In previous posts, Windows Server Updates Services server, SUS01, was added to a virtual machine manager console and create Updates Baselines in VMM. Now, I'd like to scan and apply Windows Updates to a host which is managed by VMM01.
Goal
- Applying Windows Updates to a Hyper-V host
- Create and delete exemption of Windows Updates
Lab environment
The lab environment is based on "Adding Windows Server Update Service for System Center Virtual Machine Manager 2012 R2 environment" and "Creating update baselines in System Center Virtual Machine Manager 2012 R2".
Lab
Checking compliance of a host
1. On VMM01, log in as VMMAdmin.
2. Launch "Virtual Machine Manager Console".
3. Select "Use current Microsoft Windows session identity" option, click "Connect".
4. On "Virtual Manage Manager", select "Fabric".
5. Select "Servers".
6. On the "Home" menu, click "Compliance".
7. Expand "hv02.test.tls1.lab".
There are 2 updates baselines which were assigned to hv02 last time.
8. On the "Home" menu, click "Scan".
As this moment, all "Compliance Status" of HV02 are "Non Compliant".
9. On the "Home" menu, click "Compliance Properties".
"Compliance Properties" window displayed which Windows Updates are Non Compliant.
We will create an exemption later.
10. Click "OK".
Applying Windows Updates to a host
After scanning, we can apply the Windows Updates to a host.
1. Still in VMM console, on the "Home" menu, click "Remediate".
Remark: Administrators can select one of Updates Baselines and then click "Remediate".
On "Update Remediation" window, all Windows Updates have been checked.
2. Un-check all Windows Updates.
3. In my lab environment, I check "KB2969339".
4. Check "Do not restart servers after remediation".
5. Click "Remediate".
The Windows Update is applying to HV02.
After applying the Windows Update, Virtual Management Server scans HV02 again. However, the "Compliance Status" is still "Non Compliant" because we don't apply all Windows Updates to HV02.
Remark: For applying Windows Update to Hyper-V cluster, administrators can select "Live migration" or "Save state" option for virtual machines.
By default, VMM places each host in maintenance mode before it remediates updates in the host. if you want to bypass maintenance mode, check "Allow remediation of clusters with nodes already in maintenance mode".
Create and Remove Update Exemptions for Windows Updates
1. Still in VMM console, select "Critical Updates 06-2014 for Hyper-V hosts 2012 R2".
2. Click "Compliance Properties".
3. On "Compliance Properties" window , check all "Non Compliant" update under "Critical Updates 06-2014 for Hyper-V hosts 2012 R2".
4. Click "Create".
5. On "Create Exemption" window, administrators can enter some notes before clicking "Create".
The "State" of Windows Updates is changed to "Exempt".
6. Click "OK".
As a result, the "Compliance Status" of "Critical Updates 06-2014 for Hyper-V hosts 2012 R2" is "Compliant".
To delete exemption of Windows Updates, check the Windows Update in "Compliance Properties" window and then click "Delete".
Remark: By default, there is no option to configure "Synchronize Update Server" schedule. Administrators may need to press it manually or create a schedule job to perform "Start-SCUpdateServerSynchronization" cmdlet.
More information
This posting is provided “AS IS” with no warranties, and confers no rights!
No comments:
Post a Comment