叢集更新需求與最佳做法Cluster-Aware Updating requirements and best practices

適用於:Windows Server(以每年次管道)、Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies to: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

本節需求和相依性會需要使用更新叢集(CAU) 上執行 Windows Server 容錯移轉叢集套用更新。This section describes the requirements and dependencies that are needed to use Cluster-Aware Updating (CAU) to apply updates to a failover cluster running Windows Server.

注意

您可能需要獨立驗證叢集環境可套用更新,如果您不使用 plug\ 在Microsoft.WindowsUpdatePluginYou may need to independently validate that your cluster environment is ready to apply updates if you use a plug-in other than Microsoft.WindowsUpdatePlugin. 如果您使用 non\ Microsoft plug\ 中,與發行者連絡的詳細資訊。If you are using a non-Microsoft plug-in, contact the publisher for more information. 如需 plug\ 集的詳細資訊,請查看Plug\ 集的運作方式For more information about plug-ins, see How Plug-ins Work.

安裝容錯功能與容錯移轉叢集工具Install the Failover Clustering feature and the Failover Clustering Tools

CAU 需要安裝容錯功能和容錯移轉叢集工具。CAU requires an installation of the Failover Clustering feature and the Failover Clustering Tools. 容錯移轉叢集工具包含 CAU 工具 (clusterawareupdating.dll)、容錯 cmdlet 和 CAU 作業需要其他元件。The Failover Clustering Tools include the CAU tools (clusterawareupdating.dll), the Failover Clustering cmdlets, and other components needed for CAU operations. 步驟以安裝容錯功能,請查看安裝容錯移轉叢集功能與工具For steps to install the Failover Clustering feature, see Installing the Failover Clustering Feature and Tools.

CAU 是否為容錯移轉叢集上叢集角色座標更新而定容錯移轉叢集工具的確切安裝需求 \(透過 self\ 更新 mode\)或從遠端電腦。The exact installation requirements for the Failover Clustering Tools depend on whether CAU coordinates updates as a clustered role on the failover cluster (by using self-updating mode) or from a remote computer. CAU self\ 更新模式此外需要安裝 CAU 叢集角色容錯移轉叢集上使用 CAU 工具。The self-updating mode of CAU additionally requires the installation of the CAU clustered role on the failover cluster by using the CAU tools.

下表摘要兩種更新 CAU 模式 CAU 功能安裝需求。The following table summarizes the CAU feature installation requirements for the two CAU updating modes.

安裝的元件Installed component Self\ 更新模式Self-updating mode Remote\ 更新模式Remote-updating mode
容錯功能Failover Clustering feature 所需的所有叢集節點Required on all cluster nodes 所需的所有叢集節點Required on all cluster nodes
容錯移轉叢集工具Failover Clustering Tools 所需的所有叢集節點Required on all cluster nodes 必要 remote\ 更新電腦上- Required on remote-updating computer
-所需的所有叢集節點上執行儲存-CauDebugTrace cmdlet- Required on all cluster nodes to run the Save-CauDebugTrace cmdlet
CAU 叢集的角色CAU clustered role 需要Required 不需要Not required

取得管理員Obtain an administrator account

下列系統管理員需求,都是為了使用 CAU 功能。The following administrator requirements are necessary to use CAU features.

  • 預覽,或使用 CAU 使用者介面套用更新動作 (UI) 或 cmdlet 叢集更新,您必須使用核對的所有叢集節點都具有本機系統管理員權限。To preview or apply update actions by using the CAU user interface (UI) or the Cluster-Aware Updating cmdlets, you must use a domain account that has local administrator rights and permissions on all the cluster nodes. 如果 account 不會在每個節點具有不足的權限,您會提示叢集更新視窗中提供必要的認證,當您在執行這些動作。If the account doesn't have sufficient privileges on every node, you are prompted in the Cluster-Aware Updating window to supply the necessary credentials when you perform these actions. 使用更新叢集cmdlet,您可以做為 cmdlet 參數提供必要的認證。To use the Cluster-Aware Updating cmdlets, you can supply the necessary credentials as a cmdlet parameter.

  • 如果您使用 account 不會有本機系統管理員權限與權限叢集節點上登入 CAU 使用 remote\ 更新模式中,您必須 CAU 工具系統管理員身分執行使用本機系統管理員 account 更新協調器在電腦上,或使用 account 的後驗證模擬 client使用者權利。If you use CAU in remote-updating mode when you are signed in with an account that doesn't have local administrator rights and permissions on the cluster nodes, you must run the CAU tools as an administrator by using a local administrator account on the Update Coordinator computer, or by using an account that has the Impersonate a client after authentication user right.

  • 若要執行 CAU 最佳做法分析,您必須使用 account 叢集節點上的系統管理員權限,以及用來執行的電腦上的本機系統管理員權限的測試-CauSetup cmdlet 或分析叢集更新整備使用叢集更新視窗。To run the CAU Best Practices Analyzer, you must use an account that has administrative privileges on the cluster nodes and local administrative privileges on the computer that is used to run the Test-CauSetup cmdlet or to analyze cluster updating readiness using the Cluster-Aware Updating window. 如需詳細資訊,請查看更新整備測試叢集For more information, see Test cluster updating readiness.

請確認叢集設定Verify the cluster configuration

以下是使用 CAU 支援更新容錯移轉叢集一般需求。The following are general requirements for a failover cluster to support updates by using CAU. 節點上的遠端管理的需求額外的設定會列在設定的遠端管理節點本主題中的更新版本。Additional configuration requirements for remote management on the nodes are listed in Configure the nodes for remote management later in this topic.

  • 有仲裁,必須 online 充足的叢集節點。Sufficient cluster nodes must be online so that the cluster has quorum.

  • 所有叢集節點必須都是相同的 Active Directory domain。All cluster nodes must be in the same Active Directory domain.

  • 使用 DNS 網路,必須解析叢集名稱。The cluster name must be resolved on the network using DNS.

  • 如果 CAU 用於 remote\ 更新模式時,更新協調器的電腦必須網路連接到容錯移轉叢集節點中,並必須是相同的 Active Directory 容錯移轉叢集網域中。If CAU is used in remote-updating mode, the Update Coordinator computer must have network connectivity to the failover cluster nodes, and it must be in the same Active Directory domain as the failover cluster.

  • 叢集服務執行所有叢集節點。The Cluster service should be running on all cluster nodes. 預設所有叢集節點上已安裝這項服務,且已設定為自動 [開始]。By default this service is installed on all cluster nodes and is configured to start automatically.

  • 若要使用 PowerShell pre-更新版或更新 post\ 指令碼 CAU 更新執行時,確保所有叢集節點上已安裝的指令碼或的檔案共用高度可用的網路上存取所有節點。To use PowerShell pre-update or post-update scripts during a CAU Updating Run, ensure that the scripts are installed on all cluster nodes or that they are accessible to all nodes, for example, on a highly available network file share. 如果指令碼儲存到檔案共用網路,設定資料夾朗讀每個人的權限的群組。If scripts are saved to a network file share, configure the folder for Read permission for the Everyone group.

設定節點的遠端管理Configure the nodes for remote management

若要用於叢集更新,必須的遠端管理所有節點叢集的都設定。To use Cluster-Aware Updating, all nodes of the cluster must be configured for remote management. 根據預設,只有工作,必須執行設定節點的遠端管理是讓防火牆規則允許自動重新開機以By default, the only task you must perform to configure the nodes for remote management is to Enable a firewall rule to allow automatic restarts.

下表列出完整的遠端管理的需求,以便在您的環境出現的預設值。The following table lists the complete remote managment requirements, in case your environment diverges from the defaults.

這些需求的除了安裝需求安裝容錯功能與容錯移轉叢集工具和一般叢集需求本主題中的前一節中所述。These requirements are in addition to the installation requirements for the Install the Failover Clustering feature and the Failover Clustering Tools and the general clustering requirements that are described in previous sections in this topic.

需求Requirement 預設的狀態Default state Self\ 更新模式Self-updating mode Remote\ 更新模式Remote-updating mode
讓允許自動重新開機防火牆規則Enable a firewall rule to allow automatic restarts 停用Disabled 使用防火牆是否需要所有叢集節點Required on all cluster nodes if a firewall is in use 使用防火牆是否需要所有叢集節點Required on all cluster nodes if a firewall is in use
讓 Windows 管理檢測Enable Windows Management Instrumentation 支援Enabled 所需的所有叢集節點Required on all cluster nodes 所需的所有叢集節點Required on all cluster nodes
讓 Windows PowerShell 3.0 或 4.0 及 Windows PowerShell 遠端Enable Windows PowerShell 3.0 or 4.0 and Windows PowerShell remoting 支援Enabled 所需的所有叢集節點Required on all cluster nodes 所需的所有叢集節點執行下列動作:Required on all cluster nodes to run the following:

-儲存-CauDebugTrace cmdlet- The Save-CauDebugTrace cmdlet
-在更新執行 PowerShell pre\ 更新及更新 post\ 指令碼- PowerShell pre-update and post-update scripts during an Updating Run
-測試的更新整備使用叢集更新視窗叢集或Test-CauSetup Windows PowerShell cmdlet- Tests of cluster updating readiness using the Cluster-Aware Updating window or the Test-CauSetup Windows PowerShell cmdlet
安裝.NET Framework 4.6 或 4.5Install .NET Framework 4.6 or 4.5 支援Enabled 所需的所有叢集節點Required on all cluster nodes 所需的所有叢集節點執行下列動作:Required on all cluster nodes to run the following:

-儲存-CauDebugTrace cmdlet- The Save-CauDebugTrace cmdlet
-在更新執行 PowerShell pre\ 更新及更新 post\ 指令碼- PowerShell pre-update and post-update scripts during an Updating Run
-測試的更新整備使用叢集更新視窗叢集或Test-CauSetup Windows PowerShell cmdlet- Tests of cluster updating readiness using the Cluster-Aware Updating window or the Test-CauSetup Windows PowerShell cmdlet

讓允許自動重新開機防火牆規則Enable a firewall rule to allow automatic restarts

套用更新之後,允許自動重新開機 \(如果安裝的更新需要 restart\),如果 Windows 防火牆或 non\ Microsoft 防火牆位於叢集節點上使用,必須將防火牆規則支援下列流量一種可以讓每個節點上:To allow automatic restarts after updates are applied (if the installation of an update requires a restart), if Windows Firewall or a non-Microsoft firewall is in use on the cluster nodes, a firewall rule must be enabled on each node that allows the following traffic:

  • 通訊協定:TCPProtocol: TCP

  • 方向:輸入Direction: inbound

  • 計畫:wininit.exeProgram: wininit.exe

  • 連接埠:RPC 動態連接埠Ports: RPC Dynamic Ports

  • 個人檔案:網域Profile: Domain

如果 Windows 防火牆叢集節點上使用時,您可以藉由讓遠端關機上的每個節點叢集 Windows 防火牆規則群組。If Windows Firewall is used on the cluster nodes, you can do this by enabling the Remote Shutdown Windows Firewall rule group on each cluster node. 當您使用叢集更新視窗適用的更新,並設定 self\ 更新選項]遠端關機Windows 防火牆規則群組自動支援的每個節點叢集上。When you use the Cluster-Aware Updating window to apply updates and to configure self-updating options, the Remote Shutdown Windows Firewall rule group is automatically enabled on each cluster node.

注意

遠端關機時,它會使用群組原則」設定設定為 Windows 防火牆衝突無法功能的 Windows 防火牆規則群組。The Remote Shutdown Windows Firewall rule group cannot be enabled when it will conflict with Group Policy settings that are configured for Windows Firewall.

遠端關機防火牆規則群組也支援藉由– EnableFirewallRules參數,執行下列 CAU cmdlet 時:新增-CauClusterRole叫用-CauRun,和SetCauClusterRoleThe Remote Shutdown firewall rule group is also enabled by specifying the –EnableFirewallRules parameter when running the following CAU cmdlets: Add-CauClusterRole, Invoke-CauRun, and SetCauClusterRole.

下列 PowerShell 範例另一種方法來讓叢集節點上的自動重新開機。The following PowerShell example shows an additional method to enable automatic restarts on a cluster node.

Set-NetFirewallRule -Group "@firewallapi.dll,-36751" -Profile Domain -Enabled true  

讓 Windows 管理檢測 (WMI)Enable Windows Management Instrumentation (WMI)

使用 Windows 管理檢測 (WMI) 的遠端管理所有叢集節點必須都設定。All cluster nodes must be configured for remote management using Windows Management Instrumentation (WMI). 這是預設支援。This is enabled by default.

若要手動讓遠端管理,執行下列動作:To manually enable remote management, do the following:

  1. [服務] 主控台,在 [開始] Windows 遠端管理服務,並為開機輸入自動In the Services console, start the Windows Remote Management service and set the startup type to Automatic.

  2. 執行設定為 WSManQuickConfig cmdlet 或從提升權限的命令的執行下列命令提示:Run the Set-WSManQuickConfig cmdlet, or run the following command from an elevated command prompt:

    winrm quickconfig -q  
    

請支援 WMI 遠端,如果 Windows 防火牆位於叢集節點上使用,輸入的防火牆規則適用於Windows 遠端管理 (HTTP-In)必須將在每個節點支援。To support WMI remoting, if Windows Firewall is in use on the cluster nodes, the inbound firewall rule for Windows Remote Management (HTTP-In) must be enabled on each node. 根據預設,被讓本規則。By default, this rule is enabled.

讓 Windows PowerShell 及 Windows PowerShell 遠端Enable Windows PowerShell and Windows PowerShell remoting

若要讓 self\ 更新模式和 remote\ 更新模式中的特定 CAU 功能,必須安裝和連接到執行遠端命令所有叢集節點 PowerShell。To enable self-updating mode and certain CAU features in remote-updating mode, PowerShell must be installed and enabled to run remote commands on all cluster nodes. 根據預設,PowerShell 是安裝及遠端支援。By default, PowerShell is installed and enabled for remoting.

若要讓遠端 PowerShell,使用下列其中一個下列方法:To enable PowerShell remoting, use one of the following methods:

  • 執行讓-PSRemoting cmdlet。Run the Enable-PSRemoting cmdlet.

  • 設定適用於 Windows 遠端管理 (WinRM) domain\ 層級群組原則設定。Configure a domain-level Group Policy setting for Windows Remote Management (WinRM).

如需關於遠端 PowerShell 的詳細資訊,請查看about_Remote_RequirementsFor more information about enabling PowerShell remoting, see about_Remote_Requirements.

安裝.NET Framework 4.6 或 4.5Install .NET Framework 4.6 or 4.5

為了讓 self\ 更新模式和 remote\ 更新模式、.NET Framework 4.6、或(在 Windows Server 2012 R2) 上的.NET Framework 4.5 特定 CAU 功能必須安裝所有叢集節點。To enable self-updating mode and certain CAU features in remote-updating mode,.NET Framework 4.6, or .NET Framework 4.5 (on Windows Server 2012 R2) must be installed on all cluster nodes. 根據預設,安裝 NET Framework。By default, NET Framework is installed.

若要安裝.NET Framework 4.6(或 4.5)使用 PowerShell 尚未安裝,請使用下列命令:To install .NET Framework 4.6 (or 4.5) using PowerShell if it's not already installed, use the following command:

Install-WindowsFeature -Name NET-Framework-45-Core

最好的作法建議使用叢集更新Best practices recommendations for using Cluster-Aware Updating

建議套用 Microsoft 更新Recommendations for applying Microsoft updates

我們建議,當您開始使用 CAU 套用預設值的更新Microsoft.WindowsUpdatePlugin plug\ 中叢集上,您停止使用其他方法叢集節點上安裝來自 Microsoft 的軟體更新。We recommend that when you begin to use CAU to apply updates with the default Microsoft.WindowsUpdatePlugin plug-in on a cluster, you stop using other methods to install software updates from Microsoft on the cluster nodes.

警告

使用方法的自動更新個人節點結合 CAU \(修正的時間 schedule) 可能會造成無法預期的結果,服務與計畫的中斷包括被迫中斷作業。Combining CAU with methods that update individual nodes automatically (on a fixed time schedule) can cause unpredictable results, including interruptions in service and unplanned downtime.

我們建議您依照下列指導方針操作︰We recommend that you follow these guidelines:

  • 為了獲得最佳的結果,建議您停用設定為自動更新,叢集節點,例如透過 [設定自動更新使用群組原則設定的設定或 [控制台] 中。For optimal results, we recommend that you disable settings on the cluster nodes for automatic updating, for example, through the Automatic Updates settings in Control Panel, or in settings that are configured using Group Policy.

    警告

    自動安裝更新叢集節點上可能會干擾安裝的更新,CAU,可能會造成 CAU 失敗。Automatic installation of updates on the cluster nodes can interfere with installation of updates by CAU and can cause CAU failures.

    如果需要下列設定自動更新的相容 CAU,因為系統管理員可以控制更新的安裝時間:If they are needed, the following Automatic Updates settings are compatible with CAU, because the administrator can control the timing of update installation:

    • 設定之前先下載更新通知通知安裝之前Settings to notify before downloading updates and to notify before installation

    • 設定為自動下載更新,以及通知安裝之前Settings to automatically download updates and to notify before installation

    不過,如果自動更新會下載更新為 CAU 更新執行一次更新執行可能需要較長的時間來完成。However, if Automatic Updates is downloading updates at the same time as a CAU Updating Run, the Updating Run might take longer to complete.

  • 例如,Windows Server Update Services (WSUS) 套用自動更新不設定更新系統 \(上修正的時間 schedule) 叢集節點。Do not configure an update system such as Windows Server Update Services (WSUS) to apply updates automatically (on a fixed time schedule) to cluster nodes.

  • 若要使用的相同更新的來源,例如 WSUS 伺服器、Windows Update,或 Microsoft Update 所有叢集節點應該而言都設定。All cluster nodes should be uniformly configured to use the same update source, for example, a WSUS server, Windows Update, or Microsoft Update.

  • 如果您使用的組態管理系統適用的軟體更新到網路上的電腦,請叢集節點排除所有所需或 [自動更新。If you use a configuration management system to apply software updates to computers on the network, exclude cluster nodes from all required or automatic updates. 組態管理系統範例包括 Microsoft System Center Configuration Manager 2007 與 Microsoft System Center 一樣管理員 2008 年。Examples of configuration management systems include Microsoft System Center Configuration Manager 2007 and Microsoft System Center Virtual Machine Manager 2008.

  • 如果內部軟體 distribution 伺服器 \ (例如,WSUS servers) 用來包含和部署更新,請確定那些伺服器正確找出叢集節點核准的更新。If internal software distribution servers (for example, WSUS servers) are used to contain and deploy the updates, ensure that those servers correctly identify the approved updates for the cluster nodes.

適用於 Microsoft 分公司案例更新Apply Microsoft updates in branch office scenarios

若要下載 Microsoft update 來自 Microsoft 的更新或 Windows 更新,叢集節點特定分公司案例中,您可能需要在每個節點設定本機系統帳號 proxy 設定。To download Microsoft updates from Microsoft Update or Windows Update to cluster nodes in certain branch office scenarios, you may need to configure proxy settings for the Local System account on each node. 例如,您可能需要執行此動作,如果您的分支 office 叢集存取 Microsoft Update 或 Windows Update 使用本機 proxy 伺服器以下載更新。For example, you might need to do this if your branch office clusters access Microsoft Update or Windows Update to download updates by using a local proxy server.

如有需要,設定 WinHTTP proxy 指定本機 proxy 伺服器,並設定本機位址例外每個節點上 \(也就是本機 addresses\ 略過清單)。If necessary, configure WinHTTP proxy settings on each node to specify a local proxy server and configure local address exceptions (that is, a bypass list for local addresses). 若要這樣做,您可以從提升權限的命令提示字元中每個叢集節點上執行下列命令:To do this, you can run the following command on each cluster node from an elevated command prompt:

netsh winhttp set proxy <ProxyServerFQDN >:<port> "<local>"  

位置 <ProxyServerFQDN> proxy 伺服器的完整的網域名稱和 <連接埠> 是要通訊的連接埠(通常是連接埠 443)。where <ProxyServerFQDN> is the fully qualified domain name for the proxy server and <port> is the port over which to communicate (usually port 443).

例如,若要設定 WinHTTP proxy 本機系統 account 指定的 proxy 伺服器設定MyProxy.CONTOSO.com、連接埠 443 與當地的地址例外,輸入下列命令:For example, to configure WinHTTP proxy settings for the Local System account specifying the proxy server MyProxy.CONTOSO.com, with port 443 and local address exceptions, type the following command:

netsh winhttp set proxy MyProxy.CONTOSO.com:443 "<local>"  

建議使用 Microsoft.HotfixPluginRecommendations for using the Microsoft.HotfixPlugin

  • 我們建議您設定的權限 hotfix 根資料夾只本機系統管理員用來儲存這些檔案的電腦上限制存取寫入 hotfix 設定檔中。We recommend that you configure permissions in the hotfix root folder and hotfix configuration file to restrict Write access to only local administrators on the computers that are used to store these files. 這可協助防止竄改未經授權的使用者危及容錯移轉叢集的功能,在套用 hotfix 時,這些檔案。This helps prevent tampering with these files by unauthorized users that could compromise the functionality of the failover cluster when hotfixes are applied.

  • 為了確保用於存取 hotfix 根資料夾伺服器訊息區塊 (SMB) 連接的資料的完整性,您應該在 SMB 共用資料夾中,設定 SMB 加密是否可以將其設定。To help ensure data integrity for the server message block (SMB) connections that are used to access the hotfix root folder, you should configure SMB Encryption in the SMB shared folder, if it is possible to configure it. Microsoft.HotfixPlugin需要 SMB 登入或 SMB 加密設定可協助您確保資料的完整性 SMB 連接。The Microsoft.HotfixPlugin requires that SMB signing or SMB Encryption is configured to help ensure data integrity for the SMB connections.

    如需詳細資訊,請查看限制存取的 hotfix 根資料夾和 hotfix 設定檔以For more information, see Restrict access to the hotfix root folder and hotfix configuration file.

其他建議Additional recommendations

  • 若要避免干擾 CAU 更新執行排定可能會在此同時,不要期間維護 windows 排程叢集名稱與 virtual 電腦物件的變更密碼。To avoid interfering with a CAU Updating Run that may be scheduled at the same time, do not schedule password changes for cluster name objects and virtual computer objects during scheduled maintenance windows.

  • 您應該設定 pre\ 更新及更新 post\ 指令碼未經授權的使用者會儲存在網路共用資料夾,以避免潛在竄改這些檔案上的適當權限。You should set appropriate permissions on pre-update and post-update scripts that are saved on network shared folders to prevent potential tampering with these files by unauthorized users.

  • 若要設定 CAU self\ 更新模式,virtual 電腦物件必須在 Active Directory 中建立 (VCO) CAU 叢集角色。To configure CAU in self-updating mode, a virtual computer object (VCO) for the CAU clustered role must be created in Active Directory. CAU 可以建立此物件會自動新增 CAU 叢集的角色,同時容錯移轉叢集有不足權限。CAU can create this object automatically at the time that the CAU clustered role is added, if the failover cluster has sufficient permissions. 不過,某些組織的安全性原則,因為它可能需要在 Active Directory 物件預先分段準備。However, because of the security policies in certain organizations, it may be necessary to prestage the object in Active Directory. 若要這樣做為程序,請查看步驟預先設置負責叢集角色For a procedure to do this, see Steps for prestaging an account for a clustered role.

  • 要儲存的容錯上重複使用更新執行設定類似更新需求 IT 組織中,您可以建立更新執行設定檔。To save and reuse Updating Run settings across failover clusters with similar updating needs in the IT organization, you can create Updating Run Profiles. 此外,根據更新模式中,您可以儲存及管理更新執行設定檔上的所有更新協調器的遠端電腦或容錯可以存取檔案共用。Additionally, depending on the updating mode, you can save and manage the Updating Run Profiles on a file share that is accessible to all remote Update Coordinator computers or failover clusters. 如需詳細資訊,請查看進階選項],然後 CAU 對更新執行設定檔For more information, see Advanced Options and Updating Run Profiles for CAU.

更新整備測試叢集Test cluster updating readiness

您可以在執行測試是否容錯移轉叢集 CAU 最佳做法分析 (BPA) 型號和網路環境符合許多套用 CAU 的軟體更新的需求。You can run the CAU Best Practices Analyzer (BPA) model to test whether a failover cluster and the network environment meet many of the requirements to have software updates applied by CAU. 許多測試核取 [使用預設值 plug\ 在套用 Microsoft 更新整備的環境Microsoft.WindowsUpdatePluginMany of the tests check the environment for readiness to apply Microsoft updates by using the default plug-in, Microsoft.WindowsUpdatePlugin.

注意

您可能需要獨立驗證您的環境叢集可套用軟體的更新以外 plug\ 中使用Microsoft.WindowsUpdatePluginYou might need to independently validate that your cluster environment is ready to apply software updates by using a plug-in other than Microsoft.WindowsUpdatePlugin. 如果您使用 non\ Microsoft plug\ 中,例如您的硬體製造商所提供的其中一個,請發行者連絡的詳細資訊。If you are using a non-Microsoft plug-in, such as one provided by your hardware manufacturer, contact the publisher for more information.

您可以執行 BPA 下列兩方面:You can run the BPA in the following two ways:

  1. 選取 [更新整備分析叢集中 CAU 主機。Select Analyze cluster updating readiness in the CAU console. BPA 完成整備測試之後,就會出現測試報告。After the BPA completes the readiness tests, a test report appears. 如果叢集節點上偵測到問題的特定問題與節點出現問題的位置都會,因此您可能需要修正的動作。If issues are detected on cluster nodes, the specific issues and the nodes where the issues appear are identified so that you can take corrective action. 測試可能需要幾分鐘的時間來完成。The tests can take several minutes to complete.

  2. 執行測試-CauSetup cmdlet。Run the Test-CauSetup cmdlet. 您可以執行 cmdlet 在本機或遠端電腦已安裝容錯移轉叢集模組適用於 Windows PowerShell(容錯移轉叢集工具的一部分)。You can run the cmdlet on a local or remote computer on which the Failover Clustering Module for Windows PowerShell (part of the Failover Clustering Tools) is installed. 您也可以執行 cmdlet 容錯移轉叢集節點上。You can also run the cmdlet on a node of the failover cluster.

注意

  • 您必須使用帳號叢集節點上的系統管理員權限和本機系統管理員權限,用來執行的電腦上的Test-CauSetup cmdlet 或分析叢集更新整備使用叢集更新視窗。You must use an account that has administrative privileges on the cluster nodes and local administrative privileges on the computer that is used to run the Test-CauSetup cmdlet or to analyze cluster updating readiness using the Cluster-Aware Updating window. 若要執行使用叢集更新視窗的測試,您必須必要的認證的電腦登入。To run the tests using the Cluster-Aware Updating window, you must be logged on to the computer with the necessary credentials.
  • 測試假設,CAU 工具,可用來預覽和適用的軟體更新執行相同的電腦,並使用的相同使用者認證為用來測試叢集更新整備。The tests assume that the CAU tools that are used to preview and apply software updates run from the same computer and with the same user credentials as are used to test cluster updating readiness.

重要

建議您測試的更新整備下列情形叢集︰We highly recommend that you test the cluster for updating readiness in the following situations:

  • 使用第一次 CAU 套用軟體更新。Before you use CAU for the first time to apply software updates.
  • 之後將節點新增至叢集或執行叢集需要執行驗證叢集精靈中的其他硬體變更。After you add a node to the cluster or perform other hardware changes in the cluster that require running the Validate a Cluster Wizard.
  • 在您變更更新的來源,或變更更新設定之後 (other than CAU),可能會影響更新節點上的應用程式。After you change an update source, or change update settings or configurations (other than CAU) that can affect the application of updates on the nodes.

用於叢集更新整備測試Tests for cluster updating readiness

下表列出叢集更新整備測試、一些常見的問題,以及解析度步驟。The following table lists the cluster updating readiness tests, some common issues, and resolution steps.

測試Test 可能的問題與影響Possible issues and impacts 解析度步驟Resolution steps
容錯移轉叢集必須使用The failover cluster must be available 無法解析容錯移轉叢集名稱或一或多個叢集節點無法存取。Cannot resolve the failover cluster name, or one or more cluster nodes cannot be accessed. BPA 無法執行叢集整備測試。The BPA cannot run the cluster readiness tests. -檢查指定期間執行 BPA 叢集的名稱。- Check the spelling of the name of the cluster specified during the BPA run.
為確保叢集的所有節點 online 和執行。- Ensure that all nodes of the cluster are online and running.
-查看的驗證設定精靈可以順利執行容錯移轉叢集上。- Check that the Validate a Configuration Wizard can successfully run on the failover cluster.
必須能透過 WMI 的遠端管理支援容錯移轉叢集節點The failover cluster nodes must be enabled for remote management via WMI 一或多個容錯移轉叢集節點不是藉由 Windows 管理檢測 (WMI) 支援的遠端管理。One or more failover cluster nodes are not enabled for remote management by using Windows Management Instrumentation (WMI). 如果未的遠端管理設定節點 CAU 無法更新叢集節點。CAU cannot update the cluster nodes if the nodes are not configured for remote management. 請確定所有容錯移轉叢集節點才透過 WMI 的遠端管理。Ensure that all failover cluster nodes are enabled for remote management through WMI. 如需詳細資訊,請查看設定的遠端管理節點本主題中。For more information, see Configure the nodes for remote management in this topic.
遠端 PowerShell 應該會在每個容錯移轉叢集節點支援PowerShell remoting should be enabled on each failover cluster node PowerShell 無法安裝或上一個或多個容錯移轉叢集節點遠端不支援。PowerShell isn't installed or isn't enabled for remoting on one or more failover cluster nodes. CAU 無法 self\ 更新模式設定,或使用某些功能 remote\ 更新模式。CAU cannot be configured for self-updating mode or use certain features in remote-updating mode. 確定已安裝所有叢集節點 PowerShell,並遠端支援。Ensure that PowerShell is installed on all cluster nodes and is enabled for remoting.

如需詳細資訊,請查看設定的遠端管理節點本主題中。For more information, see Configure the nodes for remote management in this topic.
容錯移轉叢集版本Failover cluster version Windows Server 2016、Windows Server 2012 R2 或 Windows Server 2012 中容錯移轉叢集一或多個節點不會執行。One or more nodes in the failover cluster don't run Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012. CAU 無法更新容錯移轉叢集。CAU cannot update the failover cluster. 確認已在 Windows Server 2016、Windows Server 2012 R2 或 Windows Server 2012 執行期間執行 BPA 指定容錯移轉叢集。Verify that the failover cluster that is specified during the BPA run is running Windows Server 2016, Windows Server 2012 R2, or Windows Server 2012.

如需詳細資訊,請查看確認叢集設定本主題中。For more information, see Verify the cluster configuration in this topic.
所有容錯移轉叢集節點必須安裝所需的版本的.NET Framework 及 Windows PowerShellThe required versions of .NET Framework and Windows PowerShell must be installed on all failover cluster nodes .NET framework 4.6、4.5 或 Windows PowerShell 尚未安裝一或多個叢集節點上。.NET Framework 4.6, 4.5 or Windows PowerShell isn't installed on one or more cluster nodes. 某些 CAU 功能可能無法運作。Some CAU features might not work. 如果需要的話,請確定.NET Framework 4.6 或 4.5 及 Windows PowerShell 安裝所有叢集節點上。Ensure that .NET Framework 4.6 or 4.5 and Windows PowerShell are installed on all cluster nodes, if they are required.

如需詳細資訊,請查看設定的遠端管理節點本主題中。For more information, see Configure the nodes for remote management in this topic.
叢集服務執行所有叢集節點The Cluster service should be running on all cluster nodes 叢集服務不一或多個節點上執行。The Cluster service is not running on one or more nodes. CAU 無法更新容錯移轉叢集。CAU cannot update the failover cluster. -確保叢集服務 (clussvc) 開始叢集,在所有節點上並設定為自動開始。- Ensure that the Cluster service (clussvc) is started on all nodes in the cluster, and it is configured to start automatically.
-查看的驗證設定精靈可以順利執行容錯移轉叢集上。- Check that the Validate a Configuration Wizard can successfully run on the failover cluster.

如需詳細資訊,請查看確認叢集設定本主題中。For more information, see Verify the cluster configuration in this topic.
自動更新不必須設定為自動安裝更新的任何錯誤後移轉叢集節點Automatic Updates must not be configured to automatically install updates on any failover cluster node 在至少一個錯誤後移轉叢集] 節點,自動更新被設定為自動安裝該節點 Microsoft update。On at least one failover cluster node, Automatic Updates is configured to automatically install Microsoft updates on that node. 與其他更新程式方法結合 CAU 可能會導致未計畫當機或無法預期的結果。Combining CAU with other update methods can result in unplanned downtime or unpredictable results. 如果 Windows Update 功能一或多個叢集節點上設定自動更新,請確定未自動更新設定為自動安裝更新。If Windows Update functionality is configured for Automatic Updates on one or more cluster nodes, ensure that Automatic Updates is not configured to automatically install updates.

如需詳細資訊,請查看適用於套用更新 Microsoft 建議For more information, see Recommendations for applying Microsoft updates.
容錯移轉叢集節點應該使用的相同更新的來源The failover cluster nodes should use the same update source 容錯移轉叢集節點一或多個更新的來源使用 Microsoft 更新中的其餘部分節點不同的設定。One or more failover cluster nodes are configured to use an update source for Microsoft updates that is different from the rest of the nodes. 更新可能不會套用而言叢集節點上的 CAU。Updates might not be applied uniformly on the cluster nodes by CAU. 確定要使用的相同更新的來源,例如 WSUS 伺服器、Windows Update,或 Microsoft Update 設定的每個節點叢集。Ensure that every cluster node is configured to use the same update source, for example, a WSUS server, Windows Update, or Microsoft Update.

如需詳細資訊,請查看適用於套用更新 Microsoft 建議For more information, see Recommendations for applying Microsoft updates.
應該會容錯移轉叢集中每個節點上支援,可讓遠端關機防火牆規則A firewall rule that allows remote shutdown should be enabled on each node in the failover cluster 一或多個容錯移轉叢集節點不需要防火牆規則支援,可讓遠端關機,或群組原則設定可防止此規則會支援。One or more failover cluster nodes do not have a firewall rule enabled that allows remote shutdown, or a Group Policy setting prevents this rule from being enabled. 更新執行適用於需要重新節點自動更新,可能無法完成正常運作。An Updating Run that applies updates that require restarting the nodes automatically might not complete properly. 如果 Windows 防火牆或 non\ Microsoft 防火牆位於叢集節點上使用,設定,可讓遠端關機防火牆規則。If Windows Firewall or a non-Microsoft firewall is in use on the cluster nodes, configure a firewall rule that allows remote shutdown.

如需詳細資訊,請查看讓防火牆規則允許自動重新開機以本主題中。For more information, see Enable a firewall rule to allow automatic restarts in this topic.
每個容錯移轉叢集節點上的 proxy 伺服器設定應設本機 proxy 伺服器The proxy server setting on each failover cluster node should be set to a local proxy server 一或多個錯誤後移轉叢集節點具有正確的 proxy 伺服器設定。One or more failover cluster nodes have an incorrect proxy server configuration.

如果使用本機 proxy 伺服器,每個節點上的 proxy 伺服器設定必須設定正確叢集存取 Microsoft 更新或 Windows 更新。If a local proxy server is in use, the proxy server setting on each node must be configured properly for the cluster to access Microsoft Update or Windows Update.
確定 WinHTTP proxy 設定的每個節點叢集上設定本機 proxy 伺服器需要。Ensure that the WinHTTP proxy settings on each cluster node are set to a local proxy server if it is needed. 如果 proxy 伺服器不是在您的環境中使用,可以忽略此警告。If a proxy server is not in use in your environment, this warning can be ignored.

如需詳細資訊,請查看更新分公司案例適用於本主題中。For more information, see Apply updates in branch office scenarios in this topic.
應該安裝以便 self\ 更新模式容錯移轉叢集上 CAU 叢集的角色The CAU clustered role should be installed on the failover cluster to enable self-updating mode 這個錯誤後移轉叢集上並未安裝 CAU 叢集的角色。The CAU clustered role is not installed on this failover cluster. 用於叢集 self\ 更新需要此角色。This role is required for cluster self-updating. 若要使用 CAU self\ 更新模式,新增 CAU 叢集的角色容錯移轉叢集上的其中之一下列方式:To use CAU in self-updating mode, add the CAU clustered role on the failover cluster in one of the following ways:

-執行新增-CauClusterRole PowerShell cmdlet。- Run the Add-CauClusterRole PowerShell cmdlet.
-選取設定叢集 self\ 更新選項叢集更新視窗中的動作。- Select the Configure cluster self-updating options action in the Cluster-Aware Updating window.
CAU 叢集的角色應該容錯移轉叢集上支援,可讓 self\ 更新模式The CAU clustered role should be enabled on the failover cluster to enable self-updating mode 停用 CAU 叢集的角色。The CAU clustered role is disabled. 例如,CAU 叢集的角色尚未安裝,或已停用來使用Disable-CauClusterRole PowerShell cmdlet。For example, the CAU clustered role is not installed, or it has been disabled by using the Disable-CauClusterRole PowerShell cmdlet. 用於叢集 self\ 更新需要此角色。This role is required for cluster self-updating. 若要使用 CAU self\ 更新模式,讓 [CAU 叢集的角色此錯誤後移轉叢集上其中一個下列方式:To use CAU in self-updating mode, enable the CAU clustered role on this failover cluster in one of the following ways:

-執行讓-CauClusterRole PowerShell cmdlet。- Run the Enable-CauClusterRole PowerShell cmdlet.
-選取設定叢集 self\ 更新選項叢集更新視窗中的動作。- Select the Configure cluster self-updating options action in the Cluster-Aware Updating window.
必須將所有容錯移轉叢集節點登記設定的 CAU plug\ 單元 self\ 更新模式The configured CAU plug-in for self-updating mode must be registered on all failover cluster nodes 這個錯誤後移轉叢集一或多個節點 CAU 叢集的角色無法存取 CAU plug\ 中模組 self\ 更新選項中設定。The CAU clustered role on one or more nodes of this failover cluster cannot access the CAU plug-in module that is configured in the self-updating options. Self\ 更新執行可能會失敗。A self-updating run might fail. -確認設定的 CAU plug\ 在已安裝所有叢集節點提供 plug\ 中 CAU product 安裝程序。- Ensure that the configured CAU plug-in is installed on all cluster nodes by following the installation procedure for the product that supplies the CAU plug-in.
-執行Register-CauPlugin以 plug\ 在必要的叢集節點上登記 PowerShell cmdlet。- Run the Register-CauPlugin PowerShell cmdlet to register the plug-in on the required cluster nodes.
所有容錯移轉叢集節點應該會有相同的且已 CAU plug\ 增益集All failover cluster nodes should have the same set of registered CAU plug-ins 如果 plug\ 單元以供更新執行設定的變更,並不適用於所有叢集節點,可能會失敗 self\ 更新執行。A self-updating run might fail if the plug-in that is configured to be used in an Updating Run is changed to one that is not available on all cluster nodes. -確認設定的 CAU plug\ 在已安裝所有叢集節點提供 plug\ 中 CAU product 安裝程序。- Ensure that the configured CAU plug-in is installed on all cluster nodes by following the installation procedure for the product that supplies the CAU plug-in.
-執行Register-CauPlugin以 plug\ 在必要的叢集節點上登記 PowerShell cmdlet。- Run the Register-CauPlugin PowerShell cmdlet to register the plug-in on the required cluster nodes.
[設定] 更新執行選項必須有效The configured Updating Run options must be valid 設定的這個錯誤後移轉叢集更新執行選項與 self\ 更新排程不完整,或不正確。The self-updating schedule and Updating Run options that are configured for this failover cluster are incomplete or are not valid. Self\ 更新執行可能會失敗。A self-updating run might fail. 設定有效 self\ 更新排程和更新執行選項。Configure a valid self-updating schedule and set of Updating Run options. 例如,您可以使用Set-CauClusterRole來設定 CAU PowerShell cmdlet 叢集角色。For example, you can use the Set-CauClusterRole PowerShell cmdlet to configure the CAU clustered role.
在至少兩個容錯移轉叢集節點必須 CAU 叢集角色的擁有者At least two failover cluster nodes must be owners of the CAU clustered role 更新執行啟動 self\ 更新模式中將會失敗,因為 CAU 叢集的角色不需要移至可能的擁有者節點。An Updating Run launched in self-updating mode will fail because the CAU clustered role does not have a possible owner node to move to. 使用容錯移轉叢集工具,以確保所有叢集節點都設定為可能 CAU 擁有者叢集角色。Use the Failover Clustering Tools to ensure that all cluster nodes are configured as possible owners of the CAU clustered role. 此為預設設定。This is the default configuration.
所有容錯移轉叢集節點必須能存取 Windows PowerShell 指令碼All failover cluster nodes must be able to access Windows PowerShell scripts 並非所有可能擁有者節點 CAU 叢集角色的可以存取設定的 Windows PowerShell pre\ 更新及更新 post\ 指令碼。Not all possible owner nodes of the CAU clustered role can access the configured Windows PowerShell pre-update and post-update scripts. 將會失敗 self\ 更新執行。A self-updating run will fail. 確保所有可能擁有者節點 CAU 叢集角色的擁有權限存取設定的 PowerShell pre\ 更新及更新 post\ 指令碼。Ensure that all possible owner nodes of the CAU clustered role have permissions to access the configured PowerShell pre-update and post-update scripts.
所有容錯移轉叢集節點應該使用相同的 Windows PowerShell 指令碼All failover cluster nodes should use identical Windows PowerShell scripts 並非所有可能擁有者節點 CAU 叢集角色的使用相同的指定的 Windows PowerShell pre\ 更新和更新 post\ 指令碼。Not all possible owner nodes of the CAU clustered role use the same copy of the specified Windows PowerShell pre-update and post-update scripts. Self\ 更新執行可能會失敗,或者顯示未預期的行為。A self-updating run might fail or show unexpected behavior. 請確定 CAU 叢集角色的所有可能擁有者節點使用的相同 PowerShell pre\ 更新及更新 post\ 指令碼。Ensure that all possible owner nodes of the CAU clustered role use the same PowerShell pre-update and post-update scripts.
對更新執行指定 WarnAfter 設定應小於 StopAfter 設定The WarnAfter setting specified for the Updating Run should be less than the StopAfter setting 指定的 CAU 更新執行逾時值進行警告逾時無效。The specified CAU Updating Run timeout values make the warning timeout ineffective. 更新執行可能會之前取消可以產生警告事件登入。An Updating Run might be canceled before a warning event log can be generated. 在更新執行選項],設定WarnAfter選項,值小於StopAfter選項值。In the Updating Run options, configure a WarnAfter option value that is less than the StopAfter option value.

也了See also