Tag: Patching

Missing Patches – SCCM

Was patching over the weekend especially with the Remote Desktop Gateway bug deemed critical.

Noticed that none of the Windows Server 2012 R2 and Windows Server 2016 updates were  not appearing in SCCM.

Thought it was my WSUS server (in my internet facing environment) not downloading Windows Server updates. Confirmed by checking my WSUS.

Then remembered that SCCM also manages Updates as well.

See below process:

Go to Administration > Site Configuration > Sites.

Click on the Primary Site and then click Settings from the top pane.

Select Configure Site Components then Software update Point.

MissingPatches#1

Click the Products tab.

Tick Windows Server 2012 R2 and Windows Server 2016.

MissingPatches#2

Click Ok.

Go to Software Library > Software Updates.

Right click on All Software Updates and select Synchronize Software Updates.

MissingPatches#3

The newly ticked classifications will sync and you will see the ‘new’ updates under All Software Updates.
Ready to deploy.

This caught me out this weekend. Luckily I remembered and fixed it quickly without too much effort.

 

HowTo – Patching FAST Search for SharePoint 2010

I am currently patching my customers FAST Search 2010 Farm with the latest patch…. Yes they know they are behind but their hands are tied.

KB3054970 is the last update for the FAST Search 2010 platform.

PatchingFS4SP#1

On the Admin Server, run the executable as an administrator (right click and run as administrator).

Click Yes on the UAC screen.

PatchingFS4SP#2

Another popup window will appear, tick the box at the bottom of the pop up and click Continue.

PatchingFS4SP#3

The install will begin.

Wait till another popup appears with The installation is complete. Click Ok on the message.

PatchingFS4SP#4

Open Microsoft FAST Search Server 2010 for SharePoint powershell from the Start menu.

PatchingFS4SP#5

Type the following:

Cd ..

Cd installer\scripts

Psconfig -action p

PatchingFS4SP#6

This will apply the relevant fixes after it stops the FAST Search and Monitoring services and starts them back up.

Repeat on your remaining FAST Search servers.

Importing WSUS Content Into a Disconnect Domain

Update 16-Jan-20: Fixed typo in WSUS Export Script.

Recently had to perform the exact steps to get an environment patched that did not have an internet connection or could connect to an upstream WSUS server.

The following process will describe downloading and upload patches to a disconnected domain:

    1. WSUS server that has internet connection. For the one I recent did, I created a VM with WSUS and WID database to keep the footprint small.
    2. Let WSUS sync overnight with all the classifications.
    3. Once synced, go into WSUS administration.
    4. Click Options.
    5. Click Update Files and Languages.
      WSUS#1
    6. Confirm that on the Update Files tab, that only update files will download when they are approved. If you click download express installation files this will take forever to complete and download everything.
      WSUS#2
    7. Click on the Update Languages tab.
    8. Select Download updates only in these languages, and select the language that you wish, in my case English.
      WSUS#3
    9. The easiest way is to get into the Critical and Security updates under updates. Click Any Except Declined and click Refresh.
      WSUS#4
    10. Once the results come back, right click on the column bar and select SuperSedence.
      WSUS#5
    11. Now sort by the supersedence column, by clicking on the column.
    12. Updates that have a blue box at the top mean that this update replaces other updates.
      WSUS#6
    13. These ones mean that they are not superseded, but another update replaces them.
      WSUS#7
    14. Any updates that have been superseded, select them. You can select many by shift+a on the
    15. Right click on these updates and select Decline.
      WSUS#8
    16. Approve the remaining updates.
    17. WSUS will then begin to download the physical files.
      WSUS#9
    18. Wait till all the downloads have been completed and the download status is idle. This will take sometime to download, i.e 2 days and depending on the number of classifications selected.
    19. Once completed, copy the entire contents of E:\WSUSContent to a harddrive. You will need at least 1TB of space.
      The best way to copy the contents is by using ROBOCOPY.
      Example command:
      robocopy /MIR
      The /MIR switch will copy all the sub folders. The important thing is to copy the files exactly as they are from the source, as the WSUS database has pointers to each of the files.
    20. If your copying to an existing WSUS content on a harddrive then you will want to run an incremental Robocopy, which basically means that any files that have been modified compared to the file in the destination are copied.
      Command:
      robocopy E:\WSUSContent F:\WSUSContent /E /MIR /R:1 /W:1
    21. While the copying is happening, open a Command prompt as an administrator on the source WSUS server.
    22. Navigate to C:\Program Files\Update Services\Tools
    23. Enter the following command (this will export the metadata of the updates):
      exe export D:\wsusexport_20190601.xml.gz D:\wsusexport_20190601.log
      NP if you have a large number of updates, you will need to run the .xml.gz extension as the standard WSUS command wont work.
    24. Copy the export files to the harddrive.
    25. Robocopy the WSUS Content from the harddrive to the WSUS server using the differential robocopy command:
      robocopy D:\WSUSContent\WSUSContent \\E$\WSUSContent\WSUSContent /E /MIR /R:1 /W:1
    26. Verify that the Robocopy has finished.
    27. Run the following command to import WSUS metadata.
    28. Navigate to C:\Program Files\Update Services\Tools
    29. Enter the following command (this will import the metadata of the updates):
      wsusutil.exe import
      E:\wsusexport_20190601.xml.gz E:\wsusexport_20190601.log
      WSUS#10
    30. Confirm the metadata is being imported. Process will take ages depending on the size of the xml.gz file.
    31. Confirm that metadata is imported.
    32. Open the SCCM Console.
    33. Go to Software Library tab.
    34. Expand Software Updates.
    35. Right click on All Software Updates and click Synchronize.
    36. This process will take some time.
    37. To confirm that the updates have been sync’d with SCCM, go to the All Software Updates page.
    38. Set the criteria to Date Released is on or after last 1 month.
    39. Select all the updates that in the Required column is more than 1.
    40. Now your good to go.

SharePoint Server Showing Upgrade Required

Issue:

One of the Sharepoint App Servers is showing Upgrade Required within the Farm Information on the Central Admin site.
I had run the Upgrade command successfully, and checked within Central Administration and it was still showing Upgrade Required.
Re-ran the Upgrade just incase and same result.

Solution:

A nifty Sharepoint trick so that Sharepoint will go and do a fresh update and check of the binaries.

Get-SPProduct –Local

To check the Farm Version, run the below:

$farm = Get-SPFarm
$farm.BuildVersion