Three times a week (Monday/Wednesday/Friday), John Savill tackles your most pressing IT questions.
Understanding upgrade ability around Windows 10 and Windows Server 2016 plus a neat trick to update certificates with ADFS farms!
Q. Is there a simple way to update to a new certificate on an ADFS farm including Web Application Proxy?
Dept - Windows Server
A. When a farm of ADFS servers with Web Application Proxy acting as ADSF proxy it can be a fairly lengthy process to update to use a new certificate. Fortunately Azure AD Connect now provides a method to update the certificate used across the entire ADFS farm and Web Application Proxy instances. Ensure you have the latest version of Azure AD Connect, have an updated certificate to be used (with private key) saved to a pfx file (which must have at least 30 days left before expiry). Launch Azure AD Connect, select the "Update AD FS SSL Certificate" option and select the ADFS server farm. You can select specific servers to update and the wizard will take care of the rest.
Q. Can I perform an in-place upgrade from Windows Server 2016 RTM to 1709?
Dept - Windows Server 2016
A. The only version of 1709 available for regular Windows Server installations is Server Core (Nano is available only as an updated Docker OS image). If you have an existing Server Core deployment of Server 2016 RTM you cannot perform an in-place upgrade to 1709. This is because the RTM is the Long Term Servicing Channel while 1709 is Semi-Annual Channel. Instead a fresh installation of 1709 Server Core must be performed and workloads migrated.
Q. When upgrading to a new Semi-Annual Channel of Windows 10 do you have to upgrade through every version or can you skip?
Dept - Windows 10
A. You can upgrade directly between builds of Windows 10, for example you don't have to upgrade from 1511 to 1607 to 1703 to 1709 and instead could just go 1511 to 1709 directly.