Using Powershell and Excel to compare Microsoft Hotfixs on Servers and Virtual Machines.

Hello All,

 

Two Types of Comparisons Devised

I have been working several Clustering and Hyper-V cases Recently.  I have come to a point where I notice the Virtual Machines rarely have the same level of  Microsoft Updates that the Cluster Node does. I finally had a few minutes to look at this issue, and I even made an Excel Spreadsheet to compare updates to other machines.

Fortunately, When I got serious about making a Spread Sheet Script, I noticed there were some pretty good work already available. In fact, I found one that will likely serve to compare updates on all the Nodes, all the VMs and more. I am sure I can do cross checks using a Host as the standard, and a bunch of VM’S as the comparisons.

So we are basically showing off two different ways of doing the same thing.  The Gallery script vs. MyExcelHotfixCompare. These are different things for different reasons. But its good to have them in the same place, Because they both have their own purpose.

 

 

First thing you want to do have is a copy of the spread sheet, MYexcelHotfixCompare , and a copy of the The Gallery script

 

Why Two Comparisons

So I made one up, and I found the other by accident! That is true. However, I discovered these both served different purposes.

The First method came from Stane Monsik. What this count does, is aggregate the KB’s for every server in the survey. So your Final report answers the question “when you updated Server Group X with KB Group Summation(A-Z), did you do that same thing to all the other servers? This is what I started out to have answered! If the answer to this is no, then I always tell my customer to finish his updates right away.

However, another question I was often asking, was not being answered by this script. The Questions was, When we know that there are X updates packages for Technology Y, how many of those updates did you apply to your server? Then Question #2,  For X and Y, did you apply these updates to just the server which had problems? The answer to this question should be that you updated all the servers which contained technology Y, with every Update Package X. I found this question was often met with Guesstimates more than actual proof; this was an easy question to get a good guess on. It’s also an easy question to just accept the guess and move on.  In today’s complex world, that is no longer acceptable. So I set out to easily answer this kind of question.

 

Method1 Script

This script will take “a list of Machines” and show you what updates the entire list has and does not have. Every KB gets added to the list, no matter what server it was found on.

The Script, located at Gallery.Tech.net.Microsoft.Com , Goes to every server and pulls the list of hot fixes. Then it goes through the hot fix list and checks every computer, to see if the hot fix has been applied to the computer.

To make GetHotfixCompare_Gallery work, all you have to do is open the .PS1 file with notepad and add your list of computer names. You can add as many computers as you like, but realize it takes longer and longer and longer to complete. The text you are editing looks like this in the file:  See Figure 1. :

# —————————————————————————————————-

$computers = “ComputerName1”, “ComputerName2”, “ComputerName3”, “ComputerName4”, “ComputerName5”

# —————————————————————————————————-

The Result is a very nice HTML report:

 

Figure 1.

1comparetable

 

Once you populate the script with edits on the names of computers, you run the PS1 file by right Clicking the file and choosing Run With Power Shell. The Script runs (longer the more computers you select), then generates an HTML file of your KB’s. There is an orderly chart of stars telling you which KB’s have stars for the machine, and which do not have stars.

 

All in all, A  very good method. But in order for me to answer the technology related questions, I needed to use something different.

 

Method 2 Spread Sheet comparison (MY_excel_GetHotfixCompare)

On the Excel Help article, called “Compare two lists and highlight matches and differences” I use Example 4 of that section. Example 4 runs a comparison from column one (the update list of a server (get-hotfix)  against column two (the list of updates for the specific technology) .  The comparison Colorizes the two list columns to highlight where the updates match or are unique.

MY_ExcelGetHotfixCompare Is the name of the spread, and you just need to right click and save as to save the file as an XLSX file.

This method will always work, as long as you can find a list of key updates, Microsoft says is relevant. This list below is not unabridged. This is just areas where I work most often. Below are some Example Technology Patch lists, that will power column two, on your spread sheets.

Server 2012 and Exchange make you dig a little bit to get the actual KB list, but you get the Idea. The point is to get the list of “important hotfixes” and be able to use them to “audit” you current situation. So let’s get to the formulas and make a spread sheet!

 

Get Hot-fix Compare Spread Sheet

The Compare column Colorizes numbers in column A , that are also in column B. And Vice Versa. So there is only one caveat to this method. If the KB shows up twice in the same column, then the cell becomes colored, denoting that the patch has a match. But, This is an impossibility of the get-hot fix command. As long as your pasting in get-Hotfix results from only one machine per column, you will get a valid result. So the limitation of this, or any tool reviewing hot-fixes; don’t try to do two machines in one spread.

Steps to create:

  1. Open Excel and put your Values for Get-Hotfix (just the KB) into column 1.
  2. Copy the Hot-fix numbers for the relevant Microsoft KB numbers from your articles like above, into Column 2.
  3. With Excel at the Home Tab, Choose “Conditional Formatting” and Manage Rules . You will see a pop up window, New Formatting rule: (figure Below)

 

2spread

 

  1. Choose New Rule and “Format only unique or duplicate values”
  2. There is a little Drop down that says Duplicate or Unique- You will make that choice here

3spread

 

6.Then you see where it says no format set? (above) This is where you choose your color.

7. Hit the Format button. Then choose the Fill tab.

8. Now see the Fill tab below Choose your color and hit Ok.

3color

 

9 Then Choose OK Below

5

 

10. Now Comes the important part. You simply highlight all values in both columns and there is a wizard that will form the formula for you based on how many rows each column has in it. I am showing the screenshot below, after I clicked into the “applies to field” and held down the left click of the mouse while I selected both columns and went down enough rows to cover all values in both columns. I also found that if you pre-select both columns, before clicking conditional format, then these vales will be there automatically

6

11.  The only thing you can’t see in the picture above is the dashed line that is now hovering over both columns. Once I hit OK or apply, it all goes away and my formula is:

=$A$3:$B$13

Pre-Select your columns before you start with Conditional formatting

Now I found out some weirdness about the formula. If you have to go back and change the length of the column, you have to make the formula a little differently.  You click into the applies to field

and highlight Column one, then you type a comma, and then you highlight column 2. So the formula looks like this

=$A$3:$A$13,$B$3:$B$13

The more general solution is coming up below:

=$A:$A,$B:$B

I like the second formula better, because you can see the start and finish of each column. But the more general one covers all KB in both Columns. cant beat that. I am editing this sentence,

after the fact, and I found that if you select the columns, by Highlighting the columns entirely, you don’t have to deal with touching any formula aspect at  all.

Here the download again for My Excel HotfixCompare , You can also watch the video at the top and make your own spread.

Believe it or not, that is it! When you hit OK, your values immediately calculate out:

7

 

The next issue I tried to solve was the length of the column. It looks to me that this is the master formula, no matter how many KB s you have  (=$A:$A,$B:$B). This is for column A and B.

I do believe you could replace these values with columns a and c or b and E or whatever. This can help you move columns for your ease of use and you list can be as long or short as you want.

So use this in your Duplicate Values formula:

=$A:$A,$B:$B

Again, I am coming back after the fact, and just saying to Highlight the columns you want to use, before you start, and you don’t have to deal with the formulas at all. I have a second Excel

Method for comparing up to 6 servers, but I will let you just download the Excel File and see how it works!!! Watch the video, I performed that in about 1 minute in the video. also

after the fact, and I found that if you select the columns, by Highlighting the columns entirely, you don’t have to deal with touching any formula aspect at  all.

 

How do I get my Hot-fix list = Get-Hotfix

So this is all we have left to cover. Below these are the steps I use to get that list of KB numbers isolated from the rest of the information you find when you run the Get-Hotfix command.

 

1. Open PowerShell as Administrator
2. You may run Get-Hotfix > c:\myhotfix.txt
3. Open Notepad ++ and Open myhotfix.txt
4. Hold Control and Alt Key on your keyboard at the same time
5. While (4) use the mouse to select just the KB column
6. once the KBs are highlighted Right click and choose copy.
7. Paste you KBs into notepad for transport to your work station.

That’s It! I hope you have enjoyed this article. In closing I have the original link for the script in the initial discussion. I also have a method to update your Hyper-V Cluster automatically with a script. That can be pretty handy.

 

Advertisements

Microsoft Licensing Issues may Require a Tool Called MGADiag or the Web Version of Genuine Microsoft Advantage!

Good day,

 

A friend of mine hit me up looking for an application called MGADiag. Wow what an old tool!! But yes, I still have a copy.

I sent it to him. After review, I decided not to include a copy to this article. I did post a link to it, but i want to let people know

they should really look a the new web based tool.(Here) The new tool does not do the same thing, at first glance. but on further review, the

web page relies on a plugin, which seemingly collects similar information.

We don’t have much choice on newer Systems. Just look at figure 1. MGADIAG doesn’t work too well with Windows 10.  Other tabs have worse errors, but some tabs work OK.  .

 

Figure 1.

Reason for most failures

Hey, In its time, this was a great tool. It collected a lot of the licensing information, all in a few tabs. Great for Windows XP and maybe Vista and Windows 7. Beyond that, let the caveat emptor!

It looks like MGADiag was retired for a reason. So my evaluation of MGADiag in 2017 is its in need of a re-vamp

Well the revamp is basically this article and the web tool. here.

Basically there is a 90% chance your activation issue is captured in this simple document ( here). Did you activate the key from this server already? One License equals one machine. These are basic Tenants, that will tell you if you are genuine or not.

So My Licensing is really Broke

If everything checks out against the article, then go ahead and check licensing with the Genuine Advantage Web tool. If that checks out, then you can check with MS.

What to do about Activation (MS)

If you end up with MS, Microsoft, where you are not in the wrong, you should use standard procedures to get activation and license issues fixed.  So lets get that out of the way.

So you can just do the right thing. Just go to a command line and type  SLUI 3 or SLUI 4. This is command line activation and Voice Activation. When the Voice Activation answers the phone, you will be made to explain why you think your license is genuine. This may require a supervisor. Only the supervisors apparently have the information to make a determination, or perhaps, only the supervisors have the ability to fix a wrong determination in their job description.

So here is the thing. Microsoft can see all license keys. they can see if they are activated. So your story needs to explain why a license would be activated in their system. If your story makes sense, and you don’t mind a deactivation to activate your machine, or multiple activation’s are justified for the key you are using, they will generally make good on your license. .

To conclude, we have MGADiag, Genuine Advantage website, and we have SLUI as tools we can use to work on licensing issues.

But Be careful! MGADiag is no longer a public MS download

For example, look at this link, its wrapped in another application completely! Beware!

Here is the Newer tool, in all its glory:

 

and Finally, Another Blog example of the basic activation steps as they have not changed much over the years

 

Louis Reeves

Update all of your Skype For Business Servers

 

SFBupdates

Good Morning Class, Today I just wanted to put into your hands a needed cheat sheet that puts together all of the update changes in SFB into one simple upgrade document for any set of SFB servers.  So lets begin.

Pre-Requisite Install work for Skype for Business Updates

Updates should be done in the following groups, in the following order:

  • Standard Edition Servers
  • Front End Servers
  • Mediations Servers, Director and Edge Servers
  • Back End SQL Servers

To begin, If you have Skype for Business (SFB) Standard Edition, you will follow this process:

Standard Edition Updates for SFB Server Environment

  • 1 Stop-CsWindowsService
  • 2 net stop w3svc
  • 3 SkypeServerUpdateInstaller.exe
  • 4 Once this is complete move to step 5
  • 5 Open a new SFB Shell after closing the update window
  • 6 Stop-CsWindowsService
  • 7 net start w3svc
  • 8 Depending on your Database setup- you may run one or the other
    1. Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn <SQL Server FQDN>
    2. Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn <SQL Server FQDN> -ExcludeCollocatedStores
    3. Install-CsDatabase -Update -LocalDatabases

If you have Standard SFB, Stop. You have completed all you need for your Deployment. If you have SFB Enterprise, Follow the Steps Below.

SFB Enterprise Updates of Servers and SQL

Front End Servers Patched First. Patch One Pool At a time, One Server at a time.

Run: 1. Get-CsPoolUpgradeReadinessState

Only if you get a failure, and only if your results show a missing replica, then you run this command:

    • Get-CsPoolFabricState -PoolFqdn <PoolFQDN>
    • Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery

Otherwise Continue

  • 2. (Ignore if non Clustered or Mirrored) Invoke-CsComputerFailOver -ComputerName <Front End Server to be patched>
  • 3. Get-CsWindowsService (services will be running) & Get-CsPoolFabricState (Fabric will show 1 less server in the pool)
  • 4. Run the latest Installer package
  • 5. Don’t Be impatient!!!
  • 6. Only when the updates are done, move to step 7 or 8
  • 7. (Ignore if non Clustered or Mirrored) Invoke-CsComputerFailBack –ComputerName <Front End>
  • 8. You may check for the pending restart. Be aware you may want to do the restart before moving to the next server

Mediations Servers, Director and Edge Servers Patch One at a time

The Steps are the same for this group of servers as well. However, they need to be completed as a separate group. So begin with the same steps and when complete, Make sure you have restated your servers if needed.Edge Servers should be done together as well.

Back end SQL Servers and other SQL Servers

Once all of these servers in your deployment are updated, You need to update the SQL instances:

  • 1.On the Back End SQL machines OR On the Master FE sever of your Pool (RTClocal) or Monitoring Database

      • Install-CsDatabase -Update -ConfiguredDatabases -SqlServerFqdn
  • If any of #1 is on the back end with the root BE database instance, Use:
      • Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn <FEBE.FQDN> -ExcludeCollocatedStores -Verbose

Once you have completed the final step, you can then run the command Start-CSPOOL, and that should cause the SFB Pool to verify the pool fabric is happy and all will e started up again properly.

Thus having done this, you will have successfully updated you Skype for Business Environment. I hope this makes it a little easier to carry out Your updates.

Yours Truly.

Louis

Windows Update Fails Lead you to Troubleshoot around update KB2919355 or other failed 2012 updates.

 

3

 

Hello everyone. I had a strange series of events lead me to this solution. I had three installs of windows, done on three different media, with a different version of Server 2012 on every install.

This includes all versions of Server 2012 and 2012 R2. The minimum media was RTM.  In every single install, Server updates failed, no matter what I did.

There is a variance of things seen in windowsupdate.log. However, you are ultimately going to find yourself looking at updates to remove, install or otherwise. If updates cannot be installed, manually, or otherwise, why don’t you go ahead and try this first. If it doesn’t work, go on with your troubleshooting. I think you will be surprised.

 

  • 1. Run GPEDIT.MSC
  • Choose Computer Configuration
  • Administrative Templates
  • Windows Components
  • Windows Update
  • Chose the 5th selection from the top in the center pane
    • “Specify Intranet Microsoft Update Service Location”
    • The policy default is not configured
    • Change this to disabled.

Now close the policy and restart the MS update service. Then go back to the Windows Update center, and you should notice that the screen has changed. If not, then go ahead and click the check for updates button.

Untitled

In my case, There was a change that said MS update needs to update itself. It automatically send a file down and repaired itself. Then updates worked normally after that!!

I wanted to share this one, as it looks to me that this could be a very large call driver for support centers.

I hope this fix finds you and I hope you fixed your customer in a quick timeframe.

As Proof I have had a lot of windows update failures late, I present the weirdest one I have seen. It is called Audit Mode Failures to update. Take a look at that one, if this article does not fix you up. It does have some basic troubleshooting steps in it.

Thank you,

Louis

Microsoft Updates does not complete Initial Update on Server 2012 or Server 2016

 

Untitled

Hello Everyone,

It’s a lovely night in late 2016, and I am in no shortage of topics to write articles about. I think I’ll choose an issue which actually got me for several hours before I could put together what it was.

Lets start with the customer. Mr. Customer calls in with Windows Server Updates failing. So I know that he had manually updated the server, so the updates done were not from Windows Updates. This is a case where Microsoft Updates never worked. This is a famed situation where you can claim that the customer is not supported if the feature never worked.

I don’t believe in no win scenarios, so I dive In. I hit the basic windows update items.  I am going to try to bulletize these so you have some troubleshooting steps in a normal situation:

 

  • 1. Go to the Windows Update log. Mine was in the windows folder. Other places exist
  • 2. Look for any error or use the link above to find any errors.
  • 3. How to resolve Update issues article from TechNet
  • 4. Check to make sure there is not WSUS server locally.
  • Even if there is not, check the registry to make sure WSUS IP and port is not listed.
  • Check group Policy for WSUS and or issue the Detect now command switch with Wuauclt. See Link

Now is the time to let you in on the fact that two errors have been in the back of my mind in the Windows Update.log They are:

  • Windows OOBE is still in progress.
  • Failed to get network cost from NLM

So somewhere in the middle of the bullets above, I did think of taking the server out of the OOBE mode. There was no setup going on and it seemed the right thing to do. Surprisingly, after I set the registry key and rebooted, I found the error persisted.

So in the end, I really did find this solution on a Microsoft blog. Why am I reposting this story? Because you have to know what Audit Mode is, to find the article! The solutions are posed under audit mode. My article is on the internet as a Updates failed article. I just hope it finds its way into the hand of someone who fell into audit mode, without realizing it.

So I have to be honest and tell you the customer would not let me apply the solution. he decided to reinstall!!! That’s why its even more important to make sure the solution for this gets out.

From the MS Blog:

  • 1. log in as administrator
  • 2. turn UAC off
  • 3. make sure the user you plan on logging in has administrative rights
  • 4. reboot and login as that user
  • 5. System should have a dialog box for OOBE/reboot and Audit/reboot, choose OOBE, system will restart
  • 6. Audit mode will be off and will ask for language selection etc.

 

So now realize, you may need to create the new Administrator user name, so please be aware of that.

In closing, Please be aware of the two telltale signs of audit mode:

  • If you get a message that says OOBE\boot and Audit\Boot, pick OOBE every time!
  • If Windows Update will not work, look in the windows Update log, to see if you have the OOBE issue. It will not show up anywhere else!

 

I hope this has been helpful and educational!

Louis