- Recommended security settings and new group policies for Microsoft Edge (from 107 on) - Fri, Jan 27 2023
- Save and access the BitLocker recovery key in the Microsoft account - Tue, Jan 24 2023
- Reopen apps after Windows startup - Thu, Jan 19 2023
In a Hyper-V or HCI cluster, cluster-aware updating (CAU) migrates all workloads from one host to other nodes of the cluster, installs the updates, and restarts the machine. This process then repeats itself until the entire cluster is up to date.
Until recently, Failover Cluster Manager and PowerShell were the tools of choice for this maintenance task, and for some time now, it's also been possible to use Windows Admin Center (WAC). WAC simplifies the process even further by automatically installing the CAU feature on the cluster nodes if necessary.
Connecting WAC to a cluster
The first step is to connect to the cluster using WAC, if it's not already connected. To do this, open the Cluster Manager from the menu in the title bar. There, you can execute the command +Add and enter the cluster name object (CNO) under which you have registered the cluster in Active Directory (AD).
After the connection has been successfully established, you can switch to Updates in the navigation bar on the left. If you have not used WAC to update the cluster before, or deactivated CredSSP after the last maintenance job as recommended, then a dialog box will be displayed that asks you to allow CredSSP.
Notorious issues with CredSSP
When in gateway mode, the Admin Center often causes problems when delegating credentials to the endpoints, so that instead of the dialog box mentioned, you often receive an error message:
You can't use Cluster-Aware updating tool without enabling CredSSP and providing explicit credentials.
One cause might be that you're using a gateway server localized in a language other than English. Manually activating CredSSP on the gateway server and the cluster nodes doesn't usually solve the problem. So another option is to install WAC on a workstation; because you connect directly to the cluster from the workstation, the credential delegation problem does not occur there.
Searching for updates
After overcoming the CredSSP hurdle, the Update Manager will offer to add the CAU feature if not already done.
The following overview lists the cluster nodes and their update status. Before any updates have taken place, the status is shown as Not Available.
Now you can start the search for updates via the corresponding link. If the search finds required updates, you can then start the installation process. Each node then undergoes multiple stages, starting with Waiting, followed by Being Deployed, Installing, and Restarting if a reboot is required.
Confirming successful updates
At the end of the update process, the Update status column indicates whether the update was successful. The following screenshot shows one node with the value PartiallyFailed, because the device couldn't be rebooted and had to be done manually.
To determine whether there were also problems during the update, you should view the tab under History. There, you can find the exact name of the update, including a description and the status of the installation.
Subscribe to 4sysops newsletter!
To get a complete history of the installed updates, you should not switch away from the update window during the entire process. If you want to use another WAC tool in the meantime, you can either open it in another browser window or use the pop-out tools introduced with version 2103.