Update 1803 for Cloud Platform System (CPS) Standard Dell Hybrid Cloud System for Microsoft Dell Engineering April 2018
Revisions Date Description July 2016 Initial release 1605 August 2016 Release 1606 August 2016 Release 1607 October 2016 Release 1608 November 2016 Release 1609 December 2016 Release 1610 January 2017 Revision of instructions for running PUDellEMC February 2017 Release 1611 March 2017 Release 1701 May 2017 Release 1703 May 2017 Release 1703a June 2017 Release 1705 August 2017 Release 1706 September 2017 Release 1707 October 2017 Release 1708 November 2017 Release 1709 Janua
Table of contents Revisions ............................................................................................................................................................................ 2 1 Overview of the Patch and Update framework ......................................................................................................... 5 2 Update 1803—Summary ...................................................................................................................................
WARNING: You cannot run the 1803 Patch & Update framework—1.5—directly without first upgrading your environment to 1703b Patch & Update framework—1.4. You can directly upgrade to 1803 only after the DHCS stamp is at the 1.4 version, P&U 1703b. Also be advised that the addition of any non-DHCS hardware to your system will cause the Patch & Update process to fail. For a workaround to this problem, see Troubleshooting the P&U process, and follow the procedures detailed in Issue 2.
1 Overview of the Patch and Update framework The Dell Hybrid Cloud System for Microsoft includes the Patch and Update (P&U) framework. This framework enables you to easily update the infrastructure components of the Dell Hybrid Cloud System for Microsoft stamp with minimal or no disruption to tenant workloads. The framework automates the installation of software, driver, and firmware updates on the physical hosts and the infrastructure VMs. Note: The P&U framework does not update tenant VMs.
2 Update 1803—Summary Update 1803 for CPS Standard includes updates for Windows Server and other software components. This update includes the following components: 1803 update. This is the main package. It contains Windows Server, System Center, and SQL Server updates. IMPORTANT: Update 1703 is a prerequisite for installing update 1803.
2.2 How to check which update package is installed To check the version of the update package that is currently installed on the stamp, do the following: 1. On the Console VM, open the DeploymentManifest.xml file at the path: C:\Program Files\Microsoft Cloud Solutions\DeployDriver\Manifests. 2. At the top of the file, look for the following entries: “Version=”: This is the version of the Dell-provided update package.
3 1803 Patch and Update Prerequisites You must do the following in order to run the P&U successfully. 3.1 Prepare the patching environment You must first prepare the environment.
3.4 Step 3: Extract the Patch and Update package To extract the P&U package: 1. Download the zip file for the Patch and Update and unzip it to a location that you can access from the Console VM. This location can be locally on the console VM or a remote location accessible via console VM. 2. Log on to the Console VM using the account that is a member of -Setup-Admins. 3. Create a share for the P&U package. a. On the Console VM, create a folder, such as PUShare. b.
9. Select all check boxes except for Computers not contacting the server. 10. Click Next. 11. Restart the Console VM. 3.7 Step 6: (Optional): Exclude external SOFS storage clusters from P&U IMPORTANT: This procedure applies only if you attached external Scale-Out File Server (SOFS) storage clusters to the CPS Standard stamp. If you attached external Scale-Out-File-Server (SOFS) storage clusters to the CPS Standard stamp (for additional workload capacity), you must exclude them from P&U.
With this entry, P&U will skip the external SOFS and corresponding file server nodes. You are responsible for updating these servers outside of P&U.
4 1803 Patch and Update Process IMPORTANT: Be sure to follow the prerequisites listed in the previous section before you run the 1803 Patch and Update process. You must first prepare the environment. This section covers the preparation steps. In the "Update the computers" section of the CPS Standard Administrators Guide, complete "Step 1: Restart the Console VM" and "Step 2: Run a health check and fix any discovered issues." This includes functionality to check for and disable any running backup jobs.
4.1 Step 1: Run the DHCS_Run_First package Run the following instructions from the console server. 1. Execute the DHCS_Update_1803_Run_First.exe file to extract the files from the package. 2. Prepare the first file server. i. Open windows explorer and navigate to \\SoFS-1_Name\C$\Dell ii. Create a subfolder called SrvMgr iii. Copy the contents of \\ConsoleServerName\PUShare\CPSPU_FolderName to \\SoFS1_Name\C$\Dell\SrvMgr 13 Update 1803 for Cloud Platform System (CPS) Standard
3. Prepare the second file server. i. Open windows explorer and navigate to \\SoFS-2_Name\C$\Dell ii. Create a subfolder called SrvMgr iii. Copy the contents of \\ConsoleServerName\PUShare\CPSPU_FolderName to \\SoFS2_Name\C$\Dell\SrvMgr 4. Open up a PowerShell window in administrator mode i. Run the command: Enter-PSSession SoFS-1_Name ii. Navigate to C:\Dell\SrvMgr iii. Run the script .\Install-Patch.
iv. Verify that the patch was installed by running the script .\Get-Version.ps1 v. Exit the session by running the command: Exit-PSSession. 5. Repeat Step 4 on the second file server. 6. You have now completed the first section of the 1803 patch.
4.2 Step 2: Run the 1803 Microsoft P&U package IMPORTANT: You must run the DHCS_Run_First package before you run the 1803 Microsoft P&U package. Because of the size of this package, estimates for deployment duration are 12 to 18 hours. Run the 1803 Microsoft P&U update package by doing the following: 1.
The PowerShell output looks similar to the following screenshot: 7. To cancel the jobs and disable the agents, do the following: a. From an elevated Windows PowerShell session, run the following commands. Press Enter after each command: cd \\CON01\PUShare\\PU\Framework\PatchingUpgrade" Import-Module .\PatchingUpgrade\DPM.psm1 Set-DPMBackupMode -BackupMode Disable -Credential (Get-Credential) b. When prompted, enter the account credentials of the account that you are logged on as.
Note: After Cluster-Aware Updating (CAU) completes, you can click Generate a report on past Updating Runs to view details about what was installed through CAU. If you have the VMM console open, and it reconnects, patching of the VMM server may be in progress. This is expected behavior. 2. To monitor the progress, you can use the following methods: View the verbose output on the screen. View the P&U events in Event Viewer.
minutes. After the Console VM reboots and you log into the machine, please allow a few minutes for the background processes to complete and run the next package. 4. If you disabled DPM agents on the DPM servers earlier, do the following to restart any canceled jobs and enable the DPM agents: a. On the Console VM, make sure that you are logged on as the account that is a member of -Setup-Admins. b. Open an elevated Windows PowerShell session, and run the following commands.
Also, if you do not intend to apply the 1803 Microsoft package immediately, follow the steps in the "Postupdate clean up" section of the Dell Hybrid Cloud System for Microsoft CPS Standard Administrators Guide after you have completed the update. 4.2.1 Run an optional compliance scan If you want to run a compliance scan, pass the following flag: \\SU1_InfrastructureShare1\Framework\PatchingUpgrade\InvokePURun.
2. Verify that the SMA MPs are updated in the SCOM Operations Console a. In the Management Pack list (Administration | Management Packs) verify the version of these files has been updated to 7.2.102.0 b. The updated MPs should show with the names of “Microsoft System Center Service Management Automation Library”, “Microsoft System Center Service Management Automation Dashboards”, and “Microsoft System Center 2012 R2 Service Management Automation”. The version should be 7.2.102.
IMPORTANT: We recommend that you leave the latest update package in the PUShare in case diagnostics or debugging is needed. Also, do not remove the artifacts that were created during patching; for example, the VMM artifacts such as custom resources, and any associated log files, Windows Installer packages (.msi files), or patch files (.msp files). 4.
If you see this message, close the current Windows PowerShell session, open a new elevated Windows PowerShell session, and repeat steps 2 through 4 to start the health check process. 6. DPM agents on the DPM servers are in an Enabled state. If this is the case, the health check output indicates that you must run the Set-DPMBackupMode script to cancel the jobs and disable the agents. The PowerShell output looks similar to the following screenshot: 7.
iii. iv. In the navigation pane, right-click the cluster name, point to More Actions, and then click Cluster-Aware Updating. In the ClusterName – Cluster-Aware Updating dialog box, click the Log of Updates in Progress tab to monitor what is happening. Note: After Cluster-Aware Updating (CAU) completes, you can click Generate a report on past Updating Runs to view details about what was installed through CAU.
5 Microsoft payload for Update 1803 Payload for Update 1803 Update Details KB Number 890830 4055266 4088876 4088785 Title Windows Malicious Software Removal Tool x64 March 2018 2018-01 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 on Windows 8.
5.1 Troubleshooting the P&U process Issue 1 Symptoms: The P&U install process fails with an SMA MAX Timeout Error: Exception calling "InvokeRunbook" with "2" argument(s): "Max Timeout reached for SMA runbook 'Import-OmManagementPack'. P&U fails after a two-hour timeout waiting for the Runbook to complete. Description: SMA Service is hanging when processing runbooks for P&U, specifically the “Import-OmManagementPack” Runbook.
Issue 2 Symptoms: Exclude external host from P&U. Description: If you have added a physical host to VMM that is not part of the CPS Standard stamp—in this case the stamp includes backup infrastructure—you must exclude the host from P&U. If you do not, P&U will fail. Detection: The P&U process fails after adding a physical host to VMM that is not part of the CPS Standard stamp. Resolution: To exclude an external host from P&U: 1. 2. 3. 4. 5. In the VMM Console, open the Fabric workspace.
If any of the values for “MicrosoftVersion” is not "1.0.1803.18000", you have run into this issue. Resolution: Restart P&U. Issue 4 Symptoms: Failure in P&U during the “CCL” subsystem. Description: This can include updating the Deployment Manifest and running compliance checks. Detection: 1. Open Failover Cluster Manager. 2. Right-click on the CCL cluster and choose More Actions, and then choose Cluster-Aware Updating.
3. Once the Cluster-Aware Updating dialog opens, select Analyze cluster updating readiness. 4. The analyzer runs for a minute or two, and then shows you the results, as illustrated by the following graphic: Under the Title “A firewall rule that allows remote shutdown should be enabled on each node in the failover cluster” you should see a green ‘Passed’ result. If there are any compute nodes that are members of this CCL cluster listed as having failed this test, you have run into this issue.
Resolution: Reboot the affected nodes. After you have rebooted the affected nodes, run Analyze cluster updating readiness again. Once it is in a Passed state, you can rerun the P&U. Issue 5 Symptoms: NVGRE issue. The DellEMC Patch and Update framework does not bypass the “External” custom property of any non-DHCS hardware in the stamp.
} if($ObjectType -eq "Host") { $expectedCustomValue = if($PUCustomPropertyValue.Value -eq "BackupHost") {$customValues["DPMHost"]} else {$customValues[$ObjectType]} } else { Now re-run the DellEMC patch and update framework, and this will bypass the server with the “External” custom property. Issue 6 Symptoms: From the Console VM, the CPS Administrator cannot access the OEM OOB (Out-of-Band Management) webpage through Internet Explorer.
Workaround: 1. To temporarily unblock the issue, delete this registry key value on the Console VM trying to access the F5 Configuration: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SS L\00010002] "Functions"="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WIT H_AES_128_GCM_SHA256_P256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC _SHA256_P256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 256_P256"
6 Dell EMC Payload for Update 1803 Dell Server PowerEdge BIOS R630/R730/R730XD Version 2.7.1 Fixes & Enhancements: o Fixes - None o Enhancements - Updated the Intel Xeon Processor Microcode to address CVE-2017-5715 (http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715 ) - Updated the Intel Xeon Processor E5-2600 v4 Product Family Processor Microcode to version 0x0b00002A. - Updated the Xeon Processor E5-2600 v3 Product Family Processor Microcode to version 0x3C.
-Fixes an issue where a random corner case firmware FMU fault can lead to controller hangs for approximately 15 seconds. Search controller logs for the string "fushionMUErrorIsr: FMU Error Sttus 00040000." -Fixes an issue where SATA drives could randomly return 04/44/00 check condition in a VSAN environment. Search the controller log for the string "Sense: 4/44/00".
- Inquiry comments to Non-Zero LUNs (which are not supported by SATL) would improperly succeed if a FORMAT UNIT was in progress - WRITE SAME command had several issues in which a single command failure could result in subsequent commands being improperly failed o Enhancements - NA Windows Server 2012 R2 Driver version 2.51.15.
Non-expander Storage Backplane Firmware Version 2.25, A00-00 Fixes & Enhancements o Fixes: o - Addresses a problem detecting drive type for 1.8" drives.