Mar 09 2020 06:14 AM
Hello All,
When we had a discussion with one of our client regarding wvd POC, we got below questions
1) Who manages security patches and OS updates managed by?? Microsoft?
2) Is it different from azure general vm update management?
3) if there are any updates to customized applications how can we push those updates to wvd OS?
4)can we manage updates through SCCM? Did any one used this option.
Could some kindly help me with these answers.
We are already proceeding for wvd production for one of our client. Once this reaches to larger users in production above question may become issues.
Mar 09 2020 10:30 AM
To answer your questions, I'd like to go over how we manage our WVD images.
(Please don't take this as a complete list of all the necessary steps; this is just a crude outline. There are a lot of details being skimmed over here.)
When it comes time to patch, we do the following:
And, er, confession. Currently the "update host pool" ARM template doesn't work with custom images. So we end up destroying the host pool and redeploying it, which requires a one-hour downtime. But that's not so bad for our needs.
So as you can see, we completely control what patches get installed, and how often they get installed.
Technically you could use SCCM to apply patches to your backend servers. You'd just have to be absolutely certain that every time a new backend server is spun up, the patching happens immediately before any users start using the application. So if you decide to scale up from three backend servers to four, you'll want to freeze people out of the fourth backend server until patching has completed.
We find it much more convenient to update the image itself and redeploy the entire host pool, as described above.
I hope this gives you the answers you're looking for.
Apr 14 2020 09:23 PM
@FortyMegabytes We have Windows 10 virtual desktops registered in our SCCM environment, v1906, however they report the OS as Microsoft Windows NT Server 10.0. The Windows 10 updates arent applying, im guessing because they are being detected as a Server OS's. Should the VDI's be able to be patched through SCCM? Thanks
Apr 15 2020 06:19 AM
@tobeadvised That's interesting, I didn't know that. It's a multi-session version of Windows 10, but it's still Windows 10. When we run Windows Update on those machines, it downloads and applies what look like normal Windows 10 updates to us.
I just looked at one of our recently patched WVD servers. The latest OS patch applied was KB4549951, "2020-04 Cumulative Update for Windows 10 Version 1909 for x64-based Systems".
We don't use SCCM to manage our WVD OS patching, so I don't know why SCCM would fail to apply those patches. I guess check the patch SCCM is trying to apply versus what I see applied to our WVD images. If they're the same and it's still failing, all I can suggest is to engage Microsoft support.
Apr 16 2020 02:14 AM
Hi @FortyMegabytes,
see this Win10 MultiSession FAQ.
Windows 10 MultiSession reports itself as a server OS. This to keep management possibilities like for RDSH systems.
May 06 2020 10:00 AM
May 06 2020 06:46 PM
Hi@Irfan Fakih I think we found that the server patches were applicable to the Windows 10 VDI's instead of the Windows 10 client patches.
Jun 05 2020 07:57 AM
Hi all,
with MECM CB 1910 and above, it's possibile to update Windows Virtual Desktop Session Host. It's necessary to select "Windows Server, version 1903 and later" from Products section in Software Updates Point Component Properties.
Best regards,
Davide
Jun 25 2020 03:46 PM
@Irfan Fakih were you able to patch or install apps using SCCM? facing issues as well here!
Jun 25 2020 04:26 PM
Correct, this is because SCCM Client running on WVD VDI's is reporting each Windows10 Guest VM as Windows Server O.S. WVD used the Windows10 version image which is selected from Azure market/gallery which is based on OperatingSystemSKU=175. Microsoft is aware of this. So, when you create ConfigMgr Collection for WVD VMs, make sure the limiting collection is set to "All Systems" and not "All Workstations". This way, you can create a collection for WVD VMs.
Jun 25 2020 04:31 PM
For WVD VMs patching, make sure on your ConfigMgr SUP (Software Update Point), "Products" tab, you select "Windows Server, version 1903 and later" checkbox. Deploy all server related patches to your WVD VMs.
Also, for software distribution to be successful on WVD VMs, within your application properties, deployment types, "Requirements" tab, make sure there is no O.S requirements. If so, delete it.