Using Powershell and Excel to compare Microsoft Hotfixs on Servers and Virtual Machines.

Hello All,


Two Types of Comparisons Devised

I have been working several Clustering and Hyper-V cases Recently.  I have come to a point where I notice the Virtual Machines rarely have the same level of  Microsoft Updates that the Cluster Node does. I finally had a few minutes to look at this issue, and I even made an Excel Spreadsheet to compare updates to other machines.

Fortunately, When I got serious about making a Spread Sheet Script, I noticed there were some pretty good work already available. In fact, I found one that will likely serve to compare updates on all the Nodes, all the VMs and more. I am sure I can do cross checks using a Host as the standard, and a bunch of VM’S as the comparisons.

So we are basically showing off two different ways of doing the same thing.  The Gallery script vs. MyExcelHotfixCompare. These are different things for different reasons. But its good to have them in the same place, Because they both have their own purpose.



First thing you want to do have is a copy of the spread sheet, MYexcelHotfixCompare , and a copy of the The Gallery script


Why Two Comparisons

So I made one up, and I found the other by accident! That is true. However, I discovered these both served different purposes.

The First method came from Stane Monsik. What this count does, is aggregate the KB’s for every server in the survey. So your Final report answers the question “when you updated Server Group X with KB Group Summation(A-Z), did you do that same thing to all the other servers? This is what I started out to have answered! If the answer to this is no, then I always tell my customer to finish his updates right away.

However, another question I was often asking, was not being answered by this script. The Questions was, When we know that there are X updates packages for Technology Y, how many of those updates did you apply to your server? Then Question #2,  For X and Y, did you apply these updates to just the server which had problems? The answer to this question should be that you updated all the servers which contained technology Y, with every Update Package X. I found this question was often met with Guesstimates more than actual proof; this was an easy question to get a good guess on. It’s also an easy question to just accept the guess and move on.  In today’s complex world, that is no longer acceptable. So I set out to easily answer this kind of question.


Method1 Script

This script will take “a list of Machines” and show you what updates the entire list has and does not have. Every KB gets added to the list, no matter what server it was found on.

The Script, located at , Goes to every server and pulls the list of hot fixes. Then it goes through the hot fix list and checks every computer, to see if the hot fix has been applied to the computer.

To make GetHotfixCompare_Gallery work, all you have to do is open the .PS1 file with notepad and add your list of computer names. You can add as many computers as you like, but realize it takes longer and longer and longer to complete. The text you are editing looks like this in the file:  See Figure 1. :

# —————————————————————————————————-

$computers = “ComputerName1”, “ComputerName2”, “ComputerName3”, “ComputerName4”, “ComputerName5”

# —————————————————————————————————-

The Result is a very nice HTML report:


Figure 1.



Once you populate the script with edits on the names of computers, you run the PS1 file by right Clicking the file and choosing Run With Power Shell. The Script runs (longer the more computers you select), then generates an HTML file of your KB’s. There is an orderly chart of stars telling you which KB’s have stars for the machine, and which do not have stars.


All in all, A  very good method. But in order for me to answer the technology related questions, I needed to use something different.


Method 2 Spread Sheet comparison (MY_excel_GetHotfixCompare)

On the Excel Help article, called “Compare two lists and highlight matches and differences” I use Example 4 of that section. Example 4 runs a comparison from column one (the update list of a server (get-hotfix)  against column two (the list of updates for the specific technology) .  The comparison Colorizes the two list columns to highlight where the updates match or are unique.

MY_ExcelGetHotfixCompare Is the name of the spread, and you just need to right click and save as to save the file as an XLSX file.

This method will always work, as long as you can find a list of key updates, Microsoft says is relevant. This list below is not unabridged. This is just areas where I work most often. Below are some Example Technology Patch lists, that will power column two, on your spread sheets.

Server 2012 and Exchange make you dig a little bit to get the actual KB list, but you get the Idea. The point is to get the list of “important hotfixes” and be able to use them to “audit” you current situation. So let’s get to the formulas and make a spread sheet!


Get Hot-fix Compare Spread Sheet

The Compare column Colorizes numbers in column A , that are also in column B. And Vice Versa. So there is only one caveat to this method. If the KB shows up twice in the same column, then the cell becomes colored, denoting that the patch has a match. But, This is an impossibility of the get-hot fix command. As long as your pasting in get-Hotfix results from only one machine per column, you will get a valid result. So the limitation of this, or any tool reviewing hot-fixes; don’t try to do two machines in one spread.

Steps to create:

  1. Open Excel and put your Values for Get-Hotfix (just the KB) into column 1.
  2. Copy the Hot-fix numbers for the relevant Microsoft KB numbers from your articles like above, into Column 2.
  3. With Excel at the Home Tab, Choose “Conditional Formatting” and Manage Rules . You will see a pop up window, New Formatting rule: (figure Below)




  1. Choose New Rule and “Format only unique or duplicate values”
  2. There is a little Drop down that says Duplicate or Unique- You will make that choice here



6.Then you see where it says no format set? (above) This is where you choose your color.

7. Hit the Format button. Then choose the Fill tab.

8. Now see the Fill tab below Choose your color and hit Ok.



9 Then Choose OK Below



10. Now Comes the important part. You simply highlight all values in both columns and there is a wizard that will form the formula for you based on how many rows each column has in it. I am showing the screenshot below, after I clicked into the “applies to field” and held down the left click of the mouse while I selected both columns and went down enough rows to cover all values in both columns. I also found that if you pre-select both columns, before clicking conditional format, then these vales will be there automatically


11.  The only thing you can’t see in the picture above is the dashed line that is now hovering over both columns. Once I hit OK or apply, it all goes away and my formula is:


Pre-Select your columns before you start with Conditional formatting

Now I found out some weirdness about the formula. If you have to go back and change the length of the column, you have to make the formula a little differently.  You click into the applies to field

and highlight Column one, then you type a comma, and then you highlight column 2. So the formula looks like this


The more general solution is coming up below:


I like the second formula better, because you can see the start and finish of each column. But the more general one covers all KB in both Columns. cant beat that. I am editing this sentence,

after the fact, and I found that if you select the columns, by Highlighting the columns entirely, you don’t have to deal with touching any formula aspect at  all.

Here the download again for My Excel HotfixCompare , You can also watch the video at the top and make your own spread.

Believe it or not, that is it! When you hit OK, your values immediately calculate out:



The next issue I tried to solve was the length of the column. It looks to me that this is the master formula, no matter how many KB s you have  (=$A:$A,$B:$B). This is for column A and B.

I do believe you could replace these values with columns a and c or b and E or whatever. This can help you move columns for your ease of use and you list can be as long or short as you want.

So use this in your Duplicate Values formula:


Again, I am coming back after the fact, and just saying to Highlight the columns you want to use, before you start, and you don’t have to deal with the formulas at all. I have a second Excel

Method for comparing up to 6 servers, but I will let you just download the Excel File and see how it works!!! Watch the video, I performed that in about 1 minute in the video. also

after the fact, and I found that if you select the columns, by Highlighting the columns entirely, you don’t have to deal with touching any formula aspect at  all.


How do I get my Hot-fix list = Get-Hotfix

So this is all we have left to cover. Below these are the steps I use to get that list of KB numbers isolated from the rest of the information you find when you run the Get-Hotfix command.


1. Open PowerShell as Administrator
2. You may run Get-Hotfix > c:\myhotfix.txt
3. Open Notepad ++ and Open myhotfix.txt
4. Hold Control and Alt Key on your keyboard at the same time
5. While (4) use the mouse to select just the KB column
6. once the KBs are highlighted Right click and choose copy.
7. Paste you KBs into notepad for transport to your work station.

That’s It! I hope you have enjoyed this article. In closing I have the original link for the script in the initial discussion. I also have a method to update your Hyper-V Cluster automatically with a script. That can be pretty handy.


How to make a .ISO File for Drivers or Platform updates for Offline Server 2016


So I hope I captured the mission of this blog With the title. I was trying to update some firmware and drivers over a DRAC/ILO. I found it was quite hard to find a way to wrap your BIOS and CHIP-SET into an ISO file unless that ISO was going to be the size of a Full Van Halen Double DVD! Or worse, I was burning a Default of 6 Terra Bytes or something!



Figure 1. How to make a Small ISO file for your Small Files.

Mea-BiB-Eyetes! (Mebibytes)

So I did the experimenting and I am going to introduce you to something you may not have heard of. Mebibytes!    That’s Mee —    BIB— EYETS!! That is not a unit of weight is it? It turns out this is a unit of Data. So you just have to fool around with getting the right amount of Mee Bee Bites. and your ISO can be whatever size you want!!.

So My research suggest you wont find anything for Free around unless you use IMGBURN. Great! Its got a lot of press online, they say it works but they never told me about the MEE BEE BITES!

So Grab your version of IMGBURN and follow me to BIOS ISLAND!!

How to get a 30 Meg ISO for 30 Meg worth of updates

So Below You will find the basic steps for how to do this magic. I suspect there will  be a video at the top of this Blog that may not be more entertaining, but will be of some help if the instructions don’t make sense.

1. You set the source and choose your files.  (left side of windows)

2. On the right, Clisk on the Advanced Tab. Choose “MEDIA”

2. Set the Profile to Custom.

3. Secret sauce (see screen shot below) Arrows show a sectors to Mebebytes.




  • Set the media tab to custom
  • The maximum sector size is like a guess number
  • SO to figure out what number needs to go there (max sectors
  • Convert the number to the right to Megabytes or Gigabytes.
  • MiB is mebibytes- so the conversion to search google is mebibytes to megabytes.
  • once you know how many megabytes you want the ISO to be, just keep increasing the numbers until the conversion comes up to what you want for the iSO size.

Then hit burn. It worked awesome. I copied Bios and Chip-set to a different server (another one I am working on, and it was perfect. Make yourself an ISO. If you get stuck

I can help you in just a few minutes.


One negative, the first installer had an adware, you just decline it, then you will get a second installer, which is the actual app, no adware, at all, just delete the first EXE and run the second one.

Nothing is installed on the machine with the first download. You may also look at other sites to get it from-


So There is not much to it, but I think watching it happen will make it much easier to carry out. I will put the video up top and make it short for you all. I hope this is helpful!!.

Special Bonus Bootable DVD and Bootable USB

In the video I covered two additional subjects. I explained how to make the Image Bootable in ImgBurn. I also showed a link for how to make a bootable USB with an application named RUFUS. I did not explain that process, but I did show the link to the RUFUS USB Bootable Blog Post.

I hope you left this blog post with what you came here looking for! Have a great day and weekend!

If you need to remember screen shots for burning of ImgBurn, so the ISO becomes bootable, Have a look at this blog entitled “How To Create Bootable Windows 10/8.1/7 ISO From Files/Folders”.

This set of screen shots can supplement the Video and this blog, with screenshots and steps to make a bootable image very possible for all. .


Windows Server 2016 Licensing Is Easier With a Little Help From a Calculator


Fortunately the industry is coming to our aid for answering questions about how many licenses you need for your 2016 Standard or Data-Center Server.

This is not a long post. I am just passing on the few methods I have ran across for getting the total licenses you need to purchase.

You can do it yourself with the Excel Download. That link is here, courtesy of Dell EMC INC.

Secondly, you have the Microsoft entry, which is also a Spread sheet, but its starts for your convenience here

Since I put a line above, I figure I need some special content, so how about a Video about the New 2016 Licensing?

Figure 1. Video on 2016 Licensing and Ramifications

If you watch the above video, you will get a good idea how useful the 2016 Licensing calculator will be. You can even use it to correct what you hear from others. some sites seem to message differently to others.

*update 7/29/2017. So I did find some other documentation (in the fine print) that tries to use 8 cores and 16 cores. So I could move as far as “the use of 8 as a starting point for processors, would not be false, but would be ambiguous” . The use of  expressing the minimum license in physical cores, does not fit in with most of the documentation, so the possibility of mis-understanding is maximized here.  So I am backing off on saying the MS blog is incorrect, but i am not changing the video because that video is lost time in my life, but second, the chart I show below is ambiguous, and serves as a good example to test the licensing calculator out. My take on that chart would not be an uncommon interpretation. See the chart from the Video below:


Figure 2. Ambiguous chart when compared to Licensing documentation.


To support where Microsoft is meaning with using 8 Processors as the starting point for a 2016 License, see this 2016 Datasheet.

This comes from Pricing and Licensing for Windows Server 2016

If you read this 2016 Datasheet  article, I think you will agree with me, that it says in black and white;  It says the you need to have a minimum of 16 Core License per server.

I am putting the fine print from the data sheet below. Do you come out thinking 8 or 16? then watch the Video. Does the MS blog look correct against these fine print Items below:

** All physical cores on the server must be licensed, subject to a minimum of 8 core licenses per physical processor and a minimum of 16 core licenses per server.

** CALs are required for every user or device accessing a server. See the Product Terms for details.

* Software Assurance is required to install and use Nano Server.

**  Pricing for Open (NL) ERP license for 16 core licenses. Actual customer prices may vary.


Now if you watched the Video, and saw the chart above, you probably want to see if the chart is right or wrong! Go ahead and get your calculator here !  I found a Microsoft version of the Spread Sheet. Dell and Microsoft look very similar indeed. It does say OEM windows so they may actually be the same. The 2016 Windows Server Core Calculator should be easy to find.

Enjoy reading and have a great Day!

If you want to get into the changes from old until now, or you want to get into the philosophy of why this change, you can look for some opinions and facts online. I found a pretty good one here, which i used for my own knowledge. The link here is from the Tech-net Blog and it is something you should go though and understand. Go ahead and correct it with the Calculator, and you can see how the 2016 License is going to affect how you purchase your Operating System.  Enjoy correcting your price projections!




Just the Shell commands for Skype Trouble Logging

I wanted to take a few minutes to just document a simple thing. Well the scope of the subject can become complex quickly. But this is not that. This is just a quick review of how to get the basic log output so you can troubleshoot a Skype issue.

I have a Video for this topic on Youtube.

So now matter how you approach logging, you will end up needing the Skype Debugging Tools.

The Debugging tool contains the Snooper log tool you will use to analyze the log. But It also contains the Skype GUI for also collecting the logs. So let me say your best method to collecting the Skype logs is to use the Gui in the Debugging tool kit. Here is a link for covering that topic: here

If the debugging tool kit is not working, you have another choice here that will act as a GUI for Log collection and analysis. Why not have a back up.

Command Line Logging

We are not going deep into Command line. If you want that please look here.

This is the emergency list of command if you just need to get logs now. below are the basic commands in order.


  • Show-CsClsLogging -Pools “”
  • Start-CsClslogging -scenario  alwayson
  • Stop-Csclslogging -scenario “AlwaysOn”
  • Search-CsClsLogging -OutputFilePath “C:\Users\admin\mylogs\ouput.txt


This is the bare bones commands you can use in a pinch to get your basic logs.

Scenarios there are many you can run

So the one item missing from the commands above is a way to get the different scenarios you can choose. In order to get this information, just run the following:

  • Get-CsClsScenario | fT name

This command is important as you can target what your looking for more clearly by using the right scenario to log:


So one thing to note is that the always on log will collect the sip stack trace, which is used in the lion share of Skype troubleshooting.

So now below I will include some examples of command you may find useful. this is not exhaustive, but this is the main things you may need for an average log collection


  1. Is logging running – Show-CsClsLogging -Pools “
  2. Run Edge Log- Start-CsClsLogging -Pools -Computers -Scenario alwayson
  3. Complex search by time- Search-CsClsLogging -pools “” -StartTime “11/20/2012 08:00:00 AM” -EndTime “11/20/2012 09:00:00 AM” -OutputFilePath “C:\Logfiles\logfile.txt”


To conclude, this is the crude basics you need to get those logs. if you want additonal information on hoe to make your own scenarios, that is very doable. see here for additional information if you are interested.


Thank you and happy logging.







Jetstress – Too Many IOPS? Andrew Higginbotham

Hello all,

This is a shout out at my Friend Andrew Higginbotham. This man is a multi-MVP and MCM in Exchange Server. He penned an article about Jet Stress, Which is very useful.

The issue is Page Fault Stalls/sec and the subject is SSD Solid State Drives.

I admit to not spending my time in Jet stress, as I don’t work on design elements as much as I do Skype. Andrew has come to my rescue on a few Design issues and Jet Stress on more than one occasion.

It turns out you should read this if you using SSD Flash Drives and Jet Stress= Here

This quick reference in my Blog is to support Andrews Blog and Recommend you read everything he writes. He is truly one of the best Exchange Persons around the US neighborhood.

Andrew thanks for your time on this case. I hate not being the expert but I am proud to work on a team with such strengths. I am just glad to be part of a team of individuals whose strengths compliment each other.



Edge Replication Status is false and the Last Update Creation time stops updating for command get-csmanagementstorereplicationstatus

When it comes to Edge Replication checking, this looks like a false positive below. But I know we all like to see true. So you see where the date says 6/22? That change means the last status report was a few month’s earlier. That missing update creation, is possibly saying the replication is not working. this is not hard to fix, so lets fix it!


Perform the steps below:

  1. Go to the Front end server and open Skype Management Shell
  2. Run the command Export-CsConfiguration –Filename C:\
  3. Copy the file to the Edge Server.
  4. Open the Skype for Business Deployment Wizard
  5. Choose Install Or Update Skype for Business Server System
  6. Choose install local configuration store.
  7. Browse to the file and finish the wizard.
  8. You can restart the Edge Server or just wait several minutes.
  9. If this fails, you just need to restart the SFB replication service on the FE and Edge Servers.


This is the point at which you browse to the configuration Zip file. Its Step 7.

I hope this helps your issue. I have seen this just stop refreshing and this step normally fixes the issue in my experience.



How to repair Software service won’t start on a domain controller or Windows software protection will not start access denied 5. on server 2012 R2.

Good day all,

I had the strangest activation issue today. I decided to detail the issue If I ever see it again. So I must admit, the whole idea came from searching the core team blog. My issue was the Software activation service would not start. This resulted in all of the activation related items failing from the customer perspective.

My particular error code was a little different, but the error verbiage was the same. I considered the verbiage enough to try a few things, and I found success. Its always important to share success.

The Core Team can solve your issue without me, so feel free to consult their article. I am just showing the folder and registry locations I needed to add the SPPSVC to, for my protection service to start. This is apparently only on a Domain Controller, Hence the name.

The Key was to add the NT Service\SPPSVC to some specific locations, both in the Folder system and the Registry. There was a little trick here. You have to deselect the domain, when choosing the account. This caused me to wallow along for much longer, as I never thought of doing this on my own power. That is where the Core Team Saved me. Thank you guys.

Screen shots of my 42DC Server look like:



Just to be clear what I am saying, you are to not use active directory groups when making your search. If you do, the NT SERVICE\SPPSVC will not be

there. So select your local machine and add your group. It should be there.


So now we understand how to make an otherwise mysterious user account show up on a Domain controller, here we go with the folder and registry locations.

  1. The Store Folder Located:

C:\Windows\System32\spp\ – Right click and chose the store folder permissions

2. The SPPSVC registry folder located at the  SPPSVC folder


3. The SoftwareProtection Registry Folder located at

Regedit\Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Software Protection

4. This one, I don’t know if this was necessary, so I would not do this unless it was your last gasp:

  • Take ownership of C:\Windows\System32\SPPSVC.EXE
  • Make sure you screen shot original permissions and put them back
  • Add SPPSVC as needed.

Those were the locations I found. Now I did not find this all on one MS KB, so I certainly don’t recommend this is a true fix for an issue. I simply found this in the moment of trying to get a customer back into functionality. Please look to the core team for updated information. This will supersede anything I have here today.


Update 6/22/2017


So in my one particular case, there was an additional location that changed. I had to find it with PROCMON by sysinternals. Using Procmon, I followed the MS blog to capture the traffic. I did not even need to filter the traffic. It clearly showed the WPA folder in the registry was missing a permission. Since the Service stared, after I made this change, It was definately the network service that was missing:

Here is the Key Location in regedit:



I hope this may help get you out of a Jam, and I hope your licensing functions well.