Introduction
Microsoft Ignite 2018 is in full swing with packed sessions and thousands of attendees, here are my notes from another Windows 10 session, this time related to updates and deployment. The session is “BRK3027 – Deploying Windows 10: Making the update experience smooth and seamless” and it’s from the following clever Microsoft folk.
- Patrick Siu,
Suma SaganeGowda
This is going to be a long and detailed post, so grab a cup of coffee or beer, whichever you prefer.
Updating at scale
There are already 700 million devices running Windows 10, and more than 250 million of them are running Windows 10 version 1803 (within 48 days of it’s release), conversely, that would mean there are approx 450 million users of Windows 10 using a release that is older than Windows 10 1803, so even though there are millions of people upgrading, not everyone jumps on the new release as soon as it’s made available.
Why stay current ?
So why do we need to stay current ? why do we need to deploy the feature updates and quality updates at the cadence that Microsoft is releasing them.
Microsoft is striving that you (the customer) get’s access to these new features in an agile manner. They want to ensure that the platform supports all of the hardware innovation that is being released (things like Windows Hello capability for example) or indeed just for better performance, better stability, better battery life.
Microsoft is continually making changes to Windows features to improve creativity and productivity so that your employees can benefit from that.
Stay secure by staying current
Last but not least, you want to stay current because of all the work they do to make Windows more secure by thwarting modern day threats as well as protecting your from zero day exploits.
Differentiating between Quality Updates and Feature Updates.
Quality Updates come out monthly and are basically your security updates, whereas Feature Updates come out twice a year and they are a full blown new release of Windows.
It hasn’t all been plain sailing however and Microsoft understands that it’s hard to stay current and keep current, here’s some of the issues that their customers have highlighted to them.
And that’s quite a list of worries and concerns. Microsoft is committed to helping resolve those and to help you stay current.
There are three main ways of getting these updates delivered and we’ll go into some more details about them.
Acquiring content
Quality Update Download Size
The biggest complaint that Microsoft has received is about the size of these monthly updates (quality updates). The large size is because you are getting all previous updates at once, as it’s cumulative. this impacts bandwidth, network. Microsoft has tried to solve this problem with delta updates and express updates. But even these have issues, key complaint is the download size to the distribution points is large. Microsoft assumed that the update size that customers were complaining about was to the clients, so they did it this way, not thinking it was the distribution points also being impacted.
There were also performance issues on the clients with Express Updates (memory issues).
So to address these issues, Microsoft has made changes to Windows 10 in Windows 10 version 1809 (not available at time of writing).
These changes will ensure much smaller downloads to the distribution points (300mb versus 8-11GB), device performance not affected as much, applicable only to Windows 10 version 1809 and later. Not as chatty as previous express updates so less impact on Network and Bandwidth.
So basically on the left you have the updates on the dp’s and on the right, what’s being downloaded to your clients. It’s a huge win !
How to leverage this ?
Basically it’s available to Windows 10 version 1809 but it’s also across the board, Windows Update, WSUS, ConfigMgr. No changes to the infrastructure involved.
Feature Update Delivery
As before with Quality Updates, the size of the download and frequency was an issues, as was the affect of Features on demand and no single jump to the latest update, it’s a two step process.
so what’s the solution from Microsoft ?
Get current and secure in one step ! that’s awesome. It will also preserve FOD (feature on demand) and LP’s (Language Packs), lower network traffic to pc’s and have a better user experience. You can get this right now via Windows Update, or wait for the Public Preview this fall for WSUS and ConfigMgr customers.
What about FOD and LP’s ?
Features on demand are basically optional components in Windows (such as Mixed Reality). To fix this you’ve got some options.
Opt into UUP
Opt in to Unified Update Platform, you can read about it here, or apply a GPO to download content from WU For on prem customers if you don’t want to be part of the public preview, works today already for WU and WUFB customers.
Bandwidth Impact from Updates
Challenges, the updates tend to consume large amounts of network bandwidth and create latency (lag and slowness, or jerky video etc).
Recommendations
- use Caching, shift the traffic to the clients using peer to peer mechanism’s like delivery optimization (DO) or by leveraging centralized caching (Wsus/ConfigMgr dp’s).
- Optimize the network, use LedBat.
Peer caching with Delivery Optimization (DO).
Peer caching on the edge means getting it from your peers (other computers) as opposed to getting it from a centralized server (a distribution point). It’s a peer to peer service that works with Windows Update so that the peers can acquire parts of content from different peers.
It supports different types of content, eg: windows updates, feature updates, quality updates, drivers, windows store apps, Microsoft store for business apps and Office C2R updates.
Note: For a deep dive into DO see the following session (on Thursday).
Optimize the network
Optimizing the network helps LedBat to use unused network bandwidth for updates. Does not require difficult rules, just run some PowerShell commands on your distribution points to enable LedBat. It does however require Windows Server 2016 or later.
What about the disruption that updates cause ?
On average, these feature updates take 82 minutes. So Microsoft took it upon themselves to reduce this time offline. To do that, they changed the way Windows feature updates are installed. These changes are the default behavior starting in Windows 10 version 1709.
and below is a chart of how the offline time has improved since Windows 10 version 1703 was released. RS5 (Redstone 5) will be Windows 10 version 1809.
to access these improvements with ConfigMgr use maintenance windows to stage the content. The Windows team is working with the ConfigMgr team to allow these maintenance windows to use just the offline time period as the maintenance window, meaning less time offline. As the staging is now low priority, it might cause timeouts for you in your maintenance window. Set the thread priority to normal to avoid that issue.
Diagnosing Failures
Typically, what you’d do is go search the error on the internet. So Microsoft released a new tool called SetupDiag which will help you troubleshoot these types of errors. In this example it points to errors with an AMD video driver.
You can download the tool from here – https://docs.microsoft.com/en-us/windows/deployment/upgrade/setupdiag
In Place Upgrade issues
Use Windows Analytics to help you understand compatibility problems. If you want to make changes, use GPO’s instead of registry keys. Make sure you use supported mechanisms for user profile redirections.
What about uninstalling updates ?
So a business critical app doesn’t work after the update, what to do ? In the update CSP there are two options to roll back updates (by default, ten days, can be changed between 2 and 60 days). You can set this up via dism or MDM.
Scripts to run during install (poor mans task sequence, v1, will change in the future). At a high level Microsoft is providing hooks into the setup process to allow you to do changes as necessary (Windows 10 1803 and later).
until next time, adios !