Setting up Automatic Windows Updates using Cluster Aware Updating (CAU)

Applying Windows Updates is always a pain - it seems like there's always another patch to install and reboot that is required.  Add in clusters where you have to manually move the load around to ensure that nothing goes down and it gets far more complex.

Starting in Server 2012 Microsoft significantly simplified life for cluster admins by introducing Cluster Aware Updating (CAU).  This tool will drain all the roles from one node in the cluster, patch it, reboot and check for more patches repeated until there are none left.  It will then repeat this for the other nodes in the cluster.  Even more awesome, you can set this to run automatically allowing your Windows hosts to stay fully patched (with all the bug fixes and security fixes that entails) without affecting your VMs at all.  We'll cover how to get this setup here in this post


Opening the CAU wizard

  1. Open Failover Cluster Manager and connect to your cluster
  2. Choose Cluster Aware Updating under Configure

This will open the CAU wizard and should automatically connect to your cluster.  If it doesn't type the name in the top and hit the connect button.




You're now ready to apply one-time updates or configure the cluster for self-updating runs!

Nutanix Specific Preparation

Most of this article is applicable to both Nutanix and non-Nutanix Hyper-V clusters.  The only unique thing we need that's unique to Nutanix is the CAU pre-update script.  This script will ensure that CAU doesn't proceed to the next node until the CVM is fully back up, preventing a condition where multiple CVMs are down at once.

If you search "Installing Windows Updates" on portal you will get documentation for all versions of NOS.  In this case we're going to be using NOS 4.1.

  1. Download the CAU script from portal and move it to your management workstation (see the Hyper-V Playbook for information on setting this up
  2. Place this file at C:\Program Files\Nutanix\Utils on each of the hosts and your management workstation.  I usually use the default share from my workstation to do this (\\[hyper-v hostname]\c$\Program Files\Nutanix\Utils)
  3. Launch Powershell to the remote machine (or
  4. Unblock this file by launching powershell on the host (or using Enter-PSSession [computer name])
    • Unblock the script using Unblock–File -Path 'C:\Program Files\Nutanix\Utils\cau_preupdate.ps1'
    • Make sure execution policy is set to remote signed with 
      Set-ExecutionPolicy remoteSigned
  5. In the CAU wizard choose Create or modify Updating Run Profile
  1. In the new Window that pops up, put C:\Program Files\Nutanix\Utils\cau_preupdate.ps1 in the PreUpdateScript Box
  2. Save this in a easy to find location with a descriptive name.  I usually use nutanix_cau



This is all you need to prepare from the Nutanix perspective.

Applying one-time updates to the Cluster


Once connected to the CAU wizard you can hit the Apply Updates to this cluster


Follow the Wizard and make sure to select the nutanix_cau.xml options if you are updating a Nutanix cluster!

Introduction to CAU screen

Make sure to select the nutanix_cau.xml you created above

Up to you and your policies

Finished!


You can now monitor the upgrade process from the main CAU wizard


CAU will only reboot one host at a time, so that means that you're done!  Just come back and check on it every so often and enjoy that cup of coffee.  The workstation will need to remain up however, so don't shutdown your machine!

Scheduling CAU

So you just did an initial patch, but that still requires you to kick off the install.  In this section we'll setup a weekly schedule to run CAU so that the cluster is always fully updated without any interaction needed from you!

Like before, open the CAU wizard and connect to your cluster.  Here we're going to select Configure Cluster self-updating options


Initial welcome screen.  Read for some information about this wizard

CAU requires a computer account.  This wizard can create the account for you if your account has permissions to do so.  If not, you'll have to get your AD admins to create a computer account for this

Choose your schedule here.  This is up to you, but remember that MS publishes patches on Tuesdays


If you're on Nutanix Make sure to choose the nutanix_cau.xml options you created before here

Up to you and your policies

Success!


And that's it!  Your cluster will now automatically run CAU and update on your schedule.  This will ensure that you keep updated with all the important Windows Updates that make the system run smoother (and much more secure)