This article describes the issues that are fixed in Update Rollup 4 for Windows Azure Pack. Additionally, this article contains the installation instructions for Update Rollup 4 for Windows Azure Pack.
Issues that are fixed in this update rollup
Windows Azure Pack
If tenant has a database that uses Windows Authentication, the administrator cannot suspend its subscription.
Symptom This issue lets tenants continue to sue all SQL database resources. Also. the subscription state is changed. At this point, if the administrator tries to suspend the subscription, its state changes from "Active" to "Suspended (Out of Sync)." The Suspend subscription operation always fails with following error message:
One or more errors occurred while contacting the underlying resource providers. The operation may be partially completed. Details: Cannot alter the login 'userlogin', because it does not exist or you do not have permission.
Resolution With this update, the administrator can suspend a subscription that contains a database that uses Windows Authentication.
The tenant cannot connect to a database if the hosting server is set up for AlwaysOn but the SQL Server Contained Database feature is turned off.
Symptom The tenant always receives an error when it tries to connect to the database when these conditions are present.
Resolution The tenant will receive an error message when it creates a database in which this misconfiguration exists. The error message tells the user that the particular misconfiguration exists.
An instance of SQL Server does not have Contained Database Support enabled. Contained Database Support needs to be enabled when creating High Availability - AlwaysOn Database 'DatabaseName'
Also, when administrators try to add a hosting server that uses the wrong configuration, they will receive the following message:
The AlwaysOn listener 'AlwaysOnListener' does not have Contained Authentication enabled, please enable Contained Authentication, before adding this listener.
For virtual machine (VM) templates that contains multiple NICs and are not all connected to a network, the VM creation UI will not let the user select any of the available networks. Instead, each network adapter seems to be associated with a specific network.
Symptom The UI dropdown lists will behave so that each network adapter is exclusively associated with a specific network.
Resolution The user can freely select any available network for the specified NICs in the VM template.
Administrators cannot control the naming convention for "Computer Names" of VMs that are provisioned through their VM templates.
Symptom When a tenant creates a VM, the name that is passed for the VM is used to derive the "Computer Name" of the VM, and the administrator-provided name in the VM template is ignored.
Resolution Administrators can control whether the tenant-supplied name should overwrite the name that is provided in a VM template. They can do this through a plan configuration flag for the Service Provider Foundation (SPF) resource provider.
In Azure Pack Web Sites, tenants cannot use virtual directories because this is not supported by the Azure Pack UI.
Symptom Tenants do not have access to a feature that lets them implement virtual directories for their Windows Azure Pack (WAP) Web Sites.
Resolution Support for this feature is available with this update. The tenant can use the Web Sites Settings page to add directories as needed.
Virtual machines that are provisioned through WAP do not have Disaster Recovery (DR) protection or cannot enable DR.
Symptom Administrators cannot specify whether the VMS that are provisioned through their plans can be protected from disastrous events. Tenants do not have an option to subscribe to a provider plan that supports DR.
Resolution Support for this feature is available with this update. Administrators can enable DR that is supported through Azure Site Recovery for any plans as long as the Azure Site Recovery (ASR) infrastructure is deployed. Specific instructions are linked to the check box label that is used to enable the feature.
These installation instructions are for the following Windows Azure Pack components:
Tenant Public API
SQL Server Extension
Web App Gallery Extension
Best Practices Analyzer
To install the update .msi files for each Windows Azure Pack component, follow these steps:
If the system is currently operational (handling customer traffic), schedule downtime for the Azure servers. The Windows Azure Pack does currently not support rolling upgrades.
Stop or redirect customer traffic to sites that you consider satisfactory.
Create backups of the computers and databases. To do this, follow these steps:
This update does contain database changes (see step 5). We strongly recommend that you keep backups of your databases current before you install.
If you use virtual machines, you should take snapshots of their current state. Otherwise, go to the next step.
If you do not use VMs, make a backup of the computer to be used for restoring if you have to roll back your update installation.
If you use your own theme for the Windows Azure Pack Tenant site, follow these instructions to preserve your theme changes before you perform the update.
Perform the update by using Microsoft Update either directly on each node or through the Windows Server Update Services (WSUS) server.
For each node under Load Balancing, run the updates for components in the following order:
If you use the original self-signed certificates installed by WAP, the update operation will replace them. You have to export the new certificate and import it to the other nodes under Load Balancing. These certificates have the CN=MgmtSvc-* (Self-Signed) naming pattern.
Update Resource Provider (RP) services (SQL Server, My SQL, SPF/VMM, websites) as needed. And make sure that the RP sites are running.
Update the Tenant API site, and also the Public Tenant API site , Administrator API nodes, and Administrator and Tenant Authentication sites.
Update the Administrator and Tenant sites.
To resolve the issues about security updates, follow these steps:
Download this script from the Microsoft Download Center. The script makes changes to the Windows Azure Pack databases.
Open the script in a text editor such as Windows PowerShell ISE.
Change the following connection string line to match the instance of Microsoft SQL Server that you use for Windows Azure Pack:
Run this script as an administrator on the servers that contain the Mgmt-Svc-PowerShellAPI module. These servers are those that run the following:
Web App Gallery Extension
SQL Server Extension
If all components are updated and are functioning as expected, you can start to open the traffic to your updated nodes. Otherwise, see the "Rollback instructions" section.
If an issue occurs and you verify that a rollback is necessary, follow these steps:
If snapshots are available from step 3B in the "Installation instructions" section, apply the snapshots. If there are no snapshots, go to the next step.
Use the backup that was taken in steps 3A and 3C in the "Installation instructions" section to restore your databases and computers.
Do not leave the system in a partly updated state. Perform rollback operations on all computers on which Windows Azure Pack was installed, even if the update failed on one node.
We recommend that you run the Windows Azure Pack Best Practice Analyzer on each Windows Azure Pack node to make sure that configuration items are correct. Then, open the traffic to your restored nodes.
Files that are updated