Category: Windows

Azure Automatic VM Guest OS Patching

How to configure Azure Automatic VM guest OS patching

If you want to keep your Azure virtual machines (VMs) up-to-date, then there is a service called Azure Update Management, which helps you to manage updates on your Azure VM guest operating system. However, this needed some additional planning and configuration. To make patching of your Azure virtual machines (VMs) easier, there is a new option called Automatic VM guest patching, which helps ease update management by safely and automatically patching virtual machines to maintain security compliance.

Automatic VM guest patching is now available in public preview for Windows virtual machines on Azure.

With Azure automatic VM guest patching enabled, the VM is assessed periodically to check for available operating system patches for that Azure VM. Updates classified as ‘Critical’ or ‘Security’ are automatically downloaded and installed on the VM during off-peak hours. This patch orchestration is managed and handled by Azure and patches are applied following availability-first principles.

In a nutshell, Azure automatic VM guest patching has the following capabilities:

  • Patches classified as Critical or Security are automatically downloaded and applied on the VM.
  • Patches are applied during off-peak hours in the VM’s time zone.
  • Patch orchestration is managed by Azure and patches are applied following availability-first principles.
  • Virtual machine health, as determined through platform health signals, is monitored to detect patching failures.
  • Works for all VM sizes.

Patches are installed within 30 days of the monthly Windows Update release, following availability-first orchestration described below. Patches are installed only during off-peak hours for the VM, depending on the time zone of the VM. The VM must be running during the off-peak hours for patches to be automatically installed. If a VM is powered off during a periodic assessment, the VM will be automatically assessed and applicable patches will be installed automatically during the next periodic assessment when the VM is powered on.

You can find more information on Azure automatic VM guest patching on Microsoft Docs.

How to enable Azure Automatic VM guest OS patching

To enable Azure automatic VM guest OS (operating system) patching, we currently have a couple of requirements.

  • Currently, only Windows VMs are supported (Preview). Currently, Windows Server 2012 R2, 2016, 2019 Datacenter SKUs are supported. (and more are added periodically).
  • Only VMs created from certain OS platform images are currently supported in the preview. Which means custom images are currently not supported in the preview.
  • The virtual machine must have the Azure VM Agent installed.
  • The Windows Update service must be running on the virtual machine.
  • The virtual machine must be able to access Windows Update endpoints. If your virtual machine is configured to use Windows Server Update Services (WSUS), the relevant WSUS server endpoints must be accessible.
  • Use Compute API version 2020-06-01 or higher.

These requirements might change in the future during the preview phase (for the current requirements check out Microsoft Docs).

During the preview, this feature requires a one-time opt-in for the feature InGuestAutoPatchVMPreview per subscription. You can run the following Azure PowerShell or Azure CLI command.

Azure PowerShell:

# Register AzProvider
Register-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Check the registration status
Get-AzProviderFeature -FeatureName InGuestAutoPatchVMPreview -ProviderNamespace Microsoft.Compute
 
# Once the feature is registered for your subscription, complete the opt-in process by changing the Compute resource provider.
Register-AzResourceProvider -ProviderNamespace Microsoft.Compute

Now you can enable automatic VM guest patching for your Azure virtual machines within that subscription. To do that you can currently use the REST API, Azure PowerShell, or the Azure CLI.

With Azure CLI, you can use the az vm get-instance-view .

az vm update --resource-group test-autopatch-rg--name azwinvm01 --set osProfile.windowsConfiguration.enableAutomaticUpdates=true osProfile.windowsConfiguration.patchSettings.patchMode=AutomaticByPlatform

You can see that there are two important parameters for this cmdlet. First the -enableAutoUpdate and secondly the -PatchMode. There are currently three different patch orchestration modes you can configure.

AutomaticByPlatform

  • This mode enables automatic VM guest patching for the Windows virtual machine and subsequent patch installation is orchestrated by Azure.
  • Setting this mode also disables the native Automatic Updates on the Windows virtual machine to avoid duplication.
  • This mode is only supported for VMs that are created using the supported OS platform images above.

AutomaticByOS

  • This mode enables Automatic Updates on the Windows virtual machine, and patches are installed on the VM through Automatic Updates.
  • This mode is set by default if no other patch mode is specified.

Manual

  • This mode disables Automatic Updates on the Windows virtual machine.
  • This mode should be set when using custom patching solutions.

If you need more control, I recommend that you have a look at Azure Update Management, which is already publicly available and also supports Windows and Linux servers running in Azure or on-premises.

To verify whether automatic VM guest patching has completed and the patching extension is installed on the VM, you can review the VM’s instance view.

az vm get-instance-view --resource-group test-autopatch-rg --name azwinvm01

This will show you the following result:

Azure Automatic VM Guest OS Patching Status

Azure Automatic VM Guest OS Patching Status

You can also create the patch assessment on-demand.

Invoke-AzVmPatchAssessment -ResourceGroupName "myResourceGroup" -VMName "myVM"

I hope this provides you with an overview of the new Azure automatic VM guest patching feature. If you want to have some advanced capabilities to manage updates for your Azure VMs and even your servers running on-premises, check out Azure Update Management. This will provide you with some advanced settings and your own maintenance schedules. If you have any questions, feel free to leave a comment.



Hyper-V VM Stop-VM failed to change state

Force Hyper-V Virtual Machine VM to turn off

In this blog post, we are going to have a look at how you can force a Hyper-V virtual machine (VM) to turn off using the HCSDiag tool. A couple of days ago I had an issue where I wasn’t able to shut down and turn off a Hyper-V virtual machine (VM). After I tried to shut down the Hyper-V VM using the Hyper-V Manager the VM was in a locked state and I couldn’t really do anything with it. Of course the first thing I tried using the PowerShell Stop-VM cmdlet with the force parameter to turn off the virtual machine.

Hyper-V VM Stop-VM failed to change state

Hyper-V VM Stop-VM failed to change state

But as you can see I had no success. Luckily I remembered a tool called the Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe), which provides me with a couple of advanced options when it comes to Hyper-V virtual machine, container, and Windows Sandbox management.

The Hyper-V Host Compute Service Diagnostics Tool (HCSDiag.exe) is available in Windows 10 and Windows Server 2019 if you have the Hyper-V roles or virtualization features enabled, and can be helpful to troubleshoot Hyper-V containers, virtual machines (VMs), Windows Sandbox, Windows Defender Application Guard, Windows Subsystem for Linux 2 and more.

Hyper-V Get-VM list VMiD

Hyper-V Get-VM list VM ID

HCSDiag allows me to list all the running Hyper-V containers, including virtual machines. With the HCSDiag kill command, I can then force the Hyper-V VM to turn off.

Force Turn Off of Hyper-V virtual machine VM

Force Turn Off of Hyper-V virtual machine VM

I hope this post was helpful if you have a Hyper-V VM which you can’t turn off. If you have any questions, feel free to leave a comment. You can find more information about the HCSDiag tool, how it works with containers and other tools here on my blog.



How to Manage Hyper-V VM Checkpoints with PowerShell

How to Manage Hyper-V VM Checkpoints with PowerShell

In this blog post we are going to have a look at how you can create, manage, apply, and remove VM Checkpoints in Hyper-V using PowerShell. Hyper-V virtual machine (VM) checkpoints are one of the great benefits of virtualization. Before Windows Server 2012 R2, they were known as virtual machine snapshots. VM Checkpoints in Hyper-V allow you to save the system state of a VM to a specific time and then revert back to that state if you need to. This is great if you are testing software and configuration changes, or if you have a demo environment, which you want to reset.

Hyper-V VM Checkpoint Types

Before we got on how you can manage Hyper-V VM Checkpoints with PowerShell, let me first explain the two different types. Since Windows Server 2016 and Windows 10, Hyper-V includes two types of checkpoints, Standard Checkpoints, and Production Checkpoints.

  • Standard Checkpoints: takes a snapshot of the virtual machine and virtual machine memory state at the time the checkpoint is initiated. A snapshot is not a full backup and can cause data consistency issues with systems that replicate data between different nodes such as Active Directory. Hyper-V only offered standard checkpoints (formerly called snapshots) prior to Windows 10.
  • Production Checkpoints: uses Volume Shadow Copy Service or File System Freeze on a Linux virtual machine to create a data-consistent backup of the virtual machine. No snapshot of the virtual machine memory state is taken.

You can set up these settings in Hyper-V Manager or in PowerShell.

Hyper-V VM Checkpoint Types

Hyper-V VM Checkpoint Types

If you are using PowerShell to configure Checkpoints for virtual machines these commands may help you.

Configure and set VM for Standard Checkpoints

Set-VM -Name "Windows10" -CheckpointType Standard

Set VM to Production Checkpoints, if the production checkpoint fails a Standard Checkpoint is created

 Set-VM -Name "Windows10" -CheckpointType Production

Set VM to only use Production Checkpoints

 Set-VM -Name "Windows10" -CheckpointType ProductionOnly

Disable VM Checkpoints for the Hyper-V virtual machine

 Set-VM -Name "Windows10" -CheckpointType Disabled

Managing Hyper-V VM Checkpoints using PowerShell

Create VM Checkpoints

You can create a new VM Checkpoint with PowerShell, you can round the following command:

Checkpoint-VM -Name "Windows10"

You can find more on the cmdlet on Microsoft Docs.

You can list the VM Checkpoints of a Hyper-V VM:

Get-VMCheckpoint -VMName "Windows10"
How to Manage Hyper-V VM Checkpoints with PowerShell

How to Manage Hyper-V VM Checkpoints with PowerShell

Applying Hyper-V VM checkpoints using PowerShell

If you want to revert your virtual machine state to a previous point-in-time, you can apply an existing checkpoint, using the following PowerShell command.

Restore-VMCheckpoint -Name "checkpoint name" -VMName "Windows10" -Confirm:$false

You can find more information about the cmdlet here.

Renaming checkpoints

To rename a checkpoint you can use the following command

Rename-VMCheckpoint -VMName "Windows10" -Name "Checkpointname" -NewName "MyNewCheckpointName"

Deleting checkpoints

You can also delete or remove a Hyper-V VM checkpoint with the following PowerShell command. This will merge the .avhdx files in the background.

Remove-VMCheckpoint -VMName "Windows10" -Name "Checkpointname"

Conclusion

I hope this blog post gives you a great overview on how you can manage, apply, restore, and remove Hyper-V VM Checkpoints using PowerShell. You can learn more about Hyper-V virtual machine checkpoints on Microsoft Docs. If you have any questions, feel free to leave a comment.



Windows 10 on ARM PowerShell 7 Windows Terminal ARM64

How to Install PowerShell 7 on Windows 10 on ARM

As you know I am running Surface Pro X as my daily driver, which comes with Windows 10 on ARM. With the release of PowerShell 7.0.2, I want to show you how you can install PowerShell 7 on Windows 10 on ARM and the Surface Pro X. The ARM64 release is still marked as a preview. The PowerShell team is working on bringing PowerShell 7 to the Microsoft Store, which will create a much ns smoother experience. However, if you are like me and want to try out PowerShell 7 on your Surface Pro X today, you can do that.

Windows 10 on ARM runs on PCs powered by ARM processors, like the Surface Pro X. And if you want to know more about what’s new in PowerShell 7, check out my blog post. ℹ

How to Install PowerShell 7 on Windows 10 on ARM and the Surface Pro X

With the release 7.0.2 of PowerShell 7, the ARM64 build arrived again. You can download a new .msix file with an ARM64 version from the GitHub release page.

PowerShell 7 on Windows 10 on ARM Surface Pro X

PowerShell 7 on Windows 10 on ARM Surface Pro X

If your Windows 10 machine has developer mode enabled, you can now add the MSIX package to your Windows installation. You can use the Add-AppxPackage to add the .msix package.

Add-AppxPackage .\PowerShell-7.0.2-win-arm64.msix

After that, you can find PowerShell 7 in your start menu, or directly in the new Windows Terminal.

Windows 10 on ARM PowerShell 7 Windows Terminal ARM64

Windows 10 on ARM PowerShell 7 Windows Terminal ARM64

Conclusion

I hope this helped you an explained to you how you can install PowerShell 7 on Windows 10 on ARM. If you want to know more about installing and updating PowerShell 7, check out my blog post. And if you need more information, here is the official documentation on Microsoft Docs.

You can find more information about what’s new in PowerShell 7 on my blog. If you have any questions, please let me know in the comments.



Windows File Recovery Tool WinFR

Recover Files on Windows using the Windows File Recovery Tool

Did you accidentally delete an important file, wiping a hard drive or partition, or need to restore corrupted files and data? We all have been there, with the newly released Microsoft Windows File Recovery tool you can recover and restore files on Windows. In this blog post, I am going to show you how you can recover and restore files on Windows using the Windows File Recovery tool. You can also use this tool to recover files from external drives and SD cards.

Accidentally deleted an important file? Wiped clean your hard drive? Unsure of what to do with corrupted data? Windows File Recovery can help recover your personal data.

For photos, documents, videos and more, Windows File Recovery supports many file types to help ensure that your data is not permanently lost.

Recovering from a camera or SD card? Try Signature mode, which expands beyond NTFS recovery and caters to your storage device needs. Let this app be your first choice for helping to find what you need from your hard drive, SSD (*limited by TRIM), USB drive, or memory cards.

I also want to make clear that this is no replacement for a backup, like Windows File History, Azure Backup, or products from third-party vendors. This tool is more of an emergency utility, you can restore files that were not backed up.

Requirements

To use the Windows File Recovery Tool, you have a couple of requirements.

  • You will need to run Windows 10, version 2004 (Build 19041), or later.
  • You can download the Windows File Recovery Tool from the Microsoft Store.
  • The source and destination drives must be different. If you don’t have a second drive on your computer, you can use a USB drive as a target for the restore. If you are storing form an SD card or external drive, you can use the internal system drive (often the C: drive) as a target.
  • The tool supports different file systems such as NTFS, ReFS, FAT, and exFAT. If you are restoring files from a non-NTFS file system, you will need to run the commands in signature mode using the /x parameter.


How to Install a Windows Server Container Host

How to Install a Windows Server Container Host

In this blog post, I want to quickly guide you through how you can install a Windows Server Container Host running Docker. This guide will help you set up, install, and run Windows Containers on Windows Server. In my example, I will install a container host on a Windows Server, version 2004, which is a Semi-Annual Channel (SAC) release. Windows Server SAC releases are released twice a year and are optimized for containers. In the Windows Server, version 2004 release, the team continued improving fundamentals for the core container platform such as performance and reliability.

If you want to learn more about the differences of Windows Server Semi-Annual Channel (SAC) vs. Long-Term Servicing Channel (LTSC), check out my blog post.

Requirements

  • A virtual or physical server running Windows Server 2016 or higher (Also including Semi-Annual Channel (SAC) releases. In my blog post, I will use the latest available releases and run the latest Windows Server SAC release, which offers the latest enhancements on the container host.
  • You can also use the Windows Server 2019 LTSC version

Set up and install the Windows Server Container Host

Since I am using the latest SAC release of Windows Server, the server is available as Windows Server Core only. This means I am going to use a tool called “sconfig” to set up my server for the first time. Of course, you can also use existing methods like unattend.xml files or PowerShell scripts to set up your server.

Windows Server Core

Windows Server Core

With sconfig, you can run all the simple configuration tasks to configure your Windows Server.

Windows Server SCONFIG

Windows Server SCONFIG

After the Windows Server is configured and patched, we can now install Docker, which is required to work with Windows containers. Docker consists of the Docker Engine and the Docker client. You can simply install Docker on Windows Server using the following commands.

Install-Module -Name DockerMsftProvider -Repository PSGallery -Force
Install-Package -Name docker -ProviderName DockerMsftProvider
Install Docker on Windows Server

Install Docker on Windows Server

After these commands, you will need to restart the server.

Restart-Computer -Force

If you want to learn more about installing Docker on Windows Server, check out Microsoft Docs.

Run Windows Container Docker Images on Windows Server

Run Windows Container Docker Images on Windows Server

Now you can start pulling your docker container images to your Windows Server. I will use the latest Windows Container images, which came with Windows Server, version 2004. You can read more about the improved container images here.

docker pull mcr.microsoft.com/windows/servercore:2004 
docker pull mcr.microsoft.com/windows/nanoserver:2004 
docker pull mcr.microsoft.com/windows:2004

You can now use the docker client to manage your containers on your Windows Server, or you can also use the new Windows Admin Center Container extension, which was released a couple of weeks ago.

Manage Windows Server Containers with Windows Admin Center

Manage Windows Server Containers with Windows Admin Center

And yes, if you have a standalone Windows Server Core, you can also directly install Windows Admin Center on your Windows Server Core.

Conclusion

I hope this blog post gives you a great overview of how to install and set up a Windows Server container host. If you have any questions, feel free to leave a comment.



Run Hyper-V on Windows 10 on ARM and the Surface Pro X

Run Hyper-V on Windows 10 on ARM and the Surface Pro X

Here is a quick blog post on how you can run Hyper-V virtual machines (VM) on Windows 10 on ARM and the Surface Pro X.

I am running the Surface Pro X as my daily driver for a couple of months. It is a fantastic device and combines a light designed and the Surface Pro form factor with a 13-inch screen. But the most significant difference to the other Surface devices like the Surface Pro 7, is that the Surface Pro X is running Windows 10 on ARM. It has a custom Microsoft SQ1 chip. This limits it to run native ARM64 or emulated 32-bit x86 applications, and it can’t run classic 64-bit x64 applications at the moment. Another limitation was that I wasn’t able to run Hyper-V virtual machines (VMs) on my Surface Pro X.

With the Windows 10 Insider Preview build 19559, you were able to install Hyper-V. However, you didn’t have a compatible image to run inside the virtual machine (VM). With the Windows 10 Insider Preview Build 19631, Microsoft is now also providing an ARM64 VHDX file, which you can download and run as a guest OS in Hyper-V.

How to enable Hyper-V on Windows 10 on ARM

You need a Windows 10 ARM-based PC with a Microsoft SQ1, Qualcomm Snapdragon 8cx, or Qualcomm Snapdragon 850 processor. To enable the Hyper-V feature on Windows 10 on ARM and the Surface Pro X, you will also need to have installed the Windows 10 Insider Preview build 19559 or higher and have Windows 10 Pro or Windows 10 Enterprise.

  1. Join the Windows Insider Program and update to the latest Windows 10 Insider Fast Ring build 19559 or newer
  2. Upgrade your Windows edition from Home to Windows 10 Pro or Windows 10 Enterprise
  3. Install the Hyper-V feature on Windows 10You can run the following PowerShell command to install the Hyper-V feature.
    Enable-WindowsOptionalFeature -Online -FeatureName:Microsoft-Hyper-V -All
  4. Download the Windows 10 on ARM VHDX file from here.
  5. After that, you can create a Hyper-V virtual machine (VM) with an existing VHDX file on your Surface Pro X.
  6. Visit Windows 10 on ARM developer center for more details and documentation.

Conclusion

I hope this gives an overview of how to run Hyper-V VMs on Windows 10 on ARM. This is still in preview, but if you are like me and want to give it a try, you can. Let me know if you have any questions.