I have a question about managing RDSH-servers with App Volumes. In my environment, I've noticed that when I have Appstacks attached to a RDSH-server and I want to install Windows Updates or updates to the applications which are installed locally, those updates are not installed anymore after a reboot. It looks as if App Volumes "captures" the changes to the OS and as the attached Appstacks are read-only, those changes are discarded after a reboot. See: http://svenhuisman.com/2015/05/disable-app-volumes-service-before-updating-os-or-installed-apps/
My question is: Is this expected behaviour and what is the best way to manage the RDSH-servers? Do you need to disable the App Volumes service before making changes to the OS?
I haven't seen this behaviour to be honest. We did update the RDSH server while an appstack was attached. Normally the filter driver only merges the appstack (which is read only) onto the operating system.
Could it be that you have also got a writable volume attached to it?
And stopping the filter driver is quite easy, could be worth a shot, i would at least test it.
net stop svdriver
net stop svservice
Did you ever find a resolution to this. I am experiencing the same issue.
We are facing the same issue.
We are deploying Windows updates monthly, as a workarround for the windows updates i can do the following:
Disabling app volumes service, rebooting RDSH server, installing updates, enabling app volumes service.
The biggest issue for us is installing antivirus definitions updates as they will be released daily, and also fail (we are using system center endpoint protection).
We cant stop the app volumes service on daily base (there will be to much down time for users), on the other side: not updating antivirus definitions will be a security risk.
Is there a way to solve this issue?
Thanks in advance.
Rob
My workaround for definition updates were to exclude the processes and directories. I created a blank Appstack and edit the snapvol.cfg. I attach that appstack to our rdsh servers.
In the snapvol.cfg file, make sure it include these:
exclude_path=\ProgramData\Microsoft\Windows Defender
exclude_registry=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows Defender
exclude_path=\Program Files\Windows Defender
exclude_path=\Program Files\Microsoft Security Client
exclude_path=\Program Files\Microsoft Anitmalware
exclude_path=%SystemRoot%\system32\MpSigStub.exe
exclude_process_name=Msseces.exe
exclude_process_name=MsMpEng.exe
exclude_process_name=MpCmdRun.exe
exclude_process_name=AM_Delta.exe
(I believe that is all of them)
For windows updates, I follow the process of stopping and disabling the appvol services, restart, install updates, re-enable appvol services and reboot.