Summary
You might have issues installing updates released May 20, 2021 (KB5003237) or later updates on Azure Stack HCI by using the Windows Admin Center or Cluster Aware Updating (CAU) through the Windows Update Plugin. This might leave the Azure Stack HCI cluster partially updated unless a mitigation is used to apply an affected update. After the whole cluster has update KB5003237 that was released on May 20, 2021 or later installed, you should not have to use the mitigation to update later updates.
How to determine whether your cluster is affected
You might see the following errors:
-
The Windows Admin Center will show a status of Couldn’t install updates and the per node status is mentioned in the State column.
-
You might receive an error in the Admin Channel event log with Event ID 1013 from the source Microsoft-Windows-ClusterAwareUpdating-Management.
To determine whether the cluster is affected, use the following PowerShell command on any node in the cluster:
-
(Get-CauReport -Last -Detailed).ClusterResult.NodeResults
If you receive the following error message, the cluster is affected:
-
ErrorRecordData : (PluginReported_ScanFailure_Failed) The Microsoft.WindowsUpdatePlugin plug-in reported a failure while attempting to scan for applicable updates on node "<HCIClusterNodeName>". Additional information reported by the plug-in: (ClusterUpdateException) There was a failure in a Common Information Model (CIM) operation, that is, an operation performed by software that Cluster-Aware Updating depends on. The computer was " <HCIClusterNodeName>", and the operation was "ScanUpdates[Info,CauNodeWCD[<HCIClusterNodeName>]]". The failure was: (CimException) The WinRM client cannot process the request. The object contains an unrecognized argument:
-
"FeatureUpdatesOnly". Verify that the spelling of the argument name is correct. HRESULT 0x803381e1 ==> (CimException) The WinRM client cannot process the request. The object contains an unrecognized argument: "FeatureUpdatesOnly". Verify that the spelling of the argument name is correct. HRESULT 0x803381e1
Workaround
To work around this issue, use one of the following methods.
Method 1: Use a management device to invoke a remote CAU updating run
From a remote management device that is not part of the cluster, follow these steps:
-
Make sure that the remote management device is set up correctly (RSAT Failover Clustering is installed). For detailed information about how to use or set up a remote management device to use CAU, see Update a cluster using PowerShell.
-
Run the following PowerShell command:Invoke-CauRun -ClusterName <cluster name> -CauPluginName Microsoft.WindowsUpdatePlugin -MaxFailedNodes 1 -MaxRetriesPerNode 3 -RequireAllNodesOnline -EnableFirewallRules -Force For more information, see Install updates with PowerShell.
Method 2: Use the CAU Hotfix Plugin for a Self-Updating Run
To use the CAU Hotfix Plugin for a Self-Updating Run, follow these steps:
-
Download the desired KB package to a file share accessible by the cluster nodes.
-
The folder structure used has to match the recommended method in Configure Hotfix folder structure
-
After the hotfix folder is in place, run the following PowerShell commands to perform the self-updating run using the CAU Hotfix Plugin:
Add-CauClusterRole -ClusterName <cluster_name> -EnableFirewallRules -Force (in case it isn’t added already)
Set-CauClusterRole -ClusterName <cluster_name> -CauPluginName Microsoft.HotfixPlugin -CauPluginArguments @{'HotfixRootFolderPath' = '<\\MyFileServer\Hotfixes\Root>'; 'DisableAclChecks' = 'True'; 'HotfixConfigFileName' = 'DefaultHotfixConfig.xml'; 'RequireSMBEncryption' = 'True' } -EnableFirewallRules -Force
Set-CauClusterRole -ClusterName <cluster_name> -UpdateNow -Force
Remove-CauClusterRole
Next steps
We are currently investigating and will provide an update in an upcoming release
