叢集更新插的運作方式How Cluster-Aware Updating plug-ins work

適用於:Windows Server(以每年次管道)、Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

叢集更新(CAU) 使用插上容錯移轉叢集節點協調安裝的更新。Cluster-Aware Updating (CAU) uses plug-ins to coordinate the installation of updates across nodes in a failover cluster. 本主題提供使用 built\ 中 CAU plug\ 單元或 CAU 您安裝其他 plug\ 集的相關資訊。This topic provides information about using the built-in CAU plug-ins or other plug-ins that you install for CAU.

安裝 plug\ 中Install a plug-in

Plug\ 中以外預設 plug\ 單元已安裝的 CAU \ (Microsoft.WindowsUpdatePluginMicrosoft.HotfixPlugin) 必須安裝另行購買。A plug-in other than the default plug-ins that are installed with CAU (Microsoft.WindowsUpdatePlugin and Microsoft.HotfixPlugin) must be installed separately. 如果 CAU 用於 self\ 更新模式時,plug\ 中必須安裝所有叢集節點。If CAU is used in self-updating mode, the plug-in must be installed on all cluster nodes. 如果 CAU 用於 remote\ 更新模式時,plug\ 中必須安裝更新協調器遠端電腦上。If CAU is used in remote-updating mode, the plug-in must be installed on the remote Update Coordinator computer. Plug\ 在您安裝可能需要其他安裝需求每個節點上。A plug-in that you install may have additional installation requirements on each node.

安裝 plug\ 中,請依照下列指示 plug\ 中發行者。To install a plug-in, follow the instructions from the plug-in publisher. 若要手動與 CAU 登記 plug\ 中,執行進行登記-CauPlugin cmdlet plug\ 中安裝所在的每一部電腦上。To manually register a plug-in with CAU, run the Register-CauPlugin cmdlet on each computer where the plug-in is installed.

指定 plug\ 在並 plug\ 引數Specify a plug-in and plug-in arguments

指定 CAU plug\ 中Specify a CAU plug-in

在 CAU UI,您 plug\ 中從清單中選取 drop\ 下的增益 plug\ 當您使用 CAU 執行下列動作:In the CAU UI, you select a plug-in from a drop-down list of available plug-ins when you use CAU to perform the following actions:

  • 適用於叢集更新Apply updates to the cluster

  • 用於叢集 preview 更新Preview updates for the cluster

  • 設定叢集 self\ 更新選項Configure cluster self-updating options

根據預設,CAU 選取 plug\ 在Microsoft.WindowsUpdatePluginBy default, CAU selects the plug-in Microsoft.WindowsUpdatePlugin. 不過,您可以指定任何 plug\ 中的安裝和使用 CAU 登記完畢。However, you can specify any plug-in that is installed and registered with CAU.

提示

在 CAU UI,您可以僅限指定單一 plug\ 單元 CAU 使用預覽或更新執行期間套用更新。In the CAU UI, you can only specify a single plug-in for CAU to use to preview or to apply updates during an Updating Run. 藉由使用 CAU PowerShell cmdlet,您可以指定一或多個 plug\ 增益集。如果您需要叢集上安裝的更新多個類型,執行一個,請更新多個 plug\ 單元指定通常更有效率而不是使用不同的每個執行更新 plug\ 中。By using the CAU PowerShell cmdlets, you can specify one or more plug-ins. If you need to install multiple types of updates on the cluster, it is usually more efficient to specify multiple plug-ins in one Updating Run, rather than using a separate Updating Run for each plug-in. 例如,通常會發生較少節點重新開機。For example, fewer node restarts will typically occur.

使用下表列出的 CAU PowerShell cmdlet,您可以指定一或多個 plug\ 單元對更新執行或掃描傳遞– CauPluginName的參數。By using the CAU PowerShell cmdlets that are listed in the following table, you can specify one or more plug-ins for an Updating Run or scan by passing the –CauPluginName parameter. 您可以指定 plug\ 中名稱多個以逗號分隔。You can specify multiple plug-in names by separating them with commas. 若您指定了多個 plug\ 單元,您也可以控制如何 plug\ 單元影響彼此更新執行期間藉由-RunPluginsSerially-StopOnPluginFailure,並– SeparateReboots的參數。If you specify multiple plug-ins, you can also control how the plug-ins influence each other during an Updating Run by specifying the -RunPluginsSerially, -StopOnPluginFailure, and –SeparateReboots parameters. 如需有關如何使用多個 plug\ 集的詳細資訊,請使用下表中的 cmdlet 文件所提供的連結。For more information about using multiple plug-ins, use the links provided to the cmdlet documentation in the following table.

CmdletCmdlet 描述Description
Add-CauClusterRoleAdd-CauClusterRole 將提供 self\ 更新功能,以指定叢集 CAU 叢集的角色。Adds the CAU clustered role that provides the self-updating functionality to the specified cluster.
Invoke-CauRunInvoke-CauRun 執行的掃描叢集節點適用的更新,並透過指定叢集上更新執行這些更新會安裝。Performs a scan of cluster nodes for applicable updates and installs those updates through an Updating Run on the specified cluster.
Invoke-CauScanInvoke-CauScan 執行的掃描叢集節點適用的更新,並傳回會套用指定的叢集中的每個節點更新的初始設定的清單。Performs a scan of cluster nodes for applicable updates and returns a list of the initial set of updates that would be applied to each node in the specified cluster.
Set-CauClusterRoleSet-CauClusterRole 設定 CAU 叢集角色組態屬性,指定叢集上。Sets configuration properties for the CAU clustered role on the specified cluster.

如果您未使用下列 cmdlet 來指定 CAU plug\ 中參數,預設值是 plug\ 在Microsoft.WindowsUpdatePluginIf you do not specify a CAU plug-in parameter by using these cmdlets, the default is the plug-in Microsoft.WindowsUpdatePlugin.

指定 CAU plug\ 中引數Specify CAU plug-in arguments

當您設定的更新執行選項時,您可以指定一或多name\ = 值配對 (arguments) 選取 plug-中使用。When you configure the Updating Run options, you can specify one or more name=value pairs (arguments) for the selected plug-in to use. 例如,CAU ui,您可以指定多個引數如下:For example, in the CAU UI, you can specify multiple arguments as follows:

Name1\ = Value1;Name2\ = Value2;Name3\ = Value3Name1=Value1;Name2=Value2;Name3=Value3

這些name\ = 值配對必須 plug\ 中的意義,指定。These name=value pairs must be meaningful to the plug-in that you specify. 針對某些 plug\ 單元引數是選擇性的。For some plug-ins the arguments are optional.

引數 CAU plug\ 中的語法遵循這些一般規則:The syntax of the CAU plug-in arguments follows these general rules:

  • 多個name\ = 值分號來分隔配對。Multiple name=value pairs are separated by semicolons.

  • 含有空間值住引號,例如:Name1\ =「值空間]A value that contains spaces is surrounded by quotation marks, for example: Name1="Value with Spaces".

  • 確切語法上 plug\ 中而有所不同。The exact syntax of value depends on the plug-in.

使用 CAU PowerShell cmdlet 支援指定 plug\ 中引數– CauPluginParameters參數,pass 表單的參數為:To specify plug-in arguments by using the CAU PowerShell cmdlets that support the –CauPluginParameters parameter, pass a parameter of the form:

-CauPluginArguments @{Name1\ = Value1;Name2\ = Value2;Name3\ = Value3}-CauPluginArguments @{Name1=Value1;Name2=Value2;Name3=Value3}

您也可以使用預先定義的 PowerShell hash 資料表。You can also use a predefined PowerShell hash table. 若要指定 plug\ 中引數一個以上的 plug\ 中傳遞多個以逗號分隔的引數 hash 表格。To specify plug-in arguments for more than one plug-in, pass multiple hash tables of arguments, separated with commas. 順序 plug\ 中指定傳遞 plug\ 引數CauPluginNamePass the plug-in arguments in the plug-in order that is specified in CauPluginName.

指定選擇性 plug\ 中引數Specify optional plug-in arguments

安裝 CAU plug\ 單元 \ (Microsoft.WindowsUpdatePluginMicrosoft.HotfixPlugin) 提供其他選項,您可以選取。The plug-ins that CAU installs (Microsoft.WindowsUpdatePlugin and Microsoft.HotfixPlugin) provide additional options that you can select. 在 CAU UI,這些出現在其他選項頁面上之後您設定 plug\ 中對更新執行的選項。In the CAU UI, these appear on an Additional Options page after you configure Updating Run options for the plug-in. 如果您使用 CAU PowerShell cmdlet、下列選項設定為選擇性 plug\ 中引數。If you are using the CAU PowerShell cmdlets, these options are configured as optional plug-in arguments. 如需詳細資訊,請查看使用 Microsoft.WindowsUpdatePlugin使用 Microsoft.HotfixPlugin本主題中的更新版本。For more information, see Use the Microsoft.WindowsUpdatePlugin and Use the Microsoft.HotfixPlugin later in this topic.

管理單元 plug\ 使用 Windows PowerShell cmdletManage plug-ins using Windows PowerShell cmdlets

CmdletCmdlet 描述Description
Get-CauPluginGet-CauPlugin 擷取一或多個更新 plug\ 增益集,登記本機電腦上的軟體的相關資訊。Retrieves information about one or more software updating plug-ins that are registered on the local computer.
Register-CauPluginRegister-CauPlugin 暫存器 CAU 軟體更新 plug\ 入本機電腦上。Registers a CAU software updating plug-in on the local computer.
Unregister-CauPluginUnregister-CauPlugin 軟體更新 plug\ 單元從 plug\ 增益集,可供 CAU 的清單中移除。Removes a software updating plug-in from the list of plug-ins that can be used by CAU. 注意:安裝的 CAU plug\ 單元 \ (Microsoft.WindowsUpdatePluginMicrosoft.HotfixPlugin) 無法取消。Note: The plug-ins that are installed with CAU (Microsoft.WindowsUpdatePlugin and the Microsoft.HotfixPlugin) cannot be unregistered.

使用 Microsoft.WindowsUpdatePluginUsing the Microsoft.WindowsUpdatePlugin

預設的 plug\ 單元 CAU,Microsoft.WindowsUpdatePlugin,執行下列動作:The default plug-in for CAU, Microsoft.WindowsUpdatePlugin, performs the following actions:

  • 使用 Windows Update 代理程式每個容錯移轉叢集節點上套用更新所需的每個節點執行 Microsoft 你會通訊。Communicates with the Windows Update Agent on each failover cluster node to apply updates that are needed for the Microsoft products that are running on each node.
  • 直接從 Windows Update 或 Microsoft Update,或 on\ 先 Windows Server Update Services (WSUS) 伺服器,請安裝叢集更新。Installs cluster updates directly from Windows Update or Microsoft Update, or from an on-premises Windows Server Update Services (WSUS) server.
  • 僅選取,安裝一般 distribution 發行 (GDR) 更新。Installs only selected, general distribution release (GDR) updates. 根據預設,plug\ 在適用於僅適用的重要軟體更新。By default, the plug-in applies only important software updates. 不不需要任何設定。No configuration is required. 預設設定,下載並安裝重要 GDR 更新每個節點上。The default configuration downloads and installs important GDR updates on each node.

注意

若要套用更新以外的重要軟體更新選取預設的 \(例如,驅動程式 updates\),您可以設定為選擇性 plug\ 中參數。To apply updates other than the important software updates that are selected by default (for example, driver updates), you can configure an optional plug-in parameter. 如需詳細資訊,請查看設定 Windows 更新代理程式查詢字串For more information, see Configure the Windows Update Agent query string.

需求Requirements

  • 遠端更新協調器電腦 (if used) 與容錯移轉叢集必須符合的需求 CAU 和設定所需的遠端管理列在需求與最佳做法 CAUThe failover cluster and remote Update Coordinator computer (if used) must meet the requirements for CAU and the configuration that is required for remote management listed in Requirements and Best Practices for CAU.
  • 檢視適用於套用更新 Microsoft 建議,然後容錯移轉叢集節點您 Microsoft Update 設定來進行任何必要變更。Review Recommendations for applying Microsoft updates, and then make any necessary changes to your Microsoft Update configuration for the failover cluster nodes.
  • 取得最佳效果,我們建議您執行的最佳做法分析 CAU (BPA) 確保叢集和更新環境正確設定使用 CAU 套用更新。For best results, we recommend that you run the CAU Best Practices Analyzer (BPA) to ensure that the cluster and update environment are configured properly to apply updates by using CAU. 如需詳細資訊,請查看更新整備測試 CAUFor more information, see Test CAU updating readiness.

注意

排除需要接受 Microsoft 授權合約,或者需要與使用者互動的更新,以及他們必須手動安裝。Updates that require the acceptance of Microsoft license terms or require user interaction are excluded, and they must be installed manually.

其他選項Additional options

或者,您可以指定下列 plug\ 中引數擴大或限制的更新 plug\ 中所套用的設定:Optionally, you can specify the following plug-in arguments to augment or restrict the set of updates that are applied by the plug-in:

  • Plug\ 中上套用除了每個節點,在 CAU UI 上的重要更新建議的更新設定的其他選項頁面上,選取提供建議更新與接收重要更新的方式相同核取方塊。To configure the plug-in to apply recommended updates in addition to important updates on each node, in the CAU UI, on the Additional Options page, select the Give me recommended updates the same way that I receive important updates check box.
    或者,請設定'IncludeRecommendedUpdates' ' true '中 plug\ 引數。Alternatively, configure the 'IncludeRecommendedUpdates'='True' plug-in argument.
  • 若要設定 plug\ 中篩選適用於叢集的每個節點 GDR 更新的類型,指定 Windows Update 代理程式查詢字串使用查詢中 plug\ 引數。To configure the plug-in to filter the types of GDR updates that are applied to each cluster node, specify a Windows Update Agent query string using a QueryString plug-in argument. 如需詳細資訊,請查看設定 Windows 更新代理程式查詢字串For more information, see Configure the Windows Update Agent query string.

設定 Windows 更新代理程式查詢字串Configure the Windows Update Agent query string

您可以設定 plug\ 中引數 plug\ 中的預設的Microsoft.WindowsUpdatePlugin,可包含 Windows Update 代理程式 (WUA) 查詢字串。You can configure a plug-in argument for the default plug-in, Microsoft.WindowsUpdatePlugin, that consists of a Windows Update Agent (WUA) query string. 這個指令使用 WUA API 找出的 Microsoft 更新適用於特定選取條件為基礎的每個節點一或多個群組。This instruction uses the WUA API to identify one or more groups of Microsoft updates to apply to each node, based on specific selection criteria. 您可以使用邏輯,或 OR 邏輯結合多個條件。You can combine multiple criteria by using a logical AND or a logical OR. WUA 查詢字串中指定 plug\ 中引數,如下所示:The WUA query string is specified in a plug-in argument as follows:

QueryString\ =」Criterion1\ = Value1 and\ 日或 Criterion2\ = Value2 and\ 日或...」QueryString="Criterion1=Value1 and/or Criterion2=Value2 and/or…"

例如Microsoft.WindowsUpdatePlugin會自動選取 [使用預設的 [重要更新查詢使用建構引數已安裝輸入IsHidden,和IsAssigned條件:For example, Microsoft.WindowsUpdatePlugin automatically selects important updates by using a default QueryString argument that is constructed using the IsInstalled, Type, IsHidden, and IsAssigned criteria:

QueryString\ =」IsInstalled\ = 0 和 Type\ = '軟體' 和 IsHidden\ = 0 和 IsAssigned\ = 1 台」QueryString="IsInstalled=0 and Type='Software' and IsHidden=0 and IsAssigned=1"

若您指定查詢引數,它用來取代預設的查詢plug\ 中的設定。If you specify a QueryString argument, it is used in place of the default QueryString that is configured for the plug-in.

範例 1Example 1

若要設定查詢安裝特定的更新,以 ID 引數f6ce46c1-971c-43f9-a2aa-783df125f003:To configure a QueryString argument that installs a specific update as identified by ID f6ce46c1-971c-43f9-a2aa-783df125f003:

QueryString\ =」UpdateID\ ='f6ce46c1-971c-43f9-a2aa-783df125f003' 和 IsInstalled\ = 0」QueryString="UpdateID='f6ce46c1-971c-43f9-a2aa-783df125f003' and IsInstalled=0"

注意

前一個範例是適用於使用 Cluster\ 感知更新精靈套用更新。The preceding example is valid for applying updates by using the Cluster-Aware Updating Wizard. 如果您想要安裝特定的更新,藉由設定 self\ 更新選項 CAU UI 或使用Add-CauClusterRoleSet-CauClusterRolePowerShell cmdlet,您必須格式化具有兩個 single\ 引號字元 UpdateID 值:If you want to install a specific update by configuring self-updating options with the CAU UI or by using the Add-CauClusterRole or Set-CauClusterRolePowerShell cmdlet, you must format the UpdateID value with two single-quote characters:

QueryString\ =」UpdateID\ = f6ce46c1-971c-43f9-a2aa-783df125f003 ' 和 IsInstalled\ = 0」QueryString="UpdateID=''f6ce46c1-971c-43f9-a2aa-783df125f003'' and IsInstalled=0"

範例 2Example 2

若要設定查詢,將只驅動程式安裝引數:To configure a QueryString argument that installs only drivers:

QueryString\ =」IsInstalled\ = 0 和 Type\ = '驅動程式' 和 IsHidden\ = 0」QueryString="IsInstalled=0 and Type='Driver' and IsHidden=0"

如需有關查詢字串 plug\ 中的預設的Microsoft.WindowsUpdatePlugin,搜尋條件 \ (例如已安裝),,您可以在查詢字串,包括語法看到的區段,搜尋條件中相關Windows Update 代理 (WUA) API 參考For more information about query strings for the default plug-in, Microsoft.WindowsUpdatePlugin, the search criteria (such as IsInstalled), and the syntax that you can include in the query strings, see the section about search criteria in the Windows Update Agent (WUA) API Reference.

使用 Microsoft.HotfixPluginUse the Microsoft.HotfixPlugin

Plug\ 在Microsoft.HotfixPlugin可以用來適用於 Microsoft 有限 distribution 版本 (LDR) 更新 \(也稱為 hotfix、和先前稱為 QFEs\),則您獨立下載地 Microsoft 軟體的特定問題。The plug-in Microsoft.HotfixPlugin can be used to apply Microsoft limited distribution release (LDR) updates (also called hotfixes, and formerly called QFEs) that you download independently to address specific Microsoft software issues. 外掛程式從根 SMB 檔案共用資料夾安裝的更新,您也可以自訂套用 non\ 的 Microsoft 驅動程式、韌體和 BIOS 更新。The plug-in installs updates from a root folder on an SMB file share and can also be customized to apply non-Microsoft driver, firmware, and BIOS updates.

注意

Hotfix 有時候可供下載 Microsoft 知識庫文章中,但也提供針對 as\ 需要為基礎。Hotfixes are sometimes available for download from Microsoft in Knowledge Base articles, but they are also provided to customers on an as-needed basis.

需求Requirements

  • 遠端更新協調器電腦 (if used) 與容錯移轉叢集必須符合的需求 CAU 和設定所需的遠端管理列在需求與最佳做法 CAUThe failover cluster and remote Update Coordinator computer (if used) must meet the requirements for CAU and the configuration that is required for remote management listed in Requirements and Best Practices for CAU.
  • 檢視適用於使用 Microsoft.HotfixPlugin 建議Review Recommendations for using the Microsoft.HotfixPlugin.
  • 取得最佳效果,我們建議您執行的最佳做法分析 CAU (BPA) 型號確保叢集和更新環境正確設定使用 CAU 套用更新。For best results, we recommend that you run the CAU Best Practices Analyzer (BPA) model to ensure that the cluster and update environment are configured properly to apply updates by using CAU. 如需詳細資訊,請查看更新整備測試 CAUFor more information, see Test CAU updating readiness.
  • 從「發行者」取得更新,將它們複製或將它們解壓縮至伺服器訊息區 (SMB) 檔案共用 \ (hotfix 根 folder) 的支援至少 SMB 2.0 和,都可以存取所有叢集節點協調更新器遠端電腦 \(如果 CAU 用於 remote\ 更新 mode\)。Obtain the updates from the publisher, and copy them or extract them to a Server Message Block (SMB) file share (hotfix root folder) that supports at least SMB 2.0 and that is accessible by all of the cluster nodes and the remote Update Coordinator computer (if CAU is used in remote-updating mode). 如需詳細資訊,請查看設定 hotfix 根資料夾結構本主題中的更新版本。For more information, see Configure a hotfix root folder structure later in this topic.

    注意

    根據預設,這 plug\ 單元只安裝 hotfix 具有下列副檔名:.msu、.msi,以及.msp。By default, this plug-in only installs hotfixes with the following file name extensions: .msu, .msi, and .msp.

  • 複製檔案 DefaultHotfixConfig.xml \ (中提供的%systemroot%\System32\WindowsPowerShell\v1.0\Modules\ClusterAwareUpdating資料夾的電腦上的 CAU 工具 installed) 您到您所建立的 hotfix 根資料夾和所在解壓縮 hotfix。Copy the DefaultHotfixConfig.xml file (which is provided in the %systemroot%\System32\WindowsPowerShell\v1.0\Modules\ClusterAwareUpdating folder on a computer where the CAU tools are installed) to the hotfix root folder that you created and under which you extracted the hotfixes. 例如,設定將檔案複製到\\MyFileServer\Hotfixes\Root\For example, copy the configuration file to \\MyFileServer\Hotfixes\Root\.

    注意

    若要安裝最 hotfix 提供 Microsoft 和其他的更新,預設 hotfix 設定檔可用修改而。To install most hotfixes provided by Microsoft and other updates, the default hotfix configuration file can be used without modification. 如果您的案例需要它,您可以為進階任務自訂設定檔。If your scenario requires it, you can customize the configuration file as an advanced task. 設定檔可以包含自訂規則,處理 hotfix 檔案有特定的延伸模組或來定義特定結束條件的行為。The configuration file can include custom rules, for example, to handle hotfix files that have specific extensions, or to define behaviors for specific exit conditions. 如需詳細資訊,請查看自訂 hotfix 設定檔本主題中的更新版本。For more information, see Customize the hotfix configuration file later in this topic.

設定Configuration

下列設定。Configure the following settings. 如需詳細資訊,查看稍後在本主題中的區段的連結。For more information, see the links to sections later in this topic.

  • 共用的 hotfix 根資料夾,其中包含套用更新和的路徑包含 hotfix 設定檔。The path to the shared hotfix root folder that contains the updates to apply and that contains the hotfix configuration file. 您可以輸入此路徑 CAU UI 或設定HotfixRootFolderPath\ = \ < 路徑 > PowerShell plug\ 中引數。You can type this path in the CAU UI or configure the HotfixRootFolderPath=<Path> PowerShell plug-in argument.

    注意

    您可以指定 hotfix 根資料夾路徑本機的資料夾,或為底色表單的\\ServerName\Share\RootFolderNameYou can specify the hotfix root folder as a local folder path or as a UNC path of the form \\ServerName\Share\RootFolderName. 可用 domain\ 型或獨立 DFS 命名空間路徑。A domain-based or standalone DFS Namespace path can be used. 不過,檢查 hotfix 設定檔中的存取權限的相容 DFS 命名空間路徑,所以如果您設定一個,您必須停用檢查是否有 plug\ 中功能存取權限使用 CAU UI 或設定DisableAclChecks' true '中 plug\ 引數。However, the plug-in features that check access permissions in the hotfix configuration file are incompatible with a DFS Namespace path, so if you configure one, you must disable the check for access permissions by using the CAU UI or by configuring the DisableAclChecks='True' plug-in argument.

  • 檢查的適當權限存取資料夾,並確定從 SMB 存取資料的完整性 hotfix 根資料夾的伺服器上的設定共用資料夾 \ (SMB 登入或 SMB Encryption)。Settings on the server that hosts the hotfix root folder to check for appropriate permissions to access the folder and ensure the integrity of the data accessed from the SMB shared folder (SMB signing or SMB Encryption). 如需詳細資訊,請查看限制 hotfix 根資料夾的存取For more information, see Restrict access to the hotfix root folder.

其他選項Additional options

  • (選擇性)設定 plug\ 中,SMB 加密執行時存取 hotfix 檔案共用的資料。Optionally, configure the plug-in so that SMB Encryption is enforced when accessing data from the hotfix file share. 在 CAU UI,在其他選項頁面上,選取中存取 hotfix 根資料夾需要 SMB 加密選項,或設定RequireSMBEncryption' true ' PowerShell plug\ 中引數。In the CAU UI, on the Additional Options page, select the Require SMB Encryption in accessing the hotfix root folder option, or configure the RequireSMBEncryption='True' PowerShell plug-in argument. > [!IMPORTANT] > 您必須執行額外的設定步驟,可讓 SMB SMB 登入或 SMB 加密資料的完整性 SMB 伺服器上。You must perform additional configuration steps on the SMB server to enable SMB data integrity with SMB signing or SMB Encryption. 如需詳細資訊,請查看中執行「步驟 4限制 hotfix 根資料夾的存取For more information, see Step 4 in Restrict access to the hotfix root folder. 如果您選擇使用 SMB 加密,並 hotfix 根資料夾執行無法存取使用 SMB 加密,在更新文字將會失敗。If you select the option to enforce the use of SMB Encryption, and the hotfix root folder is not configured for access by using SMB Encryption, the Updating Run will fail.
  • (選擇性)停用預設檢查不足的權限 hotfix 根資料夾和 hotfix 設定檔。Optionally, disable the default checks for sufficient permissions for the hotfix root folder and the hotfix configuration file. 在 CAU UI,選取 [停用檢查 hotfix 根資料夾和設定檔系統管理員權限的,或設定DisableAclChecks' true ' plug\ 中引數。In the CAU UI, select Disable check for administrator access to the hotfix root folder and configuration file, or configure the DisableAclChecks='True' plug-in argument.
  • (選擇性)設定HotfixInstallerTimeoutMinutes\ =引數指定多久 plug\ 中等待退貨 hotfix 安裝程序。Optionally, configure the HotfixInstallerTimeoutMinutes= argument to specify how long the hotfix plug-in waits for the hotfix installer process to return. \ (預設值為 30 分鐘的時間。),例如指定逾時兩個小時的時間,請設定HotfixInstallerTimeoutMinutes\ = 120(The default is 30 minutes.) For example, to specify a timeout period of two hours, set HotfixInstallerTimeoutMinutes=120.
  • (選擇性)設定HotfixConfigFileName \ = 中 plug\ 引數指定位於 hotfix 根資料夾 hotfix 設定檔的名稱。Optionally, configure the HotfixConfigFileName = plug-in argument to specify a name for the hotfix configuration file that is located in the hotfix root folder. 如果未指定,會使用預設的名稱 DefaultHotfixConfig.xml。If not specified, the default name DefaultHotfixConfig.xml is used.

設定 hotfix 根資料夾結構Configure a hotfix root folder structure

Plug\ 中的工作,hotfix 必須儲存在 SMB 檔案共用 well\ 定義結構 \ (hotfix 根 folder),您必須使用 CAU UI 或 CAU PowerShell cmdlet hotfix 根資料夾的路徑與設定 plug\。For the hotfix plug-in to work, hotfixes must be stored in a well-defined structure in an SMB file share (hotfix root folder), and you must configure the hotfix plug-in with the path to the hotfix root folder by using the CAU UI or the CAU PowerShell cmdlets. 這個路徑傳送到 plug\ 為HotfixRootFolderPath引數。This path is passed to the plug-in as the HotfixRootFolderPath argument. 您可以選擇數個結構 hotfix 根資料夾中的其中一個更新您的需求,依據以下的範例所示。You can choose one of several structures for the hotfix root folder, according to your updating needs, as shown in the following examples. 忽略檔案或資料夾不符合結構。Files or folders that do not adhere to the structure are ignored.

範例 1-資料夾結構用來套用到所有叢集節點 hotfixExample 1 - Folder structure used to apply hotfixes to all cluster nodes

若要指定 hotfix 適用於所有叢集節點,將它們複製到名為CAUHotfix_All下方的 hotfix 根資料夾。To specify that hotfixes apply to all cluster nodes, copy them to a folder named CAUHotfix_All under the hotfix root folder. 在此範例中,HotfixRootFolderPath設定為在 plug\ 引數\\MyFileServer\Hotfixes\Root\In this example, the HotfixRootFolderPath plug-in argument is set to \\MyFileServer\Hotfixes\Root\. CAUHotfix_All資料夾包含.msu 擴充功能、與.msi,這會套用到所有叢集節點.msp 三個更新。The CAUHotfix_All folder contains three updates with the extensions .msu, .msi, and .msp that will be applied to all cluster nodes. 更新檔案名稱是僅針對圖用途。The update file names are only for illustration purposes.

注意

在這及以下的範例,以預設名稱 DefaultHotfixConfig.xml hotfix 設定檔所示它的必要位置 hotfix 根資料夾中。In this and the following examples, the hotfix configuration file with its default name DefaultHotfixConfig.xml is shown in its required location in the hotfix root folder.

\\MyFileServer\Hotfixes\Root\   
   DefaultHotfixConfig.xml  
   CAUHotfix_All\   
      Update1.msu   
      Update2.msi   
      Update3.msp  
      ...  

用於特定的更新只適用於特定節點範例 2-結構資料夾Example 2 - Folder structure used to apply certain updates only to a specific node

若要指定 hotfix 僅適用於特定節點,使用 hotfix 根資料夾節點的名稱下方的子資料夾。To specify hotfixes that apply only to a specific node, use a subfolder under the hotfix root folder with the name of the node. 使用叢集] 節點 NetBIOS 名稱,例如ContosoNode1Use the NetBIOS name of the cluster node, for example, ContosoNode1. 然後,將更新僅適用於此節點此子資料夾。Then, move the updates that apply only to this node to this subfolder. 下列範例中,HotfixRootFolderPath設定為在 plug\ 引數\\MyFileServer\Hotfixes\Root\In the following example, the HotfixRootFolderPath plug-in argument is set to \\MyFileServer\Hotfixes\Root\. 在更新CAUHotfix_All資料夾會套用到所有叢集節點,和Node1_Specific_Update.msu僅會套用ContosoNode1Updates in the CAUHotfix_All folder will be applied to all cluster nodes, and Node1_Specific_Update.msu will be applied only to ContosoNode1.

\\MyFileServer\Hotfixes\Root\   
   DefaultHotfixConfig.xml  
   CAUHotfix_All\   
      Update1.msu   
      Update2.msi   
      Update3.msp  
      ...  
   ContosoNode1\   
      Node1_Specific_Update.msu   
      ...  

範例 3-資料夾結構用來套用以外.msu、.msi,以及.msp 檔案更新Example 3 - Folder structure used to apply updates other than .msu, .msi, and .msp files

根據預設,Microsoft.HotfixPlugin僅適用於.msu、.msi 或.msp 擴充功能的更新。By default, Microsoft.HotfixPlugin only applies updates with the .msu, .msi, or .msp extension. 不過,可能會有不同的擴充功能特定的更新,並需要其他安裝的命令。However, certain updates might have different extensions and require different installation commands. 例如,您可能需要適用於叢集節點.exe 擴充功能的韌體更新。For example, you might need to apply a firmware update with the extension .exe to a node in a cluster. 您可以使用子資料夾,表示您有一個特定的設定 hotfix 根資料夾,應該要安裝 non\ 預設的更新類型。You can configure the hotfix root folder with a subfolder that indicates a specific, non-default update type should be installed. 您還必須設定指定中的安裝命令的對應資料夾安裝規則<FolderRules>hotfix 組態 XML 檔案中的項目。You must also configure a corresponding folder installation rule that specifies the installation command in the <FolderRules> element in the hotfix configuration XML file.

下列範例中,HotfixRootFolderPath設定為在 plug\ 引數\\MyFileServer\Hotfixes\Root\In the following example, the HotfixRootFolderPath plug-in argument is set to \\MyFileServer\Hotfixes\Root\. 數個的更新將會套用到所有叢集節點,以及韌體更新SpecialHotfix1.exe將會套用到ContosoNode1來使用FolderRule1Several updates will be applied to all cluster nodes, and a firmware update SpecialHotfix1.exe will be applied to ContosoNode1 by using FolderRule1. 設定的相關資訊的FolderRule1在 hotfix 設定檔,會看到自訂 hotfix 設定檔本主題中的更新版本。For information about configuring FolderRule1 in the hotfix configuration file, see Customize the hotfix configuration file later in this topic.

\\MyFileServer\Hotfixes\Root\   
   DefaultHotfixConfig.xml  
   CAUHotfix_All\   
      Update1.msu   
      Update2.msi   
      Update3.msp  
      ...  

   ContosoNode1\   
      FolderRule1\  
          SpecialHotfix1.exe  
      ...  

自訂 hotfix 設定檔Customize the hotfix configuration file

Hotfix 設定檔控制項如何Microsoft.HotfixPlugin容錯移轉叢集中安裝特定 hotfix 檔案類型。The hotfix configuration file controls how Microsoft.HotfixPlugin installs specific hotfix file types in a failover cluster. 在 HotfixConfigSchema.xsd,位於下列電腦上的資料夾位置 CAU 工具安裝定義 XML 架構設定檔:The XML schema for the configuration file is defined in HotfixConfigSchema.xsd, which is located in the following folder on a computer where the CAU tools are installed:

%systemroot%\System32\WindowsPowerShell\v1.0\Modules\ClusterAwareUpdating 資料夾%systemroot%\System32\WindowsPowerShell\v1.0\Modules\ClusterAwareUpdating folder

若要自訂 hotfix 設定檔,此位置範例設定檔 DefaultHotfixConfig.xml 複製到 hotfix 根資料夾以適當的修改案例。To customize the hotfix configuration file, copy the sample configuration file DefaultHotfixConfig.xml from this location to the hotfix root folder and make appropriate modifications for your scenario.

重要

適用於大多數 hotfix 提供 Microsoft 和其他的更新,以預設 hotfix 設定檔可用修改。To apply most hotfixes provided by Microsoft and other updates, the default hotfix configuration file can be used without modification. 自訂的設定檔 hotfix 是進階的使用量案例中,只有工作。Customization of the hotfix configuration file is a task only in advanced usage scenarios.

根據預設,hotfix 組態 XML 檔案定義安裝規則及以下兩種類型的 hotfix 結束條件:By default, the hotfix configuration XML file defines installation rules and exit conditions for the following two categories of hotfixes:

  • 與 plug\ 中安裝預設的延伸 Hotfix 檔案 \ (.msu、.msi,以及.msp files)。Hotfix files with extensions that the plug-in can install by default (.msu, .msi, and .msp files).

    這些定義為<ExtensionRules>中的項目<DefaultRules>的項目。These are defined as <ExtensionRules> elements in the <DefaultRules> element. 還有一個<Extension>的預設支援的檔案類型的每個項目。There is one <Extension> element for each of the default supported file types. 一般 XML 結構如下:The general XML structure is as follows:

    <DefaultRules>  
        <ExtensionRules>  
          <Extension name="MSI">  
            <!-- Template and ExitConditions elements for installation of .msi files follow -->  
             ...  
          </Extension>  
          <Extension name="MSU">  
            <!-- Template and ExitConditions elements for installation of .msu files follow -->  
             ...  
          </Extension>  
          <Extension name="MSP">  
            <!-- Template and ExitConditions elements for installation of .msp files follow -->  
             ...  
          </Extension>  
             ...  
       </ExtensionRules>  
    </DefaultRules>  
    

    如果您需要在您的環境中的所有叢集節點適都用於特定的更新類型,您可以定義其他<Extension>的項目。If you need to apply certain update types to all cluster nodes in your environment, you can define additional <Extension> elements.

  • Hotfix 或其他更新檔案不會.msi、.msu 或.msp 檔案,例如 non\ 的 Microsoft 驅動程式、韌體和 BIOS 更新。Hotfix or other update files that are not .msi, .msu, or .msp files, for example, non-Microsoft drivers, firmware, and BIOS updates.

    每個預設 non\ 檔案類型設定為<Folder>中的項目<FolderRules>的項目。Each non-default file type is configured as a <Folder> element in the <FolderRules> element. 名稱屬性的<Folder>的項目必須是相同的資料夾中將包含更新相對應的類型的 hotfix 根資料夾的名稱。The name attribute of the <Folder> element must be identical to the name of a folder in the hotfix root folder that will contain updates of the corresponding type. 資料夾可在CAUHotfix_All資料夾或 node\ 特定資料夾中。The folder can be in the CAUHotfix_All folder or in a node-specific folder. 例如,如果FolderRule1是設定 hotfix 根資料夾中,設定下列項目 XML 檔案定義安裝範本和結束條件該資料夾中的更新中:For example, if FolderRule1 is configured in the hotfix root folder, configure the following element in the XML file to define an installation template and exit conditions for the updates in that folder:

    <FolderRules>  
          <Folder name="FolderRule1">  
            <!-- Template and ExitConditions elements for installation of updates in FolderRule1 follow -->  
             ...  
          </Folder>  
          ...  
    </FolderRules>  
    

下表描述<Template>屬性,可能的<ExitConditions>子元素。The following tables describe the <Template> attributes and the possible <ExitConditions> subelements.

<Template> 屬性attribute 描述Description
path 定義中的檔案類型的安裝程式的完整路徑<Extension name>屬性。The full path to the installation program for the file type that is defined in the <Extension name> attribute.

若要指定 hotfix 根資料夾結構更新檔案的路徑,使用$update$To specify the path to an update file in the hotfix root folder structure, use $update$.
parameters 必要和選擇性的參數程式中所指定的字串pathA string of required and optional parameters for the program that is specified in path.

若要指定 hotfix 根資料夾結構更新檔案的路徑的參數,使用$update$To specify a parameter that is the path to an update file in the hotfix root folder structure, use $update$.
<ExitConditions> 子元素subelement 描述Description
<Success> 定義一或多個結束代碼,表示成功指定的更新。Defines one or more exit codes that indicate the specified update succeeded. 這是必要的子元素。This is a required subelement.
<Success_RebootRequired> 或者定義一或多個結束代碼,表示成功指定的更新,以及節點必須重新開機。Optionally defines one or more exit codes that indicate the specified update succeeded and the node must restart.
注意:(選擇性)<Folder>的項目可以包含alwaysReboot屬性。Note: Optionally, the <Folder> element can contain the alwaysReboot attribute. 此屬性設定,如果它表示如果安裝此規則 hotfix 傳回其中結束代碼中所定義<Success>、解譯為<Success_RebootRequired>結束條件。If this attribute is set, it indicates that if a hotfix installed by this rule returns one of the exit codes that is defined in <Success>, it is interpreted as a <Success_RebootRequired> exit condition.
<Fail_RebootRequired> 或者定義指出指定的更新失敗,且節點必須重新開機一或多個結束驗證碼。Optionally defines one or more exit codes that indicate the specified update failed and the node must restart.
<AlreadyInstalled> 或者定義一或多個結束代碼,表示它已安裝,所以不套用指定的更新。Optionally defines one or more exit codes that indicate the specified update was not applied because it is already installed.
<NotApplicable> 或者定義一或多個結束代碼,表示無法套用指定的更新,因為它並不適用於叢集節點。Optionally defines one or more exit codes that indicate the specified update was not applied because it does not apply to the cluster node.

重要

任何結束中未明確定義的程式碼<ExitConditions>更新失敗,並不會重新開機] 節點解譯。Any exit code that is not explicitly defined in <ExitConditions> is interpreted as the update failed, and the node does not restart.

只存取 hotfix 根資料夾Restrict access to the hotfix root folder

您必須執行設定 SMB 檔案伺服器和檔案分享來協助保護 hotfix 根資料夾的檔案和 hofix 存取只的部分的設定檔的幾個步驟Microsoft.HotfixPluginYou must perform several steps to configure the SMB file server and file share to help secure the hotfix root folder files and hofix configuration file for access only in the context of Microsoft.HotfixPlugin. 幾個功能,以避免可能竄改 hotfix 檔案可能危害容錯移轉叢集的方式可讓這些步驟。These steps enable several features that help prevent possible tampering with the hotfix files in a way that might compromise the failover cluster.

一般步驟如下:The general steps are as follows:

  1. 找出使用者 account 用於使用 plug\ 中更新執行Identify the user account that is used for Updating Runs by using the plug-in

  2. 此使用者 account 設定 SMB 檔案伺服器上的必要群組中Configure this user account in the necessary groups on an SMB file server

  3. 設定 hotfix 根資料夾的存取權限Configure permissions to access the hotfix root folder

  4. 設定 SMB 資料的完整性Configure settings for SMB data integrity

  5. 讓 Windows 防火牆 SMB 伺服器規則Enable a Windows Firewall rule on the SMB server

步驟 1。Step 1. 找出使用者 account 用於使用 plug\ 中更新執行Identify the user account that is used for Updating Runs by using the hotfix plug-in

檢查安全性設定同時執行更新執行使用用於 CAU account Microsoft.HotfixPlugin會隨著是否 CAU 使用 remote\ 更新模式或 self\ 更新模式下,如下所示:The account that is used in CAU to check security settings while performing an Updating Run using Microsoft.HotfixPlugin depends on whether CAU is used in remote-updating mode or self-updating mode, as follows:

  • Remote\ 更新模式account 預覽,並套用更新叢集上的系統管理員權限。Remote-updating mode The account that has administrative privileges on the cluster to preview and apply updates.

  • Self\ 更新模式設定 Active Directory 中為 CAU virtual 電腦物件的名稱叢集角色。Self-updating mode The name of the virtual computer object that is configured in Active Directory for the CAU clustered role. 這是在 Active Directory 中為 CAU 叢集角色預備 virtual 電腦物件的名稱或由叢集角色 CAU 的名稱。This is either the name of a prestaged virtual computer object in Active Directory for the CAU clustered role or the name that is generated by CAU for the clustered role. 若要取得由 CAU 名稱、執行Get-CauClusterRole CAU PowerShell cmdlet。To obtain the name if it is generated by CAU, run the Get-CauClusterRole CAU PowerShell cmdlet. 在輸出中,ResourceGroupName是產生 virtual 電腦物件 account 的名稱。In the output, ResourceGroupName is the name of the generated virtual computer object account.

步驟 2。Step 2. 此使用者 account 設定 SMB 檔案伺服器上的必要群組中Configure this user account in the necessary groups on an SMB file server

重要

您必須將新增對更新執行使用本機系統管理員 account SMB 伺服器上為 account。You must add the account that is used for Updating Runs as a local administrator account on the SMB server. 如果不允許這是因為您在組織中的安全性原則,使用下列程序此 account 設定必要 SMB 伺服器上的權限的。If this is not permitted because of the security policies in your organization, configure this account with the necessary permissions on the SMB server by using the following procedure.

設定使用者 account SMB 伺服器上To configure a user account on the SMB server
  1. 新增到散發 COM Users 群組並下列群組用於更新執行 account:進階使用者、伺服器作業或列印電信業者。Add the account that is used for Updating Runs to the Distributed COM Users group and to one of the following groups: Power User, Server Operation, or Print Operator.

  2. 若要讓必要的權限 WMI 帳號,開始 WMI 管理主控台 SMB 伺服器。To enable the necessary WMI permissions for the account, start the WMI Management Console on the SMB server. PowerShell [開始],然後輸入下列命令:Start PowerShell and then type the following command:

    wmimgmt.msc  
    
  3. 主控台中 right\ 按一下WMI 控制 (Local),然後按一下 [屬性In the console tree, right-click WMI Control (Local), and then click Properties.

  4. 按一下安全性,然後展開Click Security, and then expand Root.

  5. 按一下CIMV2,然後按的安全性Click CIMV2, and then click Security.

  6. 新增適用於更新執行到帳號群組或使用者名稱清單中。Add the account that is used for Updating Runs to the Group or user names list.

  7. 授與執行方法可讓遠端更新執行用於 account 權限。Grant the Execute Methods and Remote Enable permissions to the account that is used for Updating Runs.

步驟 3。Step 3. 設定 hotfix 根資料夾的存取權限Configure permissions to access the hotfix root folder

根據預設,當您嘗試套用更新 plug\ 中檢查存取 hotfix 根資料夾的 NTFS 檔案系統權限的設定。By default, when you attempt to apply updates, the hotfix plug-in checks the configuration of the NTFS file system permissions for access to the hotfix root folder. 如果資料夾的存取權限設定不正確,可能會失敗更新執行使用 plug\。If the folder access permissions are not configured properly, an Updating Run using the hotfix plug-in might fail.

如果您使用 plug\ 中的預設設定,請確認資料夾的存取權限符合下列需求。If you use the default configuration of the hotfix plug-in, ensure that the folder access permissions meet the following requirements.

  • Users 群組具有讀取權限。The Users group has Read permission.

  • 如果 plug\ 中將會套用.exe 擴充功能的更新,請 Users 群組已執行權限。If the plug-in will apply updates with the .exe extension, the Users group has Execute permission.

  • 允許只有特定的安全性原則 \(但不是 required\)有寫入或修改權限。Only certain security principals are permitted (but are not required) to have Write or Modify permission. 允許的主體是本機系統管理員群組,系統、CREATOR 擁有者,以及 TrustedInstaller。The allowed principals are the local Administrators group, SYSTEM, CREATOR OWNER, and TrustedInstaller. 其他帳號或群組不允許寫入或修改權限 hotfix 根資料夾。Other accounts or groups are not permitted to have Write or Modify permission on the hotfix root folder.

或者,您可以停用 plug\ 中執行預設的上述檢查。Optionally, you can disable the preceding checks that the plug-in performs by default. 您可以執行下列其中一種方式:You can do this in one of two ways:

  • 如果您使用 CAU PowerShell cmdlet、已設定DisableAclChecks' true '中的引數CauPluginArguments plug\ 中的參數。If you are using the CAU PowerShell cmdlets, configure the DisableAclChecks='True' argument in the CauPluginArguments parameter for the hotfix plug-in.

  • 如果您使用 CAU UI,選取 [停用檢查 hotfix 根資料夾和設定檔系統管理員權限的選項,在更新的其他選項精靈用來設定更新執行選項] 頁面。If you are using the CAU UI, select the Disable check for administrator access to the hotfix root folder and configuration file option on the Additional Update Options page of the wizard that is used to configure Updating Run options.

不過,做為最佳做法,您的環境中,我們建議您在執行這些檢查使用預設設定。However, as a best practice in many environments, we recommend that you use the default configuration to enforce these checks.

步驟 4。Step 4. 設定 SMB 資料的完整性Configure settings for SMB data integrity

若要檢查在間叢集節點和 SMB 檔案共用資料的完整性,plug\ 中要求您可以設定 SMB SMB 登入或 SMB 加密檔案共用。To check for data integrity in the connections between the cluster nodes and the SMB file share, the hotfix plug-in requires that you enable settings on the SMB file share for SMB signing or SMB Encryption. SMB 加密,可提供提高的安全性與您的環境中更好的效能,支援 Windows Server 2012 中開始。SMB Encryption, which provides enhanced security and better performance in many environments, is supported starting in Windows Server 2012. 您可以讓下列其中一個或兩個這些設定,如下所示:You can enable either or both of these settings, as follows:

  • 若要讓 SMB 登入,查看中的程序文章 887429 Microsoft 知識庫中。To enable SMB signing, see the procedure in the article 887429 in the Microsoft Knowledge Base.

  • 若要讓 SMB 加密 SMB 共用資料夾,執行下列 PowerShell cmdlet SMB 伺服器上:To enable SMB Encryption for the SMB shared folder, run the following PowerShell cmdlet on the SMB server:

    Set-SmbShare <ShareName> -EncryptData $true  
    

    位置 <共用名稱> [SMB 共用資料夾的名稱。Where <ShareName> is the name of the SMB shared folder.

(選擇性)若要執行的連接 SMB 伺服器 SMB 加密的使用,選取 [存取 hotfix 根資料夾需要 SMB 加密選項中 CAU UI,或設定RequireSMBEncryption' true '中 plug\ 引數使用 CAU PowerShell cmdlet。Optionally, to enforce the use of SMB Encryption in the connections to the SMB server, select the Require SMB Encryption in accessing the hotfix root folder option in the CAU UI, or configure the RequireSMBEncryption='True' plug-in argument by using the CAU PowerShell cmdlets.

重要

如果您選擇使用 SMB 加密,並 hotfix 根資料夾執行並未設定為使用 SMB 加密的連接,在更新文字將會失敗。If you select the option to enforce the use of SMB Encryption, and the hotfix root folder is not configured for connections that use SMB Encryption, the Updating Run will fail.

步驟 5。Step 5. 讓 Windows 防火牆 SMB 伺服器規則Enable a Windows Firewall rule on the SMB server

您必須支援檔案 Server 的遠端管理 (SMB-in)中的規則 Windows 防火牆 SMB 檔案伺服器上。You must enable the File Server Remote Management (SMB-in) rule in Windows Firewall on the SMB file server. 這是在 Windows Server 2016、Windows Server 2012 R2,以及 Windows Server 2012 預設支援。This is enabled by default in Windows Server 2016, Windows Server 2012 R2, and Windows Server 2012.

也了See also