How To Update and Patch Nano Server with PowerShell? #NanoLove #WS2016

Apr 30, 2016 | Updated on Apr 30, 2016 Charbel Nemnom Nano Server, Windows Server 2016 0
4 min read

In the unlikely event that you have not heard, Windows Server 2016 TP5 is now available for download unless you are under a rock Smile

Nano-Server-Update-02

What you do after you install Windows Server?… Update it of course!

At day-0, Microsoft released Cumulative Update for Windows Server 2016 Technical Preview 5: KB3158663.

This KB is very important, because it is a security update that includes improvements and fixes in the functionality of Windows Server 2016 Technical Preview 5.

How to get this update?

Option 1: You can run Windows Update on your Windows Server 2016 TP5, the update is downloaded and installed automatically for you.

Option 2: You can get the stand-alone package for this update, by going to the Microsoft Update Catalog website.

How to install this update on Nano Server?

Patching and updating a Nano Server is a little different than traditional Windows Server. Starting with Windows Server 2016 Technical Preview P4, Microsoft added Windows Update (WU) WMI provider that can be used to scan and install updates. Even though you patch a LOT less with Nano Server but you still need to patch.

There are multiple options to install Windows update:

Option 1: Online using Windows Update (WU) WMI provider.

Option 2: Windows Server Update Services (WSUS).

Option 3: Download the update on another machine, copy it over, and then use DISM to apply the package.

In this post, I will cover Option 3, since my Nano Severs are not connected to the Internet and I don’t have WSUS in place. However, if you are interested in Option 1 and Option 2, please make sure to follow the step by step guide here.

Step 1 – Download the update

Download manually the update from Microsoft Update Catalog website (89.6MB) and copy it to your management machine.

Step 2 – Connect to Nano Server

In this step, we will connect to Nano Server using PowerShell Remoting and then query the package installed.

# Workgroup environment; we need to modify TrustedHosts list
Enable-PSRemoting –force   
Set-Item wsman:\localhost\client\auth\CredSSP -value true -force   
Enable-WSManCredSSP -force -role server     
Set-item wsman:localhost\client\trustedhosts -value 10.0.0.*    
Restart-Service winrm 

$NanoIP = "10.0.0.20"
# Connect to Nano Server
$S = New-PSSession -ComputerName $NanoIP -Credential ~\Administrator
Enter-PSSession $S
Get-WindowsPackage -online | Where-Object {$_.PackageName -like "*Fix*"}

image

As you can see, we don’t any package or security update installed.

I have another system which I already installed this Rollup Fix, by running Get-WindowsPackage –online, we can see the update is installed.

image

Step 3 – Copy the update

To install this update, we need to expand the MSU file first and extract the CAB file.

In order to do so, please run the following command on your management machine:

Expand –f:* C:\ <destination folder to copy extracted files>

image

As you can see, the CAB file is extracted.

Next, we need to copy the package over PowerShell remote session without the need to use network shares!

And if Nano Server is hosted in a VM, you can leverage PowerShell Direct and copy the same without network as well.

Please run the following command to copy the cab file:

Copy-Item -ToSession $S -Path C:\Windows10.0-kb3157663-x64.cab -Destination C:\

If we connect to Nano Server, we can see the package is copied over.

image

Step 4 – Apply the update

There are two options to apply the cab file with DISM, you can do this online or offline, I will cover both options:

-Online-

Dism.exe /online /add-package /packagepath:C:\Windows10.0-kb3157663-x64.cab /norestart

-Offline-

Dism.exe /Mount-Image /ImageFile:<image path > /Index:1 /MountDir:<Mount Directory path>

Dism.exe /image:<mounted path> /add-package /packagepath:<path to the cab file>

Dism.exe /Unmount-Image /MountDir:<Mount Directory path> /Commit

The offline option requires to shutdown Nano Server first, mount the VHD(X), add the package and then commit.

Let’s install the package now using the online option:

image

The operation completed successfully!

Step 5 – Confirm the update

We will confirm the Rollup Fix if it’s installed by running the following command in a Nano remote session:

Get-WindowsPackage -online | Where-Object {$_.PackageName -like "*Fix*"}

image

As you can see the update is installed but the state is still Pending.

For this package to get applied, we need to reboot Nano Server.

You can restart Nano Server using PowerShell (Restart-Computer) or by using Nano Recovery Console (Ctrl+F6).

image

Let’s check the package state after the reboot…

image

As you can see the update is fully Installed now.

Happy Patching!

Hope that helps,

-Charbel

About Charbel Nemnom 577 Articles
Charbel Nemnom is a Cloud Architect, Swiss Certified ICT Security Expert, Microsoft Most Valuable Professional (MVP), and Microsoft Certified Trainer (MCT), totally fan of the latest's IT platform solutions, accomplished hands-on technical professional with over 17 years of broad IT Infrastructure experience serving on and guiding technical teams to optimize the performance of mission-critical enterprise systems. Excellent communicator is adept at identifying business needs and bridging the gap between functional groups and technology to foster targeted and innovative IT project development. Well respected by peers through demonstrating passion for technology and performance improvement. Extensive practical knowledge of complex systems builds, network design, business continuity, and cloud security.
Website Facebook Instagram Twitter YouTube LinkedIn

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.