#CAU is a great new feature but how does it fit in your infrastructure ?
I have already a WSUS server and I use SCCM ,and I use WSUS for my DTAP environment, and now Do I need another WSUS server ? or can I reuse the old WSUS ?
WSUS 3.0SP2 (on W2K8R2): not yet compatible with Windows Server 2012
You can’t use SCCM to pull the Updates.
So basically install a downstream server for the CAU or primary wsus, if you have more WSUS servers you can sync the updates with powershell to hold the same info on all your other servers.
- Single-click launch of cluster-wide updating operation
- Or a single PS cmdlet
- “Updating Run”
- Physical or VM clusters
- CAU scans, downloads and installs applicable updates on each node
- Restarts node as necessary
- One node at a time
- Repeats for all cluster nodes
- Customize pre-update & post-update behavior with PS scripts
- Updates (GDRs) from Windows Update or WSUS
- Hotfixes (QFEs) from a local File Share
- Simple customization that installs almost any software update off a local File Share
- Adds CAU clustered role
- Just like any other clustered workload
- Resilience to planned and unplanned failures
- Not mutually exclusive with on-demand updating
- Analogy: Windows Update scan on your PC with AU auto-install
- But possible conflicts with Updating Runs in progress
- “Configured, but on hold” functionality
- Compatible with VCO Prestaging
Powershell usage :
Sample: fill in the cluster name and the wsus share.
Invoke-CauScan -ClusterName CONTOSO-FC1 -CauPluginName Microsoft.WindowsUpdatePlugin, Microsoft.HotfixPlugin -CauPluginArguments @{}, @{ ‘HotfixRootFolderPath’ = ‘\CauHotfixSrvshareName’; ‘HotfixConfigFilePath’ = ‘\CauHotfixSrvshareNameDefaultHotfixConfig.xml’ } -RunPluginsSerially -Verbose
Invoke-CauRun -ClusterName CONTOSO-FC1 -CauPluginName Microsoft.WindowsUpdatePlugin, Microsoft.HotfixPlugin -CauPluginArguments @{ ‘IncludeRecommendedUpdates’ = ‘True’ }, @{ ‘HotfixRootFolderPath’ = ‘\CauHotfixSrvshareName’; ‘HotfixConfigFilePath’ = ‘\CauHotfixSrvshareNameDefaultHotfixConfig.xml’ } -MaxRetriesPerNode 2 -StopOnPluginFailure –Force
Options: RunPluginsSerially, StopOnPluginFailure, SeparateReboots
- CAU supports only Windows Server 2012 clusters
- Can be installed on Windows 8 Client RSAT package
Make CAU the only tool updating the cluster
Concurrent updates by other tools: e.g., WSUS, WUA, SCCM might cause downtime
For a WSUS-based deployment:
WSUS 4.0: needs a workaround with Beta builds (only) http://social.technet.microsoft.com/wiki/contents/articles/7891.how-wsus-and-cluster-aware-updating-are-affected-by-windows-server-8-beta-updates.aspx
WSUS 3.0SP2 (on W2K8R2): not yet compatible with Windows Server 2012
Think about firewalls on nodes!
Windows Firewall Beta (or non-Windows firewall): create a firewall rule and enable it for domain-scope, wininit.exe program, dynamic RPC endpoints, TCP protocol
Windows Firewall RC: Enable the "Remote Shutdown" firewall rule group for the Domain profile, or pass the “-EnableFirewallRules” parameter to Invoke-CauRun, Add-CauClusterRole or Set-CauClusterRole cmdlets
Make sure GPOs agree
CAU: Understand and Troubleshoot Guide: http://www.microsoft.com/download/en/details.aspx?id=29015
CAU Scenario Overview: http://technet.microsoft.com/en-us/library/hh831694.aspx
CAU Windows PowerShell cmdlets
‘Update-Help’ downloads the full cmdlet help for CAU cmdlets
Online: http://go.microsoft.com/fwlink/p/?LinkId=237675
Starting with Cluster-Aware Updating: Self-Updating: http://blogs.technet.com/b/filecab/archive/2012/05/17/starting-with-cluster-aware-updating-self-updating.aspx