A WordPress.com site dedicated to System Center and Cloud Management

Posts tagged ‘WSUS’

Patching Hyper-V Hosts with SCVMM 2012 R2 – Part 3: Update Baselines

In the last post we performed additional configurations. In this post we will create and configure Update Baselines to apply updates to our Hyper-V cluster.

Update Baselines

Launch the VMM console, if it isn’t already open, and navigate to Library > Update Catalog and Baselines Update Baselines.

Config Baselines - 01 - Update Baselines

You should see two built-in baselines named Sample Baseline for Security Updates and Sample Baseline for Critical Updates.

Config Baselines - 02 - Sample Baselines

Click on the Sample Baseline for Security Updates.

In the top menu, click Properties.

Config Baselines - 03 - Baseline Properties

In the Baseline Properties dialog, select the Updates menu from the left. This will list the updates that are a part of this baseline. From here you can Add/Remove Updates.

Config Baselines - 04 - Baseline Properties - Updates

Next, click on the Assignment Scope menu on the left. From here you can select host groups, host clusters, and computers to add to the baseline. After you have made your changes/assignments, click OK.

Config Baselines - 05 - Baseline Properties - Assigment Scope

You can also create your own Baseline, by clicking on Create > Baseline from the top menu.

Config Baselines - 06 - Create Baseline

Host Compliance

Now that we have a Baseline assigned to our Hyper-V Host, let’s examine the Host’s compliance.

Navigate to Fabric > Host Group > and select a Host.

Config Baselines - 07 - Fabric - Host Group

Config Baselines - 08 - Fabric - Host

Click on the Compliance button in the top menu, and then click Scan to initiate the compliance check.

Config Baselines - 09 - Host Scan

Once the Compliance Scan has completed, the console will show the Compliance Status for the Host(s) scanned.

In my Lab example, my Host is showing as “Non Compliant”.

Config Baselines - 10 - Scan Results

At this point, you can click on the Remediate button from the top menu. This will launch the Update Remediation dialog. Within this dialog, you can select the Update(s) to apply to Host(s) to bring it into compliance, and then click Remediate.

Config Baselines - 11 - Update Remediation

SCVMM will now initiate its automated workflow that will do the following:

  1. Start Maintenance Mode on the Host, which will Live Migrate the VMs to another node in the Hyper-V Cluster
  2. Install any updates required to become Compliant
  3. Reboot the Host
  4. Re-check if the Host computer is now compliant
  5. Stop Maintenance Mode on the Host
  6. Repeat all 5 steps on each node in the cluster

Config Baselines - 12 - Remediation Complete

This concludes this series on Patching Hyper-V Hosts with SCVMM 2012. As always, if this post helped you in any way, and you would like to show your appreciation, please rate it, comment on it, and share it with others. Also, feel free to contact me (via the About Me page) with requests for future articles.

Patching Hyper-V Hosts with SCVMM 2012 R2 – Part 2: Additional Configurations

In our last article we reviewed and setup the Prerequisites. In this article, we will finish with WSUS configuration, synchronize the updates, and connect WSUS to VMM.

Synchronize Updates

Now that we have WSUS installed, we need to sync updates with Microsoft.

Start by launching the Windows Server Update Services console.

Sync Updates - 01 - Launch WSUS Console

The WSUS Console may take a moment to load, but eventually you should see the following.

Sync Updates - 02 - WSUS Console

In the menu on the left, select Options. Within the Options menu in the center, click on Products and Classifications.

Sync Updates - 03 - Options - Products and Classifications

On the Products and Classifications dialog, only enable the updates you require, then click OK. For example, if you only have Windows Server 2012 R2 Hyper-V Hosts, you will not need to sync the updates for Windows Server 2003, etc. So do not synchronize these ones. The same principal applies to the Classifications as well.

Sync Updates - 04 - Options - Products

Sync Updates - 05 - Options - Classifications

Back in the WSUS Console, select Synchronizations in the menu on the left, and  then in the Actions menu on the right, click Synchronize Now. It will take a while for the metadata from Microsoft to be sync’d with the WSUS server.

Sync Updates - 07 - Synchronizations - Complete

Now that the Updates are synchronized, we can move onto the next part.

Install WSUS Console on VMM Server

Unless you installed WSUS on the VMM server, you will need to install the WSUS Console on the VMM Management Server in order for it to be able to communicate with, and thus use WSUS for updates.

You can download the Windows Server Update Services 3.0 Service Pack 2 installation files from the following location: http://www.microsoft.com/en-us/download/details.aspx?id=5216.

Important: If you are following these steps on Windows Server 2012, you cannot install the WSUS Console with this installation file. Rather, you have to use the Add Server Roles and Features option instead (Features > Remote Server Administration Tools > Role Administration Tools > Windows Server Update Services Tools > User Interface Management Console).

Install WSUS Console on WS2012

When you run this installation file, ONLY choose the Console option, and not any server-components.

After the WSUS Console has been installed on the VMM Management Server, you will need to restart the System Center Virtual Machine Manager Service.

VMM Service

Connect VMM To WSUS

Now that we have the WSUS Console installed on the VMM Management Server, and have restarted the VMM Service, start by launching the VMM Console.

Navigate to the Fabric Workspace, expand Servers > Infrastructure and select Update Server.

VMM Console - Fabric - Update Server

Either from the top menu (via Add Resources > Update Server), or by right-clicking on Update Server (Add Update Server), launch the Add Windows Server Update Services Server dialog.

Add Resources - Update Server

Add Update Server (Right-Click)

On the Add Windows Server Update Services Server dialog, provide the details about your WSUS Server (FQDN Name, and TCP Port). If you performed the default installation of WSUS, and are using the default Web Site configuration, the TCP port should be set to 80. You can also specify to use an existing Run As Account, or provide credentials to the WSUS Server to SCVMM. After supplying all this information, click Add.

Add Windows Server Update Services Server

After the WSUS server is successfully added in SCVMM, you will be able to manage the WSUS settings from the SCVMM console (i.e. the Update Products, Classifications, etc.).

Update Server Added

Update Server Added - Console

In the next part of this series, we will Create Update Baselines and apply updates.

Patching Hyper-V Hosts with SCVMM 2012 R2 – Part 1: Prerequisites

Recently, I assisted a client that was experiencing an issue/error with SCVMM. The client was using SCVMM 2008 R2. Although the issue eventually was resolved, I took the opportunity to educate the client on some of the enhancement/improvements with the SCVMM 2012 product. One of the best improvements with the product is the ability to patch your Hyper-V hosts (whether they are in a cluster or not).

We’ve all been on that Operations  team, where someone will get stuck with the after-hours/weekend task of patching the Hosts; involving the routine of migrating the VMs off the Host, patching/rebooting (maybe even multiple times), then migrating the VMs back over. Lather, rinse, repeat; until the cluster was fully patched. And this would go on, month after month, year after year.

Now, SCVMM 2012 will do this automatically for you! So, let’s show you what you need to setup this up, and how to use it.


System Centre Virtual Machine Manager

You will first need SCVMM 2012 installed. If you need some guidance on how to install the product, take a look at my SCVMM 2012 SP1 Install & Config Guides to get you started.

Windows Server Update Services

You will also need to have a WSUS server. This can either be the WSUS Server Role installed on the SCVMM server, a dedicated WSUS server, or even share the WSUS server that SCCM uses (if you are using SCCM, and it’s Patch Management).

Install the WSUS Server Role

Log on to the server on which you plan to install the WSUS server role by using an account that is a member of the Local Administrators group.

In Server Manager, click Manage, and then click Add Roles and Features.

Server Manager - Add Roles And Features

On the Before you begin page, click Next.

Install WSUS - 02 - Before You Begin

In the Select installation type page, confirm that Role-based or feature-based installation option is selected and click Next.

Install WSUS - 03 - Installation Type

On the Select destination server page, choose where the server is located (from a server pool or from a virtual hard disk). After you select the location, choose the server on which you want to install the WSUS server role, and then click Next.

Install WSUS - 04 - Server Selection

On the Select server roles page, select Windows Server Update Services. Add features that are required for Windows Server Update Services opens. Click Add Features, and then click Next.

Install WSUS - 05 - Server Roles

Install WSUS - 06 - Add Features

On the Select features page. Retain the default selections, and then click Next.

Important: WSUS only requires the default Web Server role configuration. If you are prompted for additional Web Server role configuration while setting up WSUS you can safely accept the default values and continue setting up WSUS.

Install WSUS - 07 - Features

On the Windows Server Update Services page, click Next.

Install WSUS - 08 - WSUS

On the Select Role Services page, either leave the default selections or change “WID Database” to “Database” (if you want to use a SQL Server), and then click Next.

Tip: You must select one Database type. If the database options are all cleared (not selected), post installation tasks will fail.

Install WSUS - 09 - Role Services

On the Content location selection page, type a valid location to store the updates. For example, you can create a folder named WSUS_Updates at the root of a drive. Type this directory as the valid location (i.e. D:\WSUS_Updates). Then click Next.

Install WSUS - 10 - Content

If you changed the “WID Database” selection to “Database”, you will then be presented with the Database Instance Selection page. On this page, provide a SQL Server and Instance Name, then click ‘Check Connection‘. Only after a successful connection is made, will you be able to click Next.

Install WSUS - 11 - DB Instance

The Web Server Role (IIS) page opens. Review the information, and then click Next.

Install WSUS - 12 - Web Server Role

In Select the role services to install for Web Server (IIS), retain the defaults, and then click Next.

Install WSUS - 13 - Role Services

On the Confirm installation selections page, review the selected options, and then click Install. The WSUS installation wizard runs. This might take several minutes to complete.

Install WSUS - 14 - Confirmation

Once WSUS installation is complete, in the summary window on the Installation progress page, click Launch Post-Installation tasks. The text changes, requesting: Please wait while your server is configured. When the task has finished, the text changes to:Configuration successfully completed. Click Close.

Install WSUS - 15 - Results

In Server Manager, verify if a notification appears to inform you that a restart is required. This can vary according to the installed server role. If it requires a restart make sure to restart the server to complete the installation.

In the next part of this series, we will go through some Additional Configurations required.

Tag Cloud

%d bloggers like this: