WVD production help required

Copper Contributor

Hello All, 

 

When we had a discussion with one of our client regarding wvd POC, we got below questions

 

 

1) Who manages security patches and OS updates managed by?? Microsoft?

2)  Is it different from azure  general vm update management?

3) if there are any updates to customized applications how can we push those updates to wvd  OS?

4)can we manage updates through SCCM? Did any one used this option.

Could some kindly help me with these answers. 

 

We are already proceeding for wvd production for one of our client. Once this reaches to larger users in production above question may become issues. 

 

 

 

10 Replies

@ReturiVSSSK 

 

To answer your questions, I'd like to go over how we manage our WVD images.

 

(Please don't take this as a complete list of all the necessary steps; this is just a crude outline.  There are a lot of details being skimmed over here.)

 

  1. Create a virtual machine using the latest version of the multi-session Windows 10 image from the Marketplace.
  2. Run Windows Update to grab all the latest patches.
  3. Install whatever application(s) you want to share with WVD, including all the latest patches for that application.
  4. Run sysprep.exe on the virtual machine and shut it down.
  5. Copy the managed disk of the virtual machine to a .vhd file that you will save in a storage account.  We use something similar to this process:
    https://github.com/Azure/azure-docs-powershell-samples/blob/master/virtual-machine/copy-managed-disk...
  6. Create a custom image using this .vhd file.  This becomes our WVD image for this particular application.
  7. Create a host pool based on this custom image.  Share your application as needed.

When it comes time to patch, we do the following:

 

  1. Create a new virtual machine using the application WVD image we created above.
  2. Install whatever OS and/or application patches are necessary
  3. Run sysprep, shutdown, copy the VHD to a storage account.
  4. Create a new custom image based on this new .vhd file.  Obviously give it a different name like "MyAppImage_Version20200309" or something.
  5. Update the host pool using the new custom image.

And, er, confession.  Currently the "update host pool" ARM template doesn't work with custom images.  So we end up destroying the host pool and redeploying it, which requires a one-hour downtime.  But that's not so bad for our needs.

 

So as you can see, we completely control what patches get installed, and how often they get installed.

 

Technically you could use SCCM to apply patches to your backend servers.  You'd just have to be absolutely certain that every time a new backend server is spun up, the patching happens immediately before any users start using the application.  So if you decide to scale up from three backend servers to four, you'll want to freeze people out of the fourth backend server until patching has completed. 

 

We find it much more convenient to update the image itself and redeploy the entire host pool, as described above.

 

I hope this gives you the answers you're looking for.

@FortyMegabytes We have Windows 10 virtual desktops registered in our SCCM environment, v1906, however they report the OS as Microsoft Windows NT Server 10.0. The Windows 10 updates arent applying, im guessing because they are being detected as a Server OS's. Should the VDI's be able to be patched through SCCM? Thanks

@tobeadvised That's interesting, I didn't know that.  It's a multi-session version of Windows 10, but it's still Windows 10.  When we run Windows Update on those machines, it downloads and applies what look like normal Windows 10 updates to us.

 

I just looked at one of our recently patched WVD servers.  The latest OS patch applied was KB4549951, "2020-04 Cumulative Update for Windows 10 Version 1909 for x64-based Systems".

 

We don't use SCCM to manage our WVD OS patching, so I don't know why SCCM would fail to apply those patches.  I guess check the patch SCCM is trying to apply versus what I see applied to our WVD images.  If they're the same and it's still failing, all I can suggest is to engage Microsoft support.

 

Hi @FortyMegabytes,

 

see this Win10 MultiSession FAQ.

Windows 10 MultiSession reports itself as a server OS. This to keep management possibilities like for RDSH systems.

Hi @tobeadvised. Currently, We are having the same issue with SCCM. Were you able to find the technical issue related to patching WVD VMs via SCCM?

Hi@Irfan Fakih I think we found that the server patches were applicable to the Windows 10 VDI's instead of the Windows 10 client patches.

Hi all,

with MECM CB 1910 and above, it's possibile to update Windows Virtual Desktop Session Host. It's necessary to select "Windows Server, version 1903 and later" from Products section in Software Updates Point Component Properties.

 

Best regards,

Davide

@Irfan Fakih were you able to patch or install apps using SCCM? facing issues as well here!

@tobeadvised,

Correct, this is because SCCM Client running on WVD VDI's is reporting each Windows10 Guest VM as Windows Server O.S.   WVD used the Windows10 version image which is selected from Azure market/gallery which is based on OperatingSystemSKU=175.  Microsoft is aware of this.  So, when you create ConfigMgr Collection for WVD VMs, make sure the limiting collection is set to "All Systems" and not "All Workstations".  This way, you can create a collection for WVD VMs.

@luzmariae,

 

For WVD VMs patching, make sure on your ConfigMgr SUP (Software Update Point), "Products" tab, you select "Windows Server, version 1903 and later" checkbox.  Deploy all server related patches to your WVD VMs.

Also, for software distribution to be successful on WVD VMs, within your application properties, deployment types, "Requirements" tab, make sure there is no O.S requirements.  If so, delete it.