Cluster Aware Update (CAU): Remote Updating Mode - Configuration for Windows Server 2012



Before Windows Server 2012, patching for cluster server was very tedious job - move all the resource to a different node, stop the cluster service & install the patch to this node. After completion of one node, repeat the same for other nodes. It creates huge service outage. From Windows Server 2012, Cluster Aware Update is introduced which automated patch update process for Failover Cluster nodes & minimize the service outage.
 Task performed by CAU :
·           Cluster role is moved to another node. By default, CAU selects the node which runs least roles to install the patch first.
·           The node where patch being installed, put into “Maintenance mode”.
·           Install the patch  & restart the node, if required.
·           Being the node “Out of Maintenance mode”.
·           Restore the Cluster Role.
·           Proceed for the next node

 CAU run in two different modes :
§   Remote-updating Mode: Update co-ordinator runs at the separate computer, which is       not a cluster node.
§   Self-updating Mode: Update co-ordinator runs on one of the cluster nodes. Cluster Aware updating role needs to install on both nodes.

Pre-requisite/Recommendation:
·           The cluster must be healthy – role must move from one node to another.
·           The cluster must have a quorum. Cluster name should resolve by DNS.
·           Disable automatic update on cluster nodes & you can achieve this my GPO setting – “Do not connect to any Windows Update Internet connections” (Enabled it for nodes) (Pix-03).
·           Don’t schedule automatic update for cluster nodes.
·           From WSUS end, identify the cluster nodes & approve the required updates. Recommending different Computer Group for update co-ordinator & cluster nodes.
·           Review any preferred owner settings for clustered roles. Configure these settings so that when CAU completes, it attempts to return clustered roles to the nodes that they were running on before the updating began.
·           Install KB2803748 on Windows 2012 Update Co-ordinator server to mitigate the MMC bug of Windows 2012 Server.
·           Internet connection is not required for Co-ordinator as well as cluster nodes. The only internet for WSUS is sufficient for CAU: Remote Updating Mode.
·           Remote Server Administration Tools (RSAT) for Failover Clustering Feature need to install on Update co-ordinator server.

In Windows 2012 Server: Add Roles & Features > Features > Remote Server Administration Tools >Feature Administration Tools > Failover Clustering Tools >Failover Cluster Management Tool must be selected. After completion of this, you can get “Cluster Aware Update” features under the Tools menu of the Server Manager Dashboard. (Pix-01 & 02).

Pix-01: Installation of RSAT – Failover Cluster

Pix-02: Cluster-Aware Updating

Pix-03: GPO Settings for WSUS & CAU

In this case, we’ll consider only CAU: Remote Updating mode. The setup is as below diagram (Pix-04). AD server also acts as Update Co-Ordinator server & RSAT for Failover Clustering tools is installed on this server. WSUS server is not in domain & connected with internet. Failover Cluster – “FO-Cluster” has two nodes- W2012-N1 & W2012-N2. Windows FW for all server is disabled.


Pix-04: Diagram - CAU Implementation


Now Go to Tools menu from Update co-ordinator server > Cluster-Aware Updating > Select the Cluster from drop-down menu > Click on “Analyze Cluster Updating Readiness” to check the CAU readiness. If the test is showing proxy error or recommending to install CAU role on a cluster node, ignore it. Because we are going to implement CAU: Remote-updating Mode. If you look into the result, you get various information about pre-requisite for CAU. (Pix-05)

Pix-05: CAU - Analyze Cluster Updating Readiness

 Now click on “Preview Updates for this cluster” from Cluster-aware Updating window. Select “Microsoft.WindowsUpdatePlugin”, it will connect to WSUS to check which updates are required for the cluster nodes.

In my scenario from WSUS, I have approved 6 updates to Cluster Nodes (W2012-NODES: Computer group for Cluster Nodes) (Pix-06). Now I can check the same if I run “Preview updates for this cluster” from Cluster-aware Updating Window (Pix-07)

Pix-06: Updates approve to Cluster nodes from WSUS

Pix-07: CAU preview showing Updates for nodes

Now Apply updates to this cluster, it’ll ask a few configurations, you can go with a default value. By default, CAU start updating the nodes which run fewer server roles (in this case W2012-N2).

Pix-08: CAU - Apply updates to this cluster

Pix-09: CAU - Node updating is going to start

As roles are running at Node-1, the update will start at Node-2 first. Check CAU logs from Cluster-Aware Updating console (Pix-10). Before that Node-2 would be in maintenance mode. You can also check from Cluster Management console, show W2012-N2 in “Pause” (Pix-11)

Pix-10: CAU Console: Node-2 Updating start

Pix-11: Cluster Management Console - Node 2 in maintenance mode

After successfully update of Node-2, it restarts automatically. After restart node come out from Maintenance mode to normal mode & Update status is changing to “Succeeded” (Pix-12). After that Node-1 will be in Maintenance mode & start updating. After that node will be restart & change its status to “Succeeded”. Server Roles in Node-1 which was transferred to Node-2 before start updating Node-1 will restore to Node-1 again automatically. But Quorum will stay at Node-2.

Pix-12: Node-2 is updated successfully

Pix-13: CAU-Remote Updating successful

Tag : Cluster-Aware Updating, CAU, WSUS, Windows Server 2012,    Patch Deployment

Comments

  1. PriyaWednesday, June 29, 2022

    I read your article and learned something new as a result of reading it. Its really  quite useful and unique. Keep posting like this..
    Cybersecurity Company in Bangalore
    SOC Monitoring Service Provider
    IT infrastructure services in Bangalore
    ISO 27001 Consulting Services
    AMC services in Bangalore
    Penetration testing services

    ReplyDelete
  2. AnonymousThursday, September 21, 2023

    Cluster Aware Update (CAU) in Windows Server 2012 is a crucial tool for VPS administrators managing clustered environments. Its Remote Updating Mode simplifies the update process, allowing VPS updates to be applied remotely. This minimizes downtime and ensures VPS clusters remain operational during updates, contributing to the reliability and health of VPS environments.

    ReplyDelete
  3. AnonymousThursday, September 21, 2023

    Cluster Aware Update (CAU) in Windows Server 2012 is a crucial tool for VPS administrators managing clustered environments. Its Remote Updating Mode simplifies the update process, allowing VPS updates to be applied remotely. This minimizes downtime and ensures VPS clusters remain operational during updates, contributing to the reliability and health of VPS environments.

    ReplyDelete

Post a Comment

Thank you.

Popular posts from this blog

Google Chrome Bookmark & Homepage through GPO

Image
Goals: We need to create a GPO for Google Chrome Bookmarks & home page/landing page. Under the bookmarks, few URLs would be there. It will be easy for users to access these url/site. Also by home page – most useful/frequently open site can be set, so that when user open Google chrome, the page will be displayed first. Gyan: All policy setting for Group Policy Management Console are not readily available. Sometime to manipulate group policy settings for higher version OS (i.e. Screensaver for Windows 10) or third party application (i.e. Google Chrome),we need to download group policy setting supported files – admx (policy settings) along with adml (language suppot). Both files are stored into central storage repository, known as “ Central Store ”. For higher Windows it is “ PolicyDefinitions” – automaticall created when a DC built under C:\Windows\ Process: Incorporate Chrome GPO templates:         1.       To manage...
Read more

File Server Migration: Windows Server 2008R2 to Windows Server 2019

Image
  Scenario:   We have a File Server on Windows Server 2008R2 . The File Server has several departmental shares & it is accessed by the department user only. But among them few have RW (Read & Write) permission, rest have only R (Read) permission. Also every dept. share have disk quota & every authorized user has their shared folder mapped as a network drive in their Windows Explorer. In my environment, I have implemented the procedure for 15 different departmental share folders accessing different departments consist of 10-30 users each dept & each shared folder volume is 100 GB to 500GB. Challenges: 1 .       Migrated Share Folders must have the same level of permission as on W2008 Server. 2.        Several Disk quota templates need to export to new W2019 to minimized the effort.   Users should be transparent to this migration & their acce...
Read more

DNS Server IP Address change in Client Systems through Group Policy

Image
  Scenario: Recently our network team, restructure IP segments & it is recommended to change the IP address of our DNS server. It is an AD integrated DNS server & around 1000 desktops & laptops are in the network – all have static IP addresses. We need to change the DNS IP for all the systems. Procedure: We can change the DNS IP through Group Policy with the help of a simple *.bat file. We will apply the GPO in Startup as Computer base policy. But here tricky part is, we need run the batch file in "Run as Administrator" mode. Most of the Computer-based Startup GPO is not run in normal mode. The batch file as below, suppose it name DNSIP_Change.bat   :   Replace your DNS Server “ set dnsserver=X.X.X.X ” @echo off set dnsserver=10.10.10.31 set dnsserver2=10.10.10.30 for /f "tokens=1,2,3*" %%i in ('netsh interface show interface') do (   if %%i EQU Enabled (   rem echo change "%%l" : %dnsserver%   netsh interface ...
Read more