-08-08T09:04:55.3933333+00:00

    Hi,

    Thank you for posting in Microsoft Q&A forum.

    When you recover site systems that run IIS and you configured for HTTPS, reconfigure IIS to use the web server certificate. Per my experience, yes, exporting and importing the ConfigMgr Web Server Certificate is supported in the approach you described. As long as the FQDN and IP address of the new server are the same as the old one, HTTPS communication should not break post site recovery.

    For more information, please refer to: Recover a Configuration Manager site

    Thanks for your time. Have a nice day!

    Best regards,

    Simon

    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.