ISO Slipstreamed with 2023-03 ServicingStack and CU does not show patches were applied.

Paul Manno 0 Reputation points
2023-03-22T17:25:42.6033333+00:00

Hello,

I have been creating slipstreamed ISOs for a year now using a powershell script to add the msu's into the install.wim. No problems at all up until this most recent servicing stack and cumulative update. For some reason this latest one just won't install for me and VMs created from the ISO are coming up as missing the patches. Here is the code block I use to add the package into the install.wim. I thought maybe the /cleanup-image /resetbase was causing the problem so I tried it both with and without that step (which is why it is commented in my code paste below).

I am using InsightVM and Ivanti to scan the VMs I create and let me know if the patches are seen. Every VM I have created in this way has come up with zero vulns, but this month it's completely missing the SS and CU. I don't know if it's something to do with the age of the Windows 2016 version I'm running or what. Please advise.

Product Level:

Windows Server 2016 Standard 1607

I start with this ISO: 

SW_DVD9_Win_Server_STD_CORE_2016_64Bit_English_-4_DC_STD_MLF_X21-70526.ISO

Download SS and CU from here:

$ServicingStackURL = "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2023/03/windows10.0-kb5023788-x64_33ea5888c89d2888b845cf02e8d3950d13d1d1f9.msu",

$CumulativeUpdateURL = "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2023/03/windows10.0-kb5023697-x64_0cde92f5aaba06c1a1bfd64615010c90180dcb86.msu",

I extract the iso and mount up each index and apply patches in this for loop. Again.. this has been working perfectly for a year now.


for ($i = 1; $i -le 4; $i++){    
  Write-Host "adding pvscsi and servicingstack/cumulative update to install.wim for index $i"    
  Mount-WindowsImage -ImagePath $installWimPath -Path $tempPath\buildcustomiso\wimmount -Index $i
  Add-WindowsDriver -Path $tempPath\buildcustomiso\wimmount -Driver $pvscsiDriverPath
  Add-WindowsDriver -Path $tempPath\buildcustomiso\wimmount -Driver $tempPath\buildcustomiso\basefiles\vmxnet -Recurse
  Add-WindowsPackage -Path $tempPath\buildcustomiso\wimmount -PackagePath $ServicingStackPath
  Add-WindowsPackage -Path $tempPath\buildcustomiso\wimmount -PackagePath $CumulativeUpdatePath

# This should output the packages we installed.
  dism /Get-Packages /image:"$tempPath\buildcustomiso\wimmount"
  #dism /image:"$tempPath\buildcustomiso\wimmount" /Cleanup-Image /StartComponentCleanup /ResetBase
  dism /unmount-wim /mountdir:"$tempPath\buildcustomiso\wimmount" /commit /checkintegrity
}
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,368 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 43,931 Reputation points
    2023-03-23T16:37:13.4533333+00:00

    Hi,

    I'd be happy to help you out with your question. Sorry for the inconvenience caused.

    Based on the information you provided, it is possible that the issue you are experiencing is related to the age of the Windows Server 2016 version you are using or the PowerShell script you are using to create the slipstreamed ISO.

    To troubleshoot the issue, I would suggest the following:

    1. Check the Windows Update logs on the VMs to see if there are any errors or warnings related to the installation of the updates. This may help you identify any specific issues that are preventing the updates from being installed.
    2. Try creating a slipstreamed ISO using a different ISO file or a newer version of the Windows Server 2016 ISO to see if the issue persists. This may help you determine if the issue is related to the ISO file you are using.
    3. Instead of using the PowerShell script to add the updates to the install.wim file, you can use the Deployment Image Servicing and Management (DISM) tool to apply updates directly to the mounted image. This may help you identify any issues with the PowerShell script or the slipstreaming process.

    Few more things to consider are :-

    1. Check network connectivity: Ensure that the server has proper network connectivity to download and install updates. You can use PowerShell cmdlets like Test-NetConnection to diagnose routing and connectivity issues.
    2. Check system resources: Verify that there is enough disk space, memory, and CPU available on the server to install updates. If necessary, increase these resources.
    3. Check for errors in logs: Review event logs and other system logs for any errors or warnings related to installing updates.
    4. Run SFC and DISM utilities: Administrators can diagnose and treat a buggy server operating system by using the Windows SFC (System File Checker) and DISM (Deployment Image Servicing and Management) utilities for image analysis and repairs.
    5. Collect packet capture: Collect a standard packet capture using tools like Wireshark or Microsoft Network Monitor to identify any network-related issues.

    For more Information, Please refer to following resources :-

    1. Troubleshooting Windows Server - https://learn.microsoft.com/windows-server/troubleshoot/windows-server-troubleshooting
    2. Advanced Troubleshooting Server Message Block (SMB) - https://learn.microsoft.com/windows-server/storage/file-server/troubleshoot/troubleshooting-smb

    If you have any other questions or need assistance with anything, please don't hesitate to let me know. I'm here to help.

    If the reply was helpful, please don’t forget to upvote or accept as answer, thank you.

    0 comments
  2. Paul Manno 0 Reputation points
    2023-04-12T15:04:36.3033333+00:00

    Tried my script again with this month's CU (2023-04) and everything worked again. Must have been a glitch with the 2023-03 CU.

    0 comments