Share via

Cluster Aware Updating

Albert Pang 141 Reputation points
2026-03-19T22:25:16.0166667+00:00

Anyone have caveats for using Cluster Aware Updating ? Any issues with Windows 2016, 2019, 2022 clusters ?

https://learn.microsoft.com/en-us/windows-server/failover-clustering/cluster-aware-updating

Thanks

Windows for business | Windows Server | Storage high availability | Clustering and high availability
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. VPHAN 28,900 Reputation points Independent Advisor
    2026-03-22T07:08:54.9533333+00:00

    Hi Albert Pang,

    How is your issue going? Has it been resolved yet? If it has, please consider accepting the answer as it helps others sharing the same problem benefit too. Thank you :)

    VP

    0 comments
  2. VPHAN 28,900 Reputation points Independent Advisor
    2026-03-20T02:53:37.6166667+00:00

    Hi Albert Pang,

    Cluster-Aware Updating is highly effective for Windows Server 2016, 2019, and 2022 failover clusters, provided you carefully manage the surrounding infrastructure to prevent update conflicts. You must isolate the cluster nodes from outside patch management systems like Microsoft Endpoint Configuration Manager or Group Policy-driven Automatic Updates. Permitting external tools to trigger installations will conflict with the exclusive control CAU requires over node draining and maintenance mode. You should verify your registry settings under HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU to ensure the NoAutoUpdate value is set to 1, which prevents unplanned downtime from rogue reboots.

    If you are running Storage Spaces Direct on Server 2019 or 2022, expect significantly longer maintenance windows because CAU intentionally waits for storage resynchronization to complete after each node reboots to protect data integrity. Any underlying storage latency or degraded disks will cause the update run to stall and potentially throw a timeout error code like 0x800705b4. Network configurations also frequently disrupt CAU operations if proxy settings or firewall rules are overlooked. You must ensure the system-wide proxy is configured using the netsh winhttp set proxy command, otherwise the underlying update service will fail to reach your update servers and return a 0x8024402c connection error.

    You must verify that Windows Management Instrumentation, PowerShell remoting, and Remote Shutdown firewall rules are enabled across all nodes so the CAU coordinator can orchestrate the restarts. When executing pre-update and post-update scripts, exercise extreme caution because these run directly under the local system account context. They must be hosted on a continuously available, highly secure SMB share to prevent tampering. A poorly written script that hangs or prompts for hidden user input will indefinitely pause the node update until it times out entirely.

    Hope this answer brought you some useful information. If it did, please hit “accept answer”. Should you have any questions, feel free to leave a comment.

    VP

    0 comments
  3. Q&A Assist
    2026-03-19T22:25:33.9033333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Cluster-Aware Updating (CAU) is fully supported and enhanced on Windows Server 2016, 2019, and 2022, but there are important prerequisites, best practices, and common pitfalls to be aware of.

    Key behavior and benefits

    • Automates patching of failover cluster nodes with minimal downtime by:
      • Putting each node into maintenance mode
      • Draining/moving clustered roles off the node
      • Installing updates and rebooting if needed
      • Bringing the node back and restoring roles, then moving to the next node
    • For continuously available workloads (Hyper‑V with live migration, file server with SMB Transparent Failover), CAU can update with effectively no service outage.

    Core requirements and readiness checks Before relying on CAU, validate these items (via the CAU Best Practices Analyzer / readiness tests):

    1. Cluster and management prerequisites
    • The failover cluster must be online and all nodes reachable.
    • Nodes must be enabled for remote management via WMI.
    • PowerShell must be installed and remoting enabled on all nodes; otherwise CAU self‑updating and some remote features will not work.
    1. Update source and Windows Update configuration
    • All nodes should use the same update source (WSUS, Windows Update, or Microsoft Update). Mixed sources can cause inconsistent patch levels.
    • Automatic Updates must not be configured to automatically install updates on any node. Combining CAU with automatic install can cause unplanned downtime or unpredictable results.
    1. Network, firewall, and proxy
    • A firewall rule allowing remote shutdown must be enabled on each node so CAU can restart nodes when required.
    • If a proxy is required to reach Microsoft/Windows Update, WinHTTP proxy settings must be correctly configured on every node. If no proxy is used, the related warning can be ignored.
    • Recommended proxy configuration (run elevated on each node) if needed: 
        netsh winhttp set proxy <ProxyServerFQDN>:<port> "<local>"
    1. CAU clustered role and plug‑ins (self‑updating mode)
    • For self‑updating mode, the CAU clustered role must be installed and enabled on the cluster:
      • Install: Add-CauClusterRole or use “Configure cluster self-updating options” in the CAU UI.
      • Enable: Enable-CauClusterRole if previously disabled.
    • The configured CAU plug‑in for self‑updating must be registered on all nodes, and all nodes should have the same set of registered plug‑ins. Use Register-CauPlugin where required.
    • Updating Run options and schedule must be valid; Set-CauClusterRole can be used to configure these.

    Best practices and common caveats

    1. Don’t mix CAU with other automated updaters
    • Avoid running SCCM or third‑party tools as if they were cluster‑aware. SCCM is not cluster‑aware and does not natively integrate with CAU; treat CAU and SCCM as separate processes.
    • Ensure no other mechanism is auto‑rebooting or patching nodes during CAU windows.
    1. Ensure proper sequencing and node draining
    • Use policies and scripts so that node drain/maintenance mode always precedes installing updates.
    • When scripting or integrating, use flags like -ForcePauseAndDrain to avoid updates applying before workloads are moved, which can cause outages.
    • Avoid custom pre/post‑update scripts that move resources in unsupported ways and can leave roles in a corrupted or orphaned state.
    1. Storage Spaces Direct and Windows Server 2019/2022 specifics
    • In Windows Server 2019 and later, CAU is integrated and aware of Storage Spaces Direct. It validates and ensures data resynchronization completes on each node and inspects updates to restart only when necessary.
    • This integration is a benefit, but it also means storage health and resync must be clean before and during updating; unresolved storage/network issues will cause CAU runs to fail or stall.
    1. Security, AV, and hotfix distribution
    • If using the Microsoft.HotfixPlugin:
      • Restrict write access on the hotfix root folder and configuration file to local administrators only.
      • Use SMB Encryption (or at least SMB signing) on the share hosting hotfixes to protect data integrity.
    • Ensure antivirus products are cluster‑aware and do not interfere with C:\Windows\Cluster, CSVs, or CAU operations. Non‑cluster‑aware AV can cause cluster and CAU issues.
    1. Proxy and script security
    • When using scripts (pre/post‑update) from network shares, set appropriate permissions to prevent tampering.
    • Configure WinHTTP proxy correctly on all nodes if required; misconfigured proxy can prevent nodes from reaching the update source and cause CAU runs to fail.
    1. Scheduling and operational caveats
    • Do not schedule password changes for cluster name objects or virtual computer objects during CAU maintenance windows; this can interfere with CAU runs.
    • For Azure‑aware clusters (Windows Server 2019+), CAU benefits from Azure‑aware clustering behavior (proactive failover, planned maintenance awareness), but still depends on healthy networking and storage.
    1. Handling warnings about CAU resources
    • CAU resources may appear offline when not actively running an update. This is expected and typically shows as a validation warning rather than a failure.

    Troubleshooting patterns

    • Use Test-Cluster to validate cluster health before enabling or running CAU.
    • If CAU runs fail:
      • Check WMI/PowerShell remoting, firewall, and proxy configuration.
      • Confirm all nodes see the same update source and have identical CAU plug‑ins registered.
      • Review cluster and CAU logs for node drain failures, storage/network errors, or driver issues.

    In summary, CAU works well on Windows Server 2016, 2019, and 2022 when the cluster is healthy, remote management is correctly configured, all nodes share the same update source and plug‑ins, and no competing update mechanisms or AV/network misconfigurations interfere with the process.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.