How to update local source media to add roles and features

I’ve talked in the past about the new Features on Demand option in Windows 8 and Windows Server 2012.  However, let’s say you build out an image, remove some roles and features and then patch the overall install.  If you attempt to add back in roles and features previously removed, the operation will fail because it needs updated source files (RTM+patch level) to complete this operation.

My colleague Ben Herila from the Server Core team has some information about this on their team blog: https://blogs.technet.com/b/server_core/archive/2012/11/05/using-features-on-demand-with-updated-systems-and-patched-images.aspx

This post is to show you how you can update a recovery source to match that of your environment so it can successfully be used later to install roles and features.  For the purposes of this discussion, I’ll use KB2756872 (https://support.microsoft.com/kb/2756872) as most people received this package during the initial Windows 8 release.

First, you want to download the contents of the needed updated from the Microsoft Update Catalog (https://catalog.update.microsoft.com/v7/site/Home.aspx).  In this case, you’d just type in the KB number and get the following results:

image

Choose the appropriate downloads needed for your environment to a local computer, in this case we’ll use the 2012 update.  When the updates are downloaded, they will look like this in explorer.  These are the files we’ll need to use to update the source

image 

Once you have the files downloaded, mount an install.wim for the operating system you need to update as a source.  On a Windows 8 or Windows Server 2012 machine, this can all be done from an elevated command prompt using the IMAGEX commands.  In the commands below, we’ll walk through the steps to mounting the install.wim to a temporary location and updating it to be a new source directory.

Copy install.wim from DVD to a temp directory

copy d:\sources\install.wim z:\install.wim

Make a mount directory for the install.wim

mkdir c:\mountdir

Remove the Read-Only attribute from the copied file so we can modify its contents

attrib.exe -r z:\install.wim

Get index information from the WIM file so we can verify the proper source index we wish to modify

dism.exe /get-wiminfo /wimfile:z:\install.wim

Mount the ‘2’ index of install.wim to our mount location

dism.exe /mount-wim /WimFile:z:\install.wim /index:2 /mountDir:c:\mountdir

I highlighted the image index above because you’ll want to ensure you’re updating the proper index when performing these operations.  The Server WIM contains 4 indexes (typically) and indexes 2 and 4 contain the full operating system binaries where indexes 1 and 3 contain only the Server Core binaries.  We’ll also need to make sure we know which index we updated so we can later use it for adding the roles and features back to the OS.

With the WIM mounted, you’ll need to use DISM to add the package to the index you’d previously mounted.  The command for this if you’d downloaded the files above to your C:\ folder would be:

dism.exe "/Image:c:\mountdir" /Add-Package "/PackagePath:C:\2756872\Update for Windows Server 2012 (KB2756872)"

NOTE: We use the source folder for this command and not an individual MSU inside the folder

Once this step is completed, commit the changes you’ve made to the WIM and unmount it:

dism.exe /Unmount-Wim /MountDir:c:\mountdir /commit

Now you have a new source directory that can be used to add roles and features back to your patched images.  So, if you were on Server Core and wanted to add back the shell components using your updated index 2 source, the command would be:

Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Source:wim:z:\install.wim:2

Organizations will need to determine how often they need to update their source recovery media.  Any time an update is released, the source is potentially invalid for reinstallation or repair operations. 

Hope that helps.

--Joseph

Comments

  • Anonymous
    January 01, 2003
    @Adam; I added a small blurb at the end of this post to reflect that you'll need to update this anytime a new update is released to keep the source current.  There isnt an automated way to do this in product currently.

  • Anonymous
    January 01, 2003
    Glad you got it worked out.  Sorry you ran into this

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Thank you for this post, though while it has been greatly helpful to understanding what is needed to maintain an updated local source, it has also led to great frustration.  The problem I'm finding is that you end up with packages in an "Install Pending" state and it creates problems for adding more packages.  Here are my steps in an attempt to create an updated local source for Windows Server 2012 Datacenter Core: Installed RTM of Windows Server 2012 Datacenter Core. Configured system enough to get on the network. sconfig, 6, all - to get a list of available patches. Downloaded the patches (33) from Windows Catalog: catalog.update.microsoft.com/.../home.aspx Installed the patches, rebooted. sconfig, 6, all - to get any additional patches Downloaded the patches (4) from Windows Catalog: catalog.update.microsoft.com/.../home.aspx  (what a pain...) These patches were downloaded to their own folders in path D:Server2012Patches. Start with an elevated command prompt/PowerShell console. Mount the Server ISO and copy the sourcesinstall.wim to a folder (D:InstallWIM) Remove the Read-Only attribute on the WIM file: attrib.exe -r D:InstallWIMinstall.wim View the images in the WIM: Dism /Get-WIMInfo /WimFile:C:testimagesinstall.wim  (3 for DataCenter Core, 4 for GUI) Mount the WIM choosing the index 3 for Datacenter Core: md D:InstallWIMMountDir Dism.exe /Mount-WIM /WimFile:D:InstallWIMinstall.wim /Index:3 /MountDir:D:InstallWIMMountDir Add Patch Packages to the mounted WIM: Get-ChildItem -Path D:Server2012Patches | % {Dism.exe /image:D:InstallWIMMountDir /Add-Package /PackagePath:D:Server2012Patches$_} (Or copy all the MSU files to a single folder Dism.exe /image:D:InstallWIMMountDir /Add-Package /PackagePath:D:Server2012Patches) I had 4 packages fail: KB2772501 (it's an EXE... how do you apply that offline?) And the last 3: KB2822241 KB2836988 KB2845533 They had the error: An error occurred applying the Unattend.xml file from the .msu package. For more information, review the log file. Error: 0x800f082f dism.log says: CBS    Exec: Cannot finalize session because an exclusive session is pending. [HRESULT = 0x800f082f - CBS_E_EXCLUSIVE_WOULD_MERGE] I went ahead and committed the WIM. Commit the changes to the WIM dism.exe /Unmount-Wim /MountDir:D:InstallWIMMountDir /commit I then remounted the install.wim and tried applying just one of the failed packages, but got the same error. I then listed the installed packages: DISM.exe /image:d:installwimmountdir /get-packages Most came back with "State: Installed", but a number are listed as "State: Install Pending" and one as "State: Staged" (KB2823233). I'm not running McAfee :-)   kc.mcafee.com/.../index And for good measure I uninstalled System Center Endpoint Protection. So, what the heck do we had to do to maintain an updated source??  Thanks!

  • Anonymous
    January 01, 2003
    Add KB2871777 to the list of servicing updates to not install offline.  So skip these: KB2771431 KB2821895 KB2871777

  • Anonymous
    January 01, 2003
    @Adam, Thanks for the comment.  I'll look into amending this post or writing something new that speaks to this.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Djoey, You can use the PackagePath option: Dism.exe /image:D:InstallWIMMountDir /Add-Package /PackagePath:D:Server2012Patches Manually adding each package was to discover which ones will break the ability to add additional packages.

  • Anonymous
    January 01, 2003
    Yes, its ironic :) We've been working hard to get more and more updates to be offline capable.

  • Anonymous
    January 01, 2003
    How would you update the bits that aren't part of the install.wim on the 2012 media, such as the install files for the .Net 3.5 feature?

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Also, if we have created a network based side-by-side store, with the winsxs source files extracted from the install.wim, is it possible to update the network sxs store directly, or is the only option going to be to update an install.wim and extract the updated contents of the winsxs directory from the wim each time?

  • Anonymous
    January 01, 2003
    Thanks again.  It's sort of funny, in the service stack update of KB2821895, the first listed improvement is "Enables servicing stack updates to be installed offline."   So, I'm wondering if I might find it easier to maintain an online system fully patched and just image it to a WIM (mostly a once a month process) and use that image as the source going forward when adding features/roles. I really appreciate your thoughts and time.  -Joe

  • Anonymous
    January 01, 2003
    First, Akirax I'm glad you got your source media updated to allow the scenario to work.  Secondly, we have the ServerManager commands well documented for Features on Demand and how to utilize them.  I talk about role persistence here: blogs.technet.com/.../understanding-features-on-demand-and-role-persistence-in-windows-server-2012.aspx Additional FoD information is located here: technet.microsoft.com/.../ee662311.aspx Hope that helps you in the future.

  • Anonymous
    January 01, 2003
    Joseph, great detail and process - thanks for sharing this as well as Ben!  

  • Anonymous
    January 01, 2003
    You would need to update the install.wim and then re-extract it I believe.  

  • Anonymous
    January 01, 2003
    After some trial and error, I was able to narrow down problems to 2 patches: KB2771431 This one fails and states: Processing 1 of 1 - Package_for_KB2771431: The specified package cannot be added to an offline image. Add this package to a running operating system using the /Online option. Error: 0x800f082e and KB2821895 Once that patch applied, all other adding of packages begin failing with "Cannot finalize session because an exclusive session is pending. [HRESULT = 0x800f082f.]" These were successful: kb2737084.msu kb2742614.msu kb2750149.msu kb2753842-v2.msu kb2756872.msu kb2757638.msu kb2758246-v2.msu kb2761094.msu kb2761465.msu kb2764870.msu kb2765809.msu kb2769034.msu kb2769165.msu kb2770917.msu kb2771744.msu kb2771753.msu kb2771821.msu kb2777166.msu kb2778171.msu kb2779768.msu kb2780342.msu kb2780523.msu kb2782419.msu kb2783251.msu kb2784160.msu kb2785094.msu kb2785220.msu kb2788350.msu kb2789649.msu kb2790920.msu kb2792009.msu kb2795944.msu kb2798162.msu kb2800033.msu kb2800088.msu kb2803676.msu kb2804583.msu kb2805222.msu kb2805227.msu kb2805966.msu kb2807986.msu kb2808679.msu kb2808735.msu kb2811660.msu kb2812829.msu kb2813430.msu kb2815769.msu kb2820330.msu kb2822241.msu kb2823233.msu kb2823516.msu kb2829173.msu kb2829254.msu kb2829361.msu kb2830290.msu kb2836988.msu kb2845533.msu kb2845690.msu kb2850674.msu kb2853915.msu kb2856758.msu

  • Anonymous
    January 01, 2003
    Good idea to not have to go through 37 updates manually one by one: ForFiles /P C:2012Updates /C "CMD /C dism.exe "/Image:c:mountdir" /Add-Package /PackagePath:@Path

  • Anonymous
    January 01, 2003
    the latest 2 updates should be able to integrate into a WIM: completelyOfflineCapable="yes"

  • Anonymous
    January 01, 2003
    You do this in the same way, just use the sxs path.

  • Anonymous
    November 19, 2012
    The comment has been removed

  • Anonymous
    October 02, 2013
    Been trying to add gui to a core datacenter install for 2 days now. After stumbling upon this site and realizing it will not work unless you add patches to the install.wim is completely ridiculous..

  • Anonymous
    October 02, 2013
    As it stands, install the full gui and remove when done. but don't specify the -remove option or it will remove the binaries and put you back into the same predicament. Remove-WindowsFeature blah blah     <------YES Remove-WindowsFeature blah blah     -Remove <------NO just wow...

  • Anonymous
    October 03, 2013
    Appreciate your follow-up. The server 2012 core in question was installed a little over a year ago and the amount patches and hotfixes installed are well over 50 or more. An issue occurred with my Hyperv failover cluster that require further troubleshooting with the gui. This is where the frustration started just trying to add the gui to the install. In the end, I evicted the node, cluster node cleanup, and was able to add the node in question back into the cluster which resolved the issue. As I move forward with 2012R2, I have my eye on minimal interface as I like the benefits of the reduced attack surface and fewer patches as the article you referenced mentioned. Thanks