Update Rollup 4 für Windows Azure Pack
Das Update Rollup 4 für Windows Azure Pack, behebt eine Vielzahl von Fehlern und bringt neue Funktionen mit sich.
Hier ein Asuzug des original KBs
Issues that are fixed in this update rollup
Windows Azure Pack
- If tenant has a database that uses Windows Authentication, the administrator cannot suspend its subscription.
This issue lets tenants continue to sue all SQL database resources. Also. the subscription state is changed. At this point, if the administrator tries to suspend the subscription, its state changes from “Active” to “Suspended (Out of Sync).” The Suspend subscription operation always fails with following error message:One or more errors occurred while contacting the underlying resource providers. The operation may be partially completed. Details: Cannot alter the login ‘userlogin‘, because it does not exist or you do not have permission.
With this update, the administrator can suspend a subscription that contains a database that uses Windows Authentication.
- The tenant cannot connect to a database if the hosting server is set up for AlwaysOn but the SQL Server Contained Database feature is turned off.
The tenant always receives an error when it tries to connect to the database when these conditions are present.
The tenant will receive an error message when it creates a database in which this misconfiguration exists. The error message tells the user that the particular misconfiguration exists.An instance of SQL Server does not have Contained Database Support enabled. Contained Database Support needs to be enabled when creating High Availability – AlwaysOn Database ‘DatabaseName‘
Also, when administrators try to add a hosting server that uses the wrong configuration, they will receive the following message:The AlwaysOn listener ‘AlwaysOnListener‘ does not have Contained Authentication enabled, please enable Contained Authentication, before adding this listener.
- For virtual machine (VM) templates that contains multiple NICs and are not all connected to a network, the VM creation UI will not let the user select any of the available networks. Instead, each network adapter seems to be associated with a specific network.
The UI dropdown lists will behave so that each network adapter is exclusively associated with a specific network.
The user can freely select any available network for the specified NICs in the VM template.
- Administrators cannot control the naming convention for “Computer Names” of VMs that are provisioned through their VM templates.
When a tenant creates a VM, the name that is passed for the VM is used to derive the “Computer Name” of the VM, and the administrator-provided name in the VM template is ignored.
Administrators can control whether the tenant-supplied name should overwrite the name that is provided in a VM template. They can do this through a plan configuration flag for the Service Provider Foundation (SPF) resource provider.
- In Azure Pack Web Sites, tenants cannot use virtual directories because this is not supported by the Azure Pack UI.
Tenants do not have access to a feature that lets them implement virtual directories for their Windows Azure Pack (WAP) Web Sites.
Support for this feature is available with this update. The tenant can use the Web Sites Settings page to add directories as needed.
- Virtual machines that are provisioned through WAP do not have Disaster Recovery (DR) protection or cannot enable DR.
Administrators cannot specify whether the VMS that are provisioned through their plans can be protected from disastrous events. Tenants do not have an option to subscribe to a provider plan that supports DR.
Support for this feature is available with this update. Administrators can enable DR that is supported through Azure Site Recovery for any plans as long as the Azure Site Recovery (ASR) infrastructure is deployed. Specific instructions are linked to the check box label that is used to enable the feature.
- Security: This update addresses several security fixes. Among these is the issue of Microsoft ASP.NET MVC Security Update MS14-059 (KB2990942) breaking Azure Pack PowerShell modules.
After the administrator installs MVC Security Update 2990942, all Azure Pack PowerShell commands return the following exemption:Method not found: ‘Void Newtonsoft.Json.Serialization.DefaultContractResolver.set_IgnoreSerializableAttribute(Boolean)
After Azure Pack Update Rollup 4 (KB2992027) is installed, the administrator can install MVC Security Update 2990942 without problems.
Important The resolution of the security fixes requires running a script to change the database. See step 5 of the installation instructions.
How to obtain and install Update Rollup 4 for Windows Azure Pack
Update packages for Windows Azure Pack are available from Microsoft Update or by manual download.
To obtain and install an update package from Microsoft Update, follow these steps on a computer that has an applicable Windows Azure Pack component installed:
- Click Start, and then click Control Panel.
- In Control Panel, double-click Windows Update.
- In the Windows Update window, click Check Online for updates from Microsoft Update.
- Click Important updates are available.
- Select the Update Rollup package, and then click OK.
- Click Install updates to install the update package.
Manual download of the update packages
The following file is available for manual download from the Microsoft Update Catalog:These installation instructions are for the following Windows Azure Pack components:
- Tenant site
- Tenant API
- Tenant Public API
- Administration site
- Administration API
- Tenant Authentication
- Administration Authentication
- Usage Extension
- Monitoring Extension
- SQL Server Extension
- MySQL Extension
- Web App Gallery Extension
- Configuration site
- Best Practices Analyzer
- PowerShell API
To install the update .msi files for each Windows Azure Pack component, follow these steps:
- If the system is currently operational (handling customer traffic), schedule downtime for the Azure servers. The Windows Azure Pack does currently not support rolling upgrades.
- Stop or redirect customer traffic to sites that you consider satisfactory.
- Create backups of the computers and databases. To do this, follow these steps:
- This update does contain database changes (see step 5). We strongly recommend that you keep backups of your databases current before you install.
- If you use virtual machines, you should take snapshots of their current state. Otherwise, go to the next step.
- If you do not use VMs, make a backup of the computer to be used for restoring if you have to roll back your update installation.
If you use your own theme for the Windows Azure Pack Tenant site, follow these instructions to preserve your theme changes before you perform the update.
- Perform the update by using Microsoft Update either directly on each node or through the Windows Server Update Services (WSUS) server.
For each node under Load Balancing, run the updates for components in the following order:
- If you use the original self-signed certificates installed by WAP, the update operation will replace them. You have to export the new certificate and import it to the other nodes under Load Balancing. These certificates have the CN=MgmtSvc-* (Self-Signed) naming pattern.
- Update Resource Provider (RP) services (SQL Server, My SQL, SPF/VMM, websites) as needed. And make sure that the RP sites are running.
- Update the Tenant API site, and also the Public Tenant API site , Administrator API nodes, and Administrator and Tenant Authentication sites.
- Update the Administrator and Tenant sites.
- To resolve the issues about security updates, follow these steps:
- Download this script from the Microsoft Download Center. The script makes changes to the Windows Azure Pack databases.
- Open the script in a text editor such as Windows PowerShell ISE.
- Change the following connection string line to match the instance of Microsoft SQL Server that you use for Windows Azure Pack:$wapConnectionString = “server=your_server_name;uid=sa;pwd=your_password;database=master;”
- Run this script as an administrator on the servers that contain the Mgmt-Svc-PowerShellAPI module. These servers are those that run the following:
- Usage Extension
- Web App Gallery Extension
- SQL Server Extension
- MySQL Extension
- If all components are updated and are functioning as expected, you can start to open the traffic to your updated nodes. Otherwise, see the “Rollback instructions” section.