Patching with Preferred Servers

Version 4

    Verified Product Versions

    Endpoint Manager 2016.xEndpoint Manager 2017.xEndpoint Manager 2018.x


    This document assumes you already have patching setup and working on your core without preferred servers and know how to configure patch download settings, windows shares and permissions and install and configure IIS on a device if need be.


    Clicking on a photo enlarges it.


    Setup of the Windows Share

    The Preferred Server(Target) will need a windows share setup that clients can access via a UNC path. This location must allow all clients read access and have a mirrored share and file structure that is on the core. For example, if your core patch location to a patch file is:


    That same file must be accessible in with the same share name and path on the preferred server. Example:


    The only difference is the server name.  It is recommended you test the remote location from a client that the windows share is functioning, and you can access the share on the client before continuing.

    If you plan on using content replication through our product the share will also need an account with permissions that have write access to it.


    Note:  If you want clients to download patch files on the preferred server via HTTP or want Macs to use preferred servers you will need to install IIS on each preferred server and setup a virtual directory to the patch location that clients can download from.  This will be discussed later in the document.


    Preferred Server Setup

    In the Ivanti EPM Console, click Tools | Distribution | Content Replication/Preferred Servers.

    Click Add to add a new server, or click an existing entry and click Edit.

    Enter the server information.

    Click Test credentials to make sure the credentials you provided work.

    (Optional) If you want to use IP address ranges to limit which clients you want using this server as a preferred server, click on "IP address ranges" enter the IP addresses and click Add.

    If you will be writing files to this preferred server as well as reading files from it (for capturing images during provisioning for example), enter credentials with read and modify permissions in the "Write" section of the template.

    Click Save.

    It is best practice to enter three entries for each preferred server.  One as the short name, example “PreferredServer”.  One as the FQDN of your environment, example “” and one as the IP address of the server, example “”, as shown in the above photo.



    Content Replication

    Content replication is covered in the following documents:

    How to use Ivanti EPM Content Replication

    How to configure the Preferred Server (Target) for Content Replication

    How to configure the Source for Ivanti EPM Content Replication

    How to configure the Replicator in Ivanti EPM Content Replication


    Patch Location Changes

    You will need to change the patch location to use UNC in the Download Updates > Patch Location settings.  By default preferred servers will only use UNC so both the UNC and Web URL lines must have the UNC share Information.

    HTTP Downloads

    If you are planning to have Macs use preferred servers HTTP downloads must be used.  You must setup IIS on the preferred server sharing the files and configure a virtual directory to the patch location.  More on setting this up can be found in these documents:

    About IIS Virtual Directories and File Permissions for Patch and Compliance Manager

    How to set up Content Replication on a Preferred Server running Windows Server 2012 R2

    How to set up a Preferred Server in IIS 10



    The following documents go over preferred server troubleshooting:

    How to debug why my preferred server config isn’t being used (Preferred server doesn't work)

    How to Verify the Correct Preferred Servers are Being Used by an Agent