Hello, my name is David and I'm a Principal Engineer with Dell. Today I'm going to demonstrate how to add a cumulative update to an offline Windows image. You might want to do this to keep a deployment image up to date, but there are other uses for it too. And I'll demonstrate one of those now.
This virtual machine is a domain controller, but I've run the 'Uninstall-WindowsFeature' PowerShell command with the '-AsH Remove' switch to remove the AD consoles and DNS Server console as well. This might be done on a server in order to conserve disk space. Unfortunately, if you change your mind later and try to re-add those features, you may run into problems, as I'll demonstrate.
Some of the PowerShell commands I'll be running in this video take a long time to complete, so you may notice some time skips. I promise you the only thing you're missing is a few long progress bars. But do keep in mind that this procedure takes longer than is demonstrated here. As you can see, I'm trying to add the ADDS Tools feature, which includes the Active Directory consoles.
At this point, it's prompting me to specify an alternate source path. If I ignore that and just say Install, it runs for a little while but then gives me an error that says the source files could not be found. That's because the command I used to remove those tools removes the required binaries from the Windows WinSxS folder. So what happens if I try again and use my OS install media as a source path? I'll speed this up a little bit.
When I'm prompted to specify an alternate source path, I'll click that link, and my install media is mounted as the D drive. Here it is in 'File Explorer', and what I need is the 'install.wim' file inside the 'Sources' folder. There it is. So I'll note the path here, and I have to specify 'wim:' as a prefix, then a colon, and then the path, and then I have to use an index number as well. We'll talk about that index number in a bit. So I click OK to accept that, and then click Install. It goes a little farther this time, but then I get the same error.
This is because the operating system has been updated since it was installed, and the files that are in the 'install.wim' image are no longer up to date. The solution to this is to add the current cumulative update to that offline Windows installation image. I'll show you how to do that now. The first thing I need to do is determine what the latest cumulative update installed on the OS is.
To do that, I check 'Windows Update' and click 'View Update History', but that doesn't always give the whole story. So I click 'Uninstall Updates', and that shows all of the updates that are currently installed on the server. I happen to know that the latest update there, KB505169, is a .NET Framework update. We're not concerned with that, so I'll ignore it. The latest cumulative update at this time is KB5058385, the second one in the list. Now we need to download the installer for that update from the Microsoft Update Catalog.
I launch a browser and head to the Update Catalog. As soon as the site comes up, I type KB5058385 into the search bar. I'm presented with two different versions of the update. Since this is Windows Server 2022, I need to download version 21H2. I click the Download button, then click the .msu file that appears in the download window, and that begins the download. Once the download is finished, I browse to the file in the Downloads folder and move it into the 'Update' folder I've created at the root of the C drive. You can see I've also created folders named 'Image' and 'Mount'.
Those will come in handy later. Now I need to go to the install media and copy the 'install.wim' file from the D drive into the 'Image' folder. When that's done, I launch PowerShell and run 'Get-WindowsImage' using the '-ImagePath' switch to specify the path to the file I copied: C:\Image\install.wim. This lists all of the images contained within that file. This is an evaluation image downloaded from Microsoft, so it contains four images for Windows Server 2022 Standard and Datacenter, with and without the Desktop Experience. If you need to find out what version of the operating system is running on the server, you can use the 'winver' command.
In the second paragraph it says Windows Server 2022 Standard. That confirms which one we've got. Since we have a GUI, we need to use index number 2: Windows Server 2022 Standard with Desktop Experience. To mount this image, we use 'Mount-WindowsImage' in PowerShell and specify the path to the mount directory first, which is C:\Mount, then use the '-ImagePath' switch to specify the image file, and then '-Index 2'. Now that the image is mounted, it's time to add the update to it. For that, we use the 'Add-WindowsPackage' PowerShell command. For the '-PackagePath' switch, we specify the path to the .msu file.
I know I pasted it into the Update folder, but the file name is rather long, so I copy and paste the name from File Explorer. I make sure the .msu extension is included. Then I use the '-Path' switch to specify the path to the mounted image: C:\Mount. Now I'll demonstrate an error that may occur during this process. As you can see, we didn't get too far into adding a package before we got error 0x800F0823.
This error indicates that another update must be added to the image before this one. Commonly that's because of a servicing stack dependency, and that is the case here. Unfortunately, the error gives us no information about which update is required. But if we look at the Microsoft KB article for the update in question, we can determine exactly what is needed. So we search for KB5058385, browse to the article, and scroll down to the section titled 'How to get this update'. There we see a section titled 'Prerequisite for offline OS image servicing', which is exactly what we're trying to do.
It indicates that we need update KB5030216 added to the image before we can add this one. It even calls out the specific error we're seeing. Since I knew this was going to happen, I've already downloaded update KB5030216, so I move it into the 'Update' folder. Then I rerun 'Add-WWindowsPackage' using the path to KB5030216, keeping everything else the same. As you can see, the package is added this time without any errors. Now we need to add the original update, KB5058385. But I've run into problems trying to add more than one package in a session.
So first I'm going to dismount the image and save it. For that, I use the 'Dismount-WindowsImage' command, provide the path to the mounted image, and use the '-Save' switch to indicate that changes should be saved. Then I mount it again, add the second update, and save it. Since you've already seen all of those steps, I'll speed things up quite a bit here. Now that both updates have been added to the image, I need to confirm whether my initial task will succeed. So I once again try to add the AD DS Tools, and I include the DNS Tools as well. As before, I specify an alternate source path, this time to the 'install.wim' file in C:\Image. And once again, I use index 2. Installation succeeded.
Now let's confirm that I can launch an AD console. I launch 'Active Directory Users and Computers'. And there it is. That confirms that adding those updates to the image allowed it to be used as an installation source. Once again, my name is David. I'm a Principal Engineer at Dell, and thank you for watching.
