Update 1605 for Cloud Platform System Premium

Summary
Update 1605 for Cloud Platform System (CPS) Premium includes Windows Server and SQL Server updates. This update contains the following components:
  • Dell Active Fabric Manager (AFM) P7 Release (supersedes unreleased P5 and P6).
  • Virtual Machine Manager (VMM) Hyper-V Network Virtualization policy hotfix.
  • 1605-0 Update. This is a single update (3138615) to the Windows Update agent. You must install this separately (and before) the main package.
  • 1605-1 Update. This is the main package. It contains 111 updates.

There are no System Center or Windows driver updates.

Firmware updates for the switches are included in the Dell AFM P7 package.

Note Because the deployment of the larger update payload depends on the Windows Update agent update, this is the prerequisite for all updates through the next major release (1607).
More information
To install update 1605 for CPS Premium, follow these steps. This update procedure assumes that you have already installed update 1603. Any references to the CPS Premium Administrators Guide pertain to the version for the 1603 update. There is no revision to the CPS Premium Administrators Guide for the 1605 update.

Note There was no 1604 update released.

Step 1: Update network switch firmware

Follow the steps in the "Update network switch firmware" section of the CPS Premium Administrators Guide that was provided by your account team, together with the following additional information.
  • Ignore any comments in the Administrators guide about applicability to CPS Premium with 2014 hardware. This switch firmware applies to all versions of CPS Premium hardware.
  • The following is the download location of the AFM files for Update 1605:

    The following are the recommended firmware versions that switches should run after the update.

    DeviceRecommended Firmware VersionCPS Premium Hardware Version
    S40489.9 (0.0P11)2016
    S30489.9 (0.0P11)2016
    S48109.9 (0.0P11)2014
    S558.3.5.62014


Step 2: Install the prerequisite VMM hotfix

How to apply the Virtual Machine Manager (VMM) Hyper-V Network Virtualization policy hotfix

The highly available VMM clustered role (Prefix-HA-VMM) has two nodes, Prefix-VMM-01 and Prefix-VMM-02. In the instructions, we refer to these as Node1 and Node2.
  1. From the specified location, copy the System Center 2012 R2 VMM UR HotFix 6095474.exe file to a folder on a Console VM, such as C:\VMMHotfix.
  2. Double-click the System Center 2012 R2 VMM UR HotFix 6095474.exe file, review the Microsoft Software License Terms, and then click Yes to accept.
  3. Choose a folder to store the extracted files, such as C:\VMMHotfix, and then click OK.
  4. Determine the passive VMM node. To do this, open a Windows PowerShell ISE session and then run the following script, where is your stamp prefix:
    $prefix = $ENV:COMPUTERNAME.split('-')[0]$VmmServerName = "$prefix-HA-VMM" $vmmServer = Get-SCVMMServer -ComputerName $VmmServerName $activeNode = $vmmServer.ActiveVMMNode $passiveNodes = @() $vmmServer.FailoverVMMNodes | ForEach-Object { if($_.ToLower() -ne $activeNode.ToLower()){ $passiveNodes += $_ } } Write-Host "Active Node: $activeNode" -ForegroundColor GreenWrite-Host "Passive Node: $passiveNodes" -ForegroundColor Green

    This script returns the server name of the passive VMM node. (In our example, we at first assume that Node2 is the passive node.)

  5. In File Explorer, browse to the following folder on the passive node:
    \\Prefix-VMM-0#>\c$\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin
  6. Make a backup copy of the ImgLibEngine.dll file in the \bin folder.
  7. In the VMM console, determine which host (in the management cluster) the passive VMM node is running on.
  8. Open Hyper-V Manager, connect to the management cluster host that you identified in the previous step, and connect to the passive VMM node.
  9. On the VMM node, type powershell to open an elevated Windows PowerShell session, and then run the following command:
    Stop-Service SCVMMService Stop-Service SCVMMAgent
  10. Verify that the service has stopped running. To do this, run the following command:
    Get-Service SCVMMService Get-Service SCVMMAgent

    Verify that the status is Stopped. If you're prompted to close the System Center Management Service Host process, click Ignore.

  11. On the Console VM, browse to the following folder on the passive node:
    \\Prefix-VMM-0#\c$\Program Files\Microsoft System Center 2012 R2\Virtual Machine Manager\bin
  12. In the \bin folder, replace the ImgLibEngine.dll file that has the new version of the files that you extracted from the hotfix package.
  13. On the passive VMM node, run the following command to start the VMM Agent service:
    Start-Service SCVMMAgent

    Note The SCVMMService service will not start when the passive VMM server node is not active. The SCVMMService service starts only when the node becomes the Active node. This is by design.

  14. In Failover Cluster Manager, begin a failover. This makes Node1 to become the new passive node and Node2 (which has already been updated) become the active node.
  15. Open Failover Cluster Manager, and then connect to the Prefix-CL-VMM cluster.
  16. Click Roles. The Roles pane displays the active node in the Owner Node column. Right-click the active node, point to Move, and then click Select Node. Select the other node, and make sure that the status changes to Running for the new active node. This may take several seconds.
  17. Follow steps 5–13 to update the VMM file on the new passive node (in this example, Node1).

To revert the update (if it is necessary):
  1. On the passive VMM node, stop the SCVMMService service, and then stop the SCVMMAgent service.
  2. Replace the files under your Virtual Machine Manager Install directory with your backup files.
  3. Start the SCVMMAgent service.
  4. Start the SCVMMService service.
  5. In Failover Cluster Manager, start a failover of the Prefix-HA-VMM clustered role.
  6. Repeat steps 1-4 on the new passive node.

Step 3: Prepare the package

Follow the steps in the "Prepare the patching environment" section of the CPS Premium Administrators Guide that was provided by your account team.

Extract both the 1605-0 and 1605-1 updates now, and put them on the Infrastructure share in different folders.

Make sure that you do not start the update process, but instead run the Health Check described in the next step.

Step 4: Clean up the WSUS server

  1. On the Console VM, open the Windows Server Update Services console.
  2. Right-click Update Services, click Connect to Server, and then connect to the WSUS VM (Prefix-SUS-01).
  3. In the navigation pane, expand Update Services, expand WSUS_Server, expand Updates, and then click All Updates.
  4. In the All Updates pane, in the Approval list, click Any except declined. In the Status list, click Any and then click Refresh.
  5. Select all updates.
  6. Right-click the selection, and then click Decline.
  7. In the navigation pane, expand the server name, and then click Options.
  8. In the Options pane, click Server Cleanup Wizard.
  9. Select all check boxes except for Computers not contacting the server.
  10. Click Next.

Step 5: Run the Patch & Update Health Check and address any discovered issues

In the "Update the computers" section of the CPS Premium Administrators Guide, complete "Step 1: Run a health check and fix any discovered issues." This includes functionality to check for and disable any running backup jobs.

Important Do not start the update process, but instead run the Health Check, fix any discovered issues, and stop any running backup jobs.

Step 6: Run the P&U update package 1605-0

In the "Update the computers" section of the CPS Administrators Guide, follow "Step 2: Apply the P&U update package" to apply Update 1605-01.

You should be aware that starting with Update 1603, P&U automatically runs a health check as part of the update process. You can control what happens if critical Operations Manager alerts are discovered by changing the value of the –ScomAlertAction parameter. See the Administrators Guide for more information.

Because of the size of this package, estimates for deployment are 12-18 hours.

If you do not intend to apply 1605-1 immediately, remember to enable DPM agents if you disabled them earlier (as described in the Administrators Guide).

Also, if you do not intend to apply 1605-1 immediately, follow the steps in "Step 3: Post-update clean up" of the Administrators Guide after you update.

Step 7: Run the P&U update package 1605-1

Follow the same steps for installing the 1605-1 package. This can be scheduled right after the 1605-0 package, or in the future, depending on your maintenance timeframe requirements.

Because of the size of this package, estimates for deployment are 36-48 hours (per rack).

After the update is finished, remember to enable DPM agents if you disabled them earlier (as described in the Administrators Guide). Also, follow the steps in "Step 3: Post-update clean up" of the Administrators Guide after you update.

Step 8: Run an optional compliance scan

To run a compliance scan, pass the following flag:
\\SU1_InfrastructureShare1CPSPU_Folder_Name\Framework\PatchingUpgrade\Invoke-PURun.ps1 -PUCredential $cred -ComplianceScanOnly

The compliance scan output is written to the following location where the update package was extracted, for example: "PURoot"\MissingUpdates.json

Payload for Update 1605-0

Updates for Windows Server 2012 R2
KB ArticleDescription
3138615Update for Windows Server 2012 R2 (KB3138615)

Payload for Update 1605-1

Updates for Windows Server 2012 R2

KB ArticleDescription
3156059MS16-057: Description of the security update for Windows shell: May 10, 2016
3156019MS16-055: Description of the security update for Microsoft graphics component: May 10, 2016
3156017MS16-062: Description of the security update for Windows Kernel-Mode Drivers: May 10, 2016
3156016MS16-055: Description of the security update for Microsoft graphics component: May 10, 2016
3156013MS16-055: Description of the security update for Microsoft graphics component: May 10, 2016
3155784MS16-067: Security update for volume manager driver: May 10, 2016
3154070MS16-051: Security update for Internet Explorer: May 10, 2016
3153704MS16-061: Description of the security update for RPC: May 10, 2016
3153199MS16-062: Description of the security update for Windows Kernel-Mode Drivers: May 10, 2016
3153171MS16-060 and MS16-061: Description of the security update for RPC and for Windows kernel: May 10, 2016
3151058MS16-064: Description of the security update for Schannel: May 10, 2016
3149090MS16-047: Description of the security update for SAM and LSAD remote protocols: April 12, 2016
3146963MS16-040: Description of the security update for Microsoft XML core services: April 12, 2016
3146723MS16-048: Description of the security update for CSRSS: April 12, 2016
3146706MS16-044: Security update for Windows OLE: April 12, 2016
3142045MS16-039: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: April 12, 2016
3142036MS16-065: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 10, 2016
3142030MS16-065: Description of the security update for the .NET Framework 4.5.2 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 10, 2016
3142026MS16-065: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: May 10, 2016
3135998MS16-035: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: March 8, 2016
3135994MS16-035: Description of the security update for the .NET Framework 4.5.2 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: March 8, 2016
3135991MS16-035: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: March 8, 2016
3135985MS16-035: Description of the security update for the .NET Framework 3.5 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: March 8, 2016
3135456MS16-045: Description of the security update for Windows Hyper-V: April 12, 2016
3130944March 2016 update for Windows Server 2012 R2 clusters to fix several issues
3127231MS16-019: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: February 9, 2016
3127226MS16-019: Description of the security update for the .NET Framework 4.5.2 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: February 9, 2016
3127222MS16-019: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: February 9, 2016
3123479Microsoft security advisory: Deprecation of SHA-1 hashing algorithm for Microsoft root certificate program: January 12, 2016
3122660MS16-019: Description of the security update for the .NET Framework 4.6 and 4.6.1 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: February 9, 2016
3122654MS16-019: Description of the security update for the .NET Framework 4.5.2 in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: February 9, 2016
3122651MS16-019: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: February 9, 2016
3121918MS16-007: Description of the security update for Windows: January 12, 2016
3121461MS16-007: Description of the security update for Windows: January 12, 2016
3110329MS16-007: Description of the security update for Windows: January 12, 2016
3109560MS16-007: Description of the security update for Windows: January 12, 2016
3109094MS15-128 and MS15-135: Description of the security update for Windows kernel-mode drivers: December 8, 2015
3108604Microsoft security advisory: Description of the security update for Windows Hyper-V: November 10, 2015
3102939MS15-120: Security update for IPsec to address denial of service: November 10, 2015
3101246MS15-122: Description of the security update for Windows Kerberos: November 10, 2015
3098785MS15-118: Description of the security update for the .NET Framework 4.6 and 4.6.1 on Windows 8.1 and Windows Server 2012 R2: November 10, 2015
3098779MS15-118: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: November 10, 2015
3098000MS15-118: Description of the security update for the .NET Framework 4.6 and 4.6 RC on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: November 10, 2015
3097997MS15-118: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: November 10, 2015
3097992MS15-118: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: November 10, 2015
3097966Microsoft security advisory: Inadvertently disclosed digital certificates could allow spoofing: October 13, 2015
3092601MS15-119: Description of the security update for Windows Winsock: November 10, 2015
3081320MS15-121: Security update for Schannel to address spoofing: November 10, 2015
3080446MS15-109: Description of the security update for Windows Shell: October 13, 2015
3078601MS15-080: Description of the security update for Windows: August 11, 2015
3076895MS15-084: Description of the security update for Windows XML core services: August 11, 2015
3075220MS15-082: Description of the security update for RDP in Windows: August 11, 2015
3074553MS15-101: Description of the security update for the .NET Framework 4.6 and 4.6 RC on Windows 8.1 and Windows Server 2012 R2: September 8, 2015
3074548MS15-101: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: September 8, 2015
3074545MS15-101: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: September 8, 2015
3074232MS15-101: Description of the security update for the .NET Framework 4.6 and 4.6 RC on Windows 8.1 and Windows Server 2012 R2: September 8, 2015
3074228MS15-101: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: September 8, 2015
3072630MS15-074: Vulnerability in Windows Installer service could allow elevation of privilege: July 14, 2015
3072307MS15-080: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: August 11, 2015
3071756MS15-085: Description of the security update for Windows Mount Manager: August 11, 2015
3068457MS15-071: Vulnerability in Netlogon could allow elevation of privilege: July 14, 2015
3060716MS15-090: Vulnerabilities in Windows could allow elevation of privilege: August 11, 2015
3059317MS15-060: Vulnerability in Microsoft common controls could allow remote code execution: June 9, 2015
3055642MS15-050: Vulnerability in Service Control Manager could allow elevation of privilege: May 12, 2015
3048072MS15-044: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: May 12, 2015
3046017MS15-088 Description of the security update for Windows, Internet Explorer, and Office: August 11, 2015
3045755Microsoft Security Advisory 3045755: Update to improve PKU2U authentication
3045685MS15-038: Description of the security update for Windows: April 14, 2015
3042553MS15-034: Vulnerability in HTTP.sys could allow remote code execution: April 14, 2015
3037576MS15-041: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: April 14, 2015
3035126MS15-029: Vulnerability in Windows Photo Decoder component could allow information disclosure: March 10, 2015
3033889MS15-020: Description of the security update for Windows text services: March 10, 2015
3030377MS15-028: Vulnerability in Windows Task Scheduler could allow security feature bypass: March 10, 2015
3023266MS15-001: Vulnerability in Windows Application Compatibility cache could allow elevation of privilege: January 13, 2015
3023222MS15-048: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 12, 2015
3023219MS15-048: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: May 12, 2015
3022777MS15-005: Vulnerability in Network Location Awareness service could allow security feature bypass: January 13, 2015
3021674MS15-003: Vulnerability in Windows User Profile service could allow elevation of privilege: January 13, 2015
3019978MS15-004: Description of the security update for Windows: January 13, 2015
3010788MS14-064: Description of the security update for Windows OLE: November 11, 2014
3006226MS14-064: Description of the security update for Windows OLE: November 11, 2014
3004365MS15-006: Vulnerability in Windows Error Reporting could allow security feature bypass: January 13, 2015
3004361MS15-014: Vulnerability in Group Policy could allow security feature bypass: February 10, 2015
3000483MS15-011: Vulnerability in Group Policy could allow remote code execution: February 10, 2015
2994397MS14-059: Description of the security update for ASP.NET MVC 5.1: October 14, 2014
2993939MS14-059: Description of the security update for ASP.NET MVC 2.0: October 14, 2014
2993937MS14-059: Description of the security update for ASP.NET MVC 3.0: October 14, 2014
2993928MS14-059: Description of the security update for ASP.NET MVC 4.0: October 14, 2014
2992080MS14-059: Description of the security update for ASP.NET MVC 5.0: October 14, 2014
2979576MS14-057: Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: October 14, 2014
2979573MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014
2978126MS14-072: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: November 11, 2014
2978122MS14-072: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: November 11, 2014
2977765MS14-053: Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: September 9, 2014
2977292Microsoft security advisory: Update for Microsoft EAP implementation that enables the use of TLS: October 14, 2014
2973114MS14-053: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: September 9, 2014
2972213MS14-053: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: September 9, 2014
2972103MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014
2968296MS14-057: Description of the security update for the .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2: October 14, 2014
2966828MS14-046: Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: August 12, 2014
2966826MS14-046: Description of the security update for the .NET Framework 3.5 in Windows 8.1 and Windows Server 2012 R2: August 12, 2014
2934520The Microsoft .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
2898850Description of the security update for the .NET Framework 4.5.1 and the .NET Framework 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: May 13, 2014
2898847Description of the security update for the .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2: May 13, 2014
2565063MS11-025: Description of the security update for Visual C++ 2010 Service Pack 1: August 9, 2011
2565057MS11-025: Description of the security update for Visual Studio 2010 Service Pack 1: August 9, 2011
2542054MS11-025: Description of the security update for Visual Studio 2010: June 14, 2011
2538243MS11-025: Description of the security update for Visual C++ 2008 SP1 Redistributable Package: June 14, 2011
2538241MS11-025: Description of the security update for Visual Studio 2008 SP1: June 14, 2011
2467173MS11-025: Description of the security update for Visual C++ 2010 Redistributable Package: April 12, 2011

Updates for SQL Server 2012

KB ArticleDescription
3072779SQL Server 2012 Service Pack 3 release information

Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.
Properties

Article ID: 3156500 - Last Review: 05/27/2016 19:02:00 - Revision: 2.0

Cloud Platform System

  • kbexpertiseinter kbsurveynew kbhowto KB3156500
Feedback