Re: Script/Suggestion for OS Patching

Parimal24 · ‎06-03-2013

Hey Guys, I need suggestions, scripts etc to make our OS patching easier/manageable. Background: Mixed environment with VMware VMs and physicals on multiple AD domains. My VirtualCenter is on domain while WSUS is standalone. All servers point to WSUS via GPO and do a 'wuauclt /detectnow' each hour.

Since the environment is growing rapidly, not all servers were being patched in an 8 hour window so here is what I have now: running a PowerShell script to snapshot vms, shutdown physical servers by running PSShutdown from Domain Controller, break disk mirrors for physical servers, then approve WSUS updates for pertinent groups, then run PSExec from Domain Controller to do a 'wuauclt /detectnow' and 'wuauclt /reportnow'.

By running PSExec for 'wuauclt /detectnow' and 'wuauclt /reportnow' manually, I am able to patch within the window but still requires manual work throughout. Is there a better way I could do this? I believe I can use a script that would do a wuauclt /detectnow then wait say 30 mins, then do a wuauclt /reportnow? Also would like to move script from domain controller to VirtualCenter VM. Any other ideas/suggestions? Please share your knowledge

**********************************************

Currently using:

SnapShot Script used (Thanks LucD and David): http://communities.vmware.com/message/2231780
http://vnucleus.com/2011/07/powercli-script-to-alert-on-snapshots-in-vsphere/

Command to shutdown servers: psshutdown.exe -s -f -c -t 30 @physicals.txt
Command to wuauclt /reportnow and wuauclt /detectnow: psexec @VMs.txt -n 30 wuauclt /detectnow > output.txt

**********************************************

LucD · ‎06-03-2013

You could envisage using PowerShell to manage the WSUS process.

Have a look at Use PowerShell to Perform Basic Administrative Tasks on WSUS

I would definitely not run my automation scripts on a DC, but neither on the vCenter.

There is a potential risk that your automation scripts, diminish the quality of the service these servers should be delivering.

For example, a scripting error could cause a loop and might eat CPU resources away from your vCenter.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

Parimal24 · ‎07-17-2013

Hey LucD,

If you have time, can you see this script and make necessary corrections/suggestions please? Here is what I came up with and is currently untested:

##########################################

#####Script to Force WSUS Check-in and report/detect updates at regular intervals#######

#

# Add PowerCLI commandlets.

Add-PSSnapin Vmware.VimAutomation.core

# Connect to VC

#Connect-VIServer -server $vcenterserver

# copies CMD file to server and executes it (Also initiates detectnow)

psexec @Server_List.txt -c AUForceUpdate.cmd

# wait 1 hour and issue reportnow

Start-Sleep -s 3600

# Need some kind of progress status display or counter showing remaining time (script did not hang)

psexec @Server_List.txt -n 30 wuauclt /reportnow

# wait 15 mins and issue detectnow

Start-Sleep -s 900

psexec @Server_List.txt -n 30 wuauclt /detectnow

# wait 1 hour and issue reportnow

Start-Sleep -s 3600

psexec @Server_List.txt -n 30 wuauclt /reportnow

Exit

##########################################

How do I:

incorporate some kind of progress status display or counter showing remaining time when Start-Sleep -s runs? I want to ensure script did not hang. Is this done by default?
Write-Progress ? I started reading up on Write-Debug, Write-Verbose, and the other Write-* cmdlets but do not know which one or how will it work?
Get powershell to window show psexec exit codes? When I run "psexec @VMs.txt -n 30 wuauclt /detectnow > output.txt", cmd window shows me psexec exit code 0 indication it was successful - will power shell window do the same? If not, how do i make it happen?

Thanks a bunch in advance.

P24