Update 1611 for Cloud Platform System (CPS) Standard Dell Hybrid Cloud System for Microsoft Dell Engineering February 2017
Revisions Date Description July 2016 Initial release 1605 August 2016 Release 1606 August 2016 Release 1607 October 2016 Release 1608 November 2016 Release 1609 December 2016 Release 1610 January 2017 Revision of instructions for running PUDellEMC February 2017 Release 1611 Copyright © 2017 Dell Inc. All rights reserved. Dell and the Dell EMC logo are trademarks of Dell Inc. in the United States and/or other jurisdictions.
Table of contents Revisions ............................................................................................................................................................................ 2 1 2 3 4 5 6 7 3 Overview of the Patch and Update framework ......................................................................................................... 5 1.1 How to check which update package is installed ..................................................................................
WARNING: If you are running 1.0.2 or an earlier version of the Dell Hybrid Cloud System for Microsoft, you cannot run the 1611 Patch & Update framework directly without first upgrading your environment to 1.1 or later. You can directly upgrade to 1.3 only after the DHCS stamp is at the 1.1 version. Also be advised that the addition of any non-DHCS hardware to your system will cause the Patch & Update process to fail.
1 Overview of the Patch and Update framework The Dell Hybrid Cloud System for Microsoft includes the Patch and Update (P&U) framework. This framework enables you to easily update the infrastructure components of the Dell Hybrid Cloud System for Microsoft stamp with minimal or no disruption to tenant workloads. The framework automates the installation of software, driver, and firmware updates on the physical hosts and the infrastructure VMs. Note: The P&U framework does not update tenant VMs.
1.1 How to check which update package is installed To check the version of the update package that is currently installed on the stamp, do the following: 1. On the Console VM, open the DeploymentManifest.xml file at the path: C:\Program Files\Microsoft Cloud Solutions\DeployDriver\Manifests. 2. At the top of the file, look for the following entries: •“Version=”: This is the version of the Dell-provided update package.
2 1611 Patch and Update Prerequisites You must do the following in order to run the P&U successfully. 2.1 Prepare the patching environment You must first prepare the environment.
2.5 Step 4: Copy the manifest file to the SMA server The manifest information has to be present on the SMA server in order for the Patch and Update framework to run successfully. To ensure that the manifest file content is copied over to the SMA server: 1. Open a PowerShell window, making sure you “Run as Administrator”. 2. Browse to the location where you unzipped the Patch and Update Package (C:\PUShare). 3. Run the script called Save-CPSSDeploymentManifest.ps1 . You can find this script at C:\PUShare> .
Engine.Placement.ResourceModel.dll 5. On the VMM node, type powershell to open an elevated Windows PowerShell session, and then run the following commands: Stop-Service SCVMMService Stop-Service SCVMMAgent 6. Verify that the services have stopped. To do this, run the following command: Get-Service SCVMMService Get-Service SCVMMAgent Verify that the status is Stopped. If you are prompted to close the System Center Management Service Host process, click Ignore. 7. In the \\VMM01>\c$\Program Files\Micr
4. In the All Updates pane, in the Approval list, click Any except declined. In the Status list, click Any. Then, click Refresh. 5. Select all updates. 6. Right-click the selection, and then click Decline. 7. In the left pane, expand the server name, and then click Options. 8. In the Options pane, click Server Cleanup Wizard. 9. Select all check boxes except for Computers not contacting the server. 10. Click Next. Setting: All Removable Storage classes: Deny all access \Computer Configuration\Policies\Admi
3 1611 Patch and Update Process IMPORTANT: Be sure to follow the prerequisites listed in the previous section before you run the 1611 Patch and Update process. 3.1 Step 1: Run the 1611 P&U update package PUDellEMC IMPORTANT: You must run the 1611 PUDellEMC package before you run the 1611 Microsoft P0 and Microsoft P1 packages. Run the PUDellEMC update package by doing the following: 1.
If you see this message, close the current Windows PowerShell session, open a new elevated Windows PowerShell session, and repeat steps 2 through 4 to start the health check process. 6. DPM agents on the DPM servers are in an Enabled state. If this is the case, the health check output indicates that you must run the Set-DPMBackupMode script to cancel the jobs and disable the agents. The PowerShell output looks similar to the following screenshot: 7.
iii. iv. In the navigation pane, right-click the cluster name, point to More Actions, and then click Cluster-Aware Updating. In the ClusterName – Cluster-Aware Updating dialog box, click the Log of Updates in Progress tab to monitor what is happening. Note: After Cluster-Aware Updating (CAU) completes, you can click Generate a report on past Updating Runs to view details about what was installed through CAU.
3.2 Step 2: Run the 1611 P&U update package Microsoft P0 IMPORTANT: You must run the 1611 PUDellEMC package before you run the 1611 P0 and P1 packages. Run the 1611 Microsoft P0 update package by doing the following: 1. Browse to the shared folder PUShare on the console VM, and create a folder to store the 1611-0 update package, such as PU_#, where # is the number or some other identifier of the specific update package. For example, where 1611 represents the year/month: \\CON01\PUShare\PU_1611_0 IM
The PowerShell output looks similar to the following screenshot: 7. To cancel the jobs and disable the agents, do the following: a. From an elevated Windows PowerShell session, run the following commands. Press Enter after each command: cd \\CON01\PUShare\\PU\Framework\PatchingUpgrade" Import-Module .\PatchingUpgrade\DPM.psm1 Set-DPMBackupMode -BackupMode Disable -Credential (Get-Credential) b. When prompted, enter the account credentials of the account that you are logged on as.
Note: After Cluster-Aware Updating (CAU) completes, you can click Generate a report on past Updating Runs to view details about what was installed through CAU. If you have the VMM console open, and it reconnects, patching of the VMM server may be in progress. This is expected behavior. 2. To monitor the progress, you can use the following methods: View the verbose output on the screen. View the P&U events in Event Viewer.
4. If you disabled DPM agents on the DPM servers earlier, do the following to restart any canceled jobs and enable the DPM agents: a. On the Console VM, make sure that you are logged on as the account that is a member of -Setup-Admins. b. Open an elevated Windows PowerShell session, and run the following commands. Press Enter after each command. cd "\\CON01\PUShare\\PU\Framework\PatchingUpgrade" Import-Module .\PatchingUpgrade\DPM.
3.3 Step 3: Run the 1611 P&U update package Microsoft P1 IMPORTANT: You must run the 1611 PUDellEMC package and the 1611 P0 package before you run the 1611 P1 package. Run the 1611 Microsoft P1 update package by doing the following: 1. Browse to the shared folder PUShare on the console VM, and create a folder to store the 1611-1 update package, such as PU_#, where # is the number or some other identifier of the specific update package. For example, where 1611 represents the year/month: \\CON01\PUSh
The PowerShell output looks similar to the following screenshot: 7. To cancel the jobs and disable the agents, do the following: a. From an elevated Windows PowerShell session, run the following commands. Press Enter after each command. cd \\CON01\PUShare\\PU\Framework\PatchingUpgrade" Import-Module .\PatchingUpgrade\DPM.psm1 Set-DPMBackupMode -BackupMode Disable -Credential (Get-Credential) b. When prompted, enter the account credentials of the account that you are logged on as.
If you have the VMM console open, and it reconnects, patching of the VMM server may be in progress. This is expected behavior. 9. To monitor the progress, you can use the following methods: View the verbose output on the screen. View the P&U events in Event Viewer. You can find P&U events under Applications and Services Logs -> PUEventLog -> Operational. View the temp folder to retrieve logs with more details. To determine the temp folder, run the following command in Windows PowerShell: [System.
11. If you disabled DPM agents on the DPM servers earlier, do the following to restart any canceled jobs and enable the DPM agents: a. On the Console VM, make sure that you are logged on as the account that is a member of -Setup-Admins. b. Open an elevated Windows PowerShell session, and run the following commands. Press Enter after each command. cd "\\CON01\PUShare\\PU\Framework\PatchingUpgrade" Import-Module .\PatchingUpgrade\DPM.
4 Known Issues The following issue has been identified in Update 1611 for CPS Standard. 4.1 Issue: PURunstatus.json file reports failed state after console reboot Description: Servicing is set to automatically restart after rebooting the console from which servicing is run. This ensures that the console is fully updated. Occasionally, there are failures in servicing due to this reboot happening before actions are complete. Detection: PURunStatus.
5 Microsoft payload for Update P0 package 5.1 Configuration changes from previous updates 23 Computers Update All Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P rotocols\SSL 2.0\Client" -Name DisabledByDefault -Type DWord -Value 1 All Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\P rotocols\SSL 2.0\Client" -Name Enabled -Type DWord -Value 0 All Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\S
5.2 24 Updates for Windows Server 2012 R2, from previous updates KB Article Description 3138615 Update for Windows Server 2012 R2 (KB3138615) 3173424 Servicing stack update for Windows 8.
6 Microsoft payload for Update P1 package 6.1 New updates for Windows Server 2012 R2 6.2 6.3 25 KB Article Description 3062960 Hotfix for Windows Server 2012 R2 x64 Edition (KB3062960) 3163291 Security Update for Microsoft .NET Framework 4.5.2 on Windows 8.
6.4 26 KB Article Description 3147167 This update fixes the problems described in KB article 3147167 3158609 This update fixes the problems described in KB article 3158609 3158139 This update fixes the problems described in KB article 3147167 Updates for Windows Server 2012 R2, from previous updates KB Article Description 3185331 October 2016 security monthly quality rollup for Windows 8.1 and Windows Server 2012 R2 3188743 MS16-120: Description of the Security and Quality Rollup for .
KB Article Description 3178539 Security Update for Windows Server 2012 R2 (KB3178539) 3179574 Update for Windows Server 2012 R2 (KB3179574) 3184122 Security Update for Windows Server 2012 R2 (KB3184122) 3184471 Security Update for Windows Server 2012 R2 (KB3184471) 3184943 Security Update for Windows Server 2012 R2 (KB3184943) 3185319 Cumulative Security Update for Internet Explorer 11 for Windows Server 2012 R2 (KB3185319) 3185911 Security Update for Windows Server 2012 R2 (KB3185911) 3
KB Article Description 3170455 MS16-087: Description of the security update for Windows print spooler components: July 12, 2016 3172727 MS16-094: Description of the security update for Secure Boot: July 12, 2016 3164294 MS16-073: Description of the security update for kernel mode drivers: June 14, 2016 3164035 MS16-074: Description of the security update for Microsoft Graphics Component: June 14, 2016 3164033 MS16-074: Description of the security update for Microsoft Graphics Component: June
KB Article Description 3157569 MS16-080: Description of the security update for Windows PDF: June 14, 2016 3156418 May 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 3149157 Reliability and scalability improvements in TCP/IP for Windows 8.
KB Article Description 3139923 Windows installer (MSI) repair doesn't work when MSI package is installed on an HTTP share in Windows 3139921 "No computer account for trust" error when you change domain account password in Windows 3139896 Hyper-V guest may freeze when it is running failover cluster service together with shared VHDX in Windows Server 2012 R2 3139649 Print job fails if Creator Owner is removed from Windows Server 2012 R2 or Windows Server 2012 3139219 0x1E Stop error when you re
KB Article Description 3134785 Memory leak in RPCSS and DcomLaunch services in Windows 8.
KB Article Description 3121255 "0x00000024" Stop error in FsRtlNotifyFilterReportChange and copy file may fail in Windows 3118401 Update for Universal C Runtime in Windows 3115224 Reliability improvements for VMs that are running on a Windows Server 2012 R2 or Windows Server 2012 host 3109976 Texas Instruments xHCI USB controllers may encounter a hardware issue on large data transfers in Windows 8.
KB Article Description 3094486 KDS doesn't start or KDS root key isn't created in Windows Server 2012 R2 3092627 September 2015 update to fix Windows or application freezes after you install security update 3076895 3091297 You can't logon to an AD FS server from a Windows Store app on a Windows 8.1 or Windows RT 8.
KB Article Description 3077715 August 2015 cumulative time zone update for Windows operating systems 3071663 Microsoft applications might crash in Windows 3067505 MS15-076: Vulnerability in Windows Remote Procedure Call could allow elevation of privilege: July 14, 2015 3063843 Registry bloat causes slow logons or insufficient system resources error 0x800705AA in Windows 8.
KB Article Description 3052480 Unexpected ASP.
KB Article Description 3044374 Update that enables you to upgrade from Windows 8.1 to Windows 10 3043812 Layout of Cambria font is different in Word documents when the text metric changes in Windows 8.
KB Article Description 3029603 xHCI driver crashes after you resume computer from sleep mode in Windows 8.1 or Windows Server 2012 R2 3027209 Reliability improvements for Windows 8.1: March 2015 3024755 Multi-touch gesture does not work after you exit the Calculator in Windows 3024751 The TAB key does not switch the cursor to the next input box when you enter Wi-Fi credentials on a Surface Pro 3 3021910 April 2015 servicing stack update for Windows 8.
KB Article Description 2989930 "Not Connected" status for a paired Surface Pen in Bluetooth settings on Surface Pro 3 2894852 Description of the security update for the .NET Framework 3.5 on Windows 8.
KB Article Description 3149090 MS16-047: Description of the security update for SAM and LSAD remote protocols: April 12, 2016 3146963 MS16-040: Description of the security update for Microsoft XML core services: April 12, 2016 3146723 MS16-048: Description of the security update for CSRSS: April 12, 2016 3146706 MS16-044: Security update for Windows OLE: April 12, 2016 3142045 MS16-039: Description of the security update for the .NET Framework 3.5 in Windows 8.
KB Article Description 3130944 March 2016 update for Windows Server 2012 R2 clusters to fix several issues 3127231 MS16-019: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: February 9, 2016 3127226 MS16-019: Description of the security update for the .NET Framework 4.5.2 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: February 9, 2016 3127222 MS16-019: Description of the security update for the .
KB Article Description 3108604 Microsoft security advisory: Description of the security update for Windows Hyper-V: November 10, 2015 3102939 MS15-120: Security update for IPsec to address denial of service: November 10, 2015 3101246 MS15-122: Description of the security update for Windows Kerberos: November 10, 2015 3098785 MS15-118: Description of the security update for the .NET Framework 4.6 and 4.6.1 on Windows 8.
KB Article Description 3078601 MS15-080: Description of the security update for Windows: August 11, 2015 3076895 MS15-084: Description of the security update for Windows XML core services: August 11, 2015 3075220 MS15-082: Description of the security update for RDP in Windows: August 11, 2015 3074553 MS15-101: Description of the security update for the .NET Framework 4.6 and 4.6 RC on Windows 8.
KB Article Description 3060716 MS15-090: Vulnerabilities in Windows could allow elevation of privilege: August 11, 2015 3059317 MS15-060: Vulnerability in Microsoft common controls could allow remote code execution: June 9, 2015 3055642 MS15-050: Vulnerability in Service Control Manager could allow elevation of privilege: May 12, 2015 3048072 MS15-044: Description of the security update for the .NET Framework 3.5 on Windows 8.
KB Article Description 3023222 MS15-048: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 12, 2015 3023219 MS15-048: Description of the security update for the .NET Framework 3.5 on Windows 8.
KB Article Description 2993928 MS14-059: Description of the security update for ASP.NET MVC 4.0: October 14, 2014 2992080 MS14-059: Description of the security update for ASP.NET MVC 5.0: October 14, 2014 2979576 MS14-057: Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: October 14, 2014 2979573 MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.
KB Article Description 2966828 MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: August 12, 2014 2966826 MS14-046: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: August 12, 2014 2934520 The Microsoft .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 2898850 Description of the security update for the .NET Framework 4.5.1 and the .
6.5 Troubleshooting the P&U process Issue 1 Symptoms: The "SQLProductUpdates" subsystem fails and returns the following error message: The WS-Management service cannot complete the operation within the time specified in OperationTimeout. Description: There seems to be a timing issue in the service. Microsoft is currently researching this issue. This can cause SQLProductUpdates to fail and return an error message that resembles the following: The Microsoft.
The result should begin as follows: Microsoft SQL Server 2014 (SP1-CU8) (KB3174038) - 12.0.4468.0 (X64) Repeat steps 1 through 4 for the following SQL Server instances: SQLIN02\SQLIN02 Resolution: If the CAU status shows a Succeeded value for all nodes, and if version information for all instances is correct, restart the P&U process, and add “SQLProductUpdates” to the -ExcludeSubsystems parameter array.
The temporary fix resolves the problem immediately, but does not prevent it from happening again. This fix involves rebooting the SMA VM (APA01). This restarts any queued jobs in SMA. The more permanent fix, which is not recommended, has performance impacts to SMA, but will prevent the issue from happening again. To apply the more permanent fix, do the following: 1. On the SMA VM ((APA01), modify the following values in the Program Files\Microsoft System Center 2012 R2\Service Manageme
3. In the Hosts pane, right-click the external host, and then click Properties. 4. Click the Custom Properties tab. 5. In the PU custom property box, type External, and then click OK. With this entry, P&U will skip the external host. You are responsible for updating any external servers outside of P&U.
7 DELL payload for Update 1611 Dell Server BIOS R630/R730/R730XD Version 2.3.4 Fixes & Enhancements Enhancements - Updated the Intel Processor and Memory Reference Code to PLR5. - Added the I/O Snoop HoldOff Response BIOS setup option in the Integrated Devices menu. Fixes - Removed BIOS power capping when in performance mode. This prevents the Node Manager power capping SCI from triggering. - A PCI resource handling issue on the PowerEdge R630 server.
Intel C600/C610/C220/C230/C2000 Series Chipset Drivers Fixes & Enhancements Enhancements - Certified for Windows Server 2016 Fixes - None Intel NIC Family Version 17.5.0 Firmware for I350, I354, X520, X540, and X550 adapters Fixes & Enhancements Enhancements - Added support for Intel(R) Ethernet 10G 2P X550-t Adapter - Added support for Red Hat Enterprise Linux 7.
Fixes - Disabled T10 Rebuild Assist (Rapid Rebuild). Corrected an issue where a specific cache flush condition could cause the controller to hang. Fixed an issue where after converting PERC personality mode to HBA, PDs still display as Ready state instead of Non-Raid. Resolved an issue that could lead the RAID controller to hang during multiple DC reboots. Resolved an issue where the PERC9 Windows drivers log each boot event which could eventually cause extended boot time.
Dell 12Gbps HBA firmware version 13.17.03.00 Fixes & Enhancements Enhancements - None. Fixes - Fixed issue where tape drive is unintentionally loaded during boot. - Fixed issue where unmap command is sent to the last LBA of an SSD. Windows Server 2012 R2 Driver version 2.51.15.00 for Dell 12Gbps HBA and HBA330 Fixes & Enhancements Enhancements - None. Fixes - Fixed issue where array path is lost when the SAS end device has a LUN that cannot respond successfully to TUR.