Tuesday 18 April 2017

Test driving OMS Upgrade Readiness

Last week I advised a smaller customer on their upcoming Windows 10 migration. As a smaller shop (approx. 100 users) they don't have access to the usual tools that I would recommend, although they use MDT for imaging and WSUS for patching. They don't have any tool for hardware and software inventory so we were unable to have a conversation about application compatibility. I thought this would be a good opportunity to test drive Upgrade Readiness, a "free" component of Microsoft Operations Management Suite (OMS). Let me clarify that, I was told it was free but I was unsure what I'd actually get.

This is from the Microsoft TechNet article, looks hopeful:

"You can use Upgrade Readiness to plan and manage your upgrade project end-to-end. Upgrade Readiness works by establishing communications between computers in your organization and Microsoft. Upgrade Readiness collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft".

Getting Started

Upgrade Readiness is a component of OMS and was formerly known as Upgrade Analytics which was previously known as Windows Analytics (I mention this as you'll still see these terms). The first step in this process is to sign up and create an OMS Workspace. This must be linked to an Azure subscription (either new or existing) even though you will not be charged.

Navigate to the following page to sign up for Upgrade Readiness (even though the page still says Windows Analytics).



If you already have an Azure subscription you should sign in with the subscription owner account. This is to allow you to easily link your new OMS Workspace with your existing Azure subscription.

If you are already using OMS you can choose "Existing OMS Customers". Otherwise choose "New Customers". This is the one we need.


This is the "Create New Workspace" page of OMS. 
Choose a workspace name eg. yourdomain

From now you will access your workspace using this link:

https://yourdomain.portal.mms.microsoft.com

Enter the rest of your details (Workspace region, name, contact email address, phone number, company name and country).
Select Create to create your OMS workspace.


The OMS workspace has been created and your Azure subscription is available. Choose Link to link your workspace with your subscription.


If you don't have an Azure subscription (ie the account you have signed in as is not the owner of any Azure subscriptions), you will need to create one before you can continue. Select "Create New" and run through the wizard to create a new Azure subscription. You will need a credit card for this although you will not be charged if you only want the free Upgrade Readiness.


The OMS workspace has been created and linked to your Azure subscription. Now you have to add the Upgrade Readiness solution. Check that box and select Add. (I've also added Update Compliance (Preview) but that is optional).


This is our OMS workspace. See that the Data Plan = Free in the top right corner. We'll have a look at that again later.

Configuring OMS

See that Upgrade Readiness requires configuration. Click on the tile and the Settings dashboard opens. Navigate to the Windows telemetry panel.


Copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Readiness deployment script later so it can be deployed to user computers.


Click Subscribe for Upgrade Readiness. The button changes to Unsubscribe. Unsubscribe from the Upgrade Readiness solution if you no longer want to receive upgrade-readiness information from Microsoft.


Click Overview on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Readiness tile now displays summary data. Click the tile to open Upgrade Readiness.

Proxy Configuration

The following endpoints should be whitelisted. They need to be accessible in order for your clients to send telemetry data to Microsoft. This data will subsequently be displayed in Upgrade Readiness.


Endpoint
Function
  • https://*vortex*.data.microsoft.com/

Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint.
  • https://*settings*.data.microsoft.com/

Enables the compatibility update KB to communicate with Microsoft.
  • https://go.microsoft.com/fwlink/?LinkID=544713
  • https://compatexchange1.trafficmanager.net/
    CompatibilityExchangeService.svc

This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system.
If you are using a Windows Compatibility Update published after February 2017 (appraiser.dll version >= 10.0.14979) you don’t need access to these endpoints

Client configuration - compatibility updates

The compatibility update KB scans your computers and enables application usage tracking. If you don’t already have the KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using WSUS or ConfigMgr. I'm just running a pilot for now so I'll install them manually.

For Windows 7 I need the following

Windows 7 SP1
KB2952664
Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed.
For more information about this KB, see https://support.microsoft.com/kb/2952664

KB 3150513
Provides updated configuration and definitions for compatibility diagnostics performed on the system.
For more information about this KB, see https://support.microsoft.com/kb/3150513
NOTE: KB2952664 must be installed before you can download and install KB3150513.


There are different KB requirements for the various operating systems. You'll find that information here

Client configuration - execute Upgrade Readiness deployment script

The Upgrade Readiness deployment script does the following:
  1. Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
  2. Verifies that user computers can send data to Microsoft.
  3. Checks whether the computer has a pending restart. 
  4. Verifies that the required KBs are installed.
  5. If enabled, turns on verbose mode for troubleshooting.
  6. Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness.
  7. If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.

Download the script package from here. See here for full script instructions but you have to edit the script with the following information:
  • Location for log information
  • Commercial ID
  • Log behaviour

Executing RunConfig.bat.

In my pilot I copied the script files locally to a folder C:Temp\Pilot. I also used a local log file C:\Windows\Temp.

What does Upgrade Readiness give us?

I onboarded two Windows 7 clients for my pilot.


This is what I could see in my OMS workspace after a few days.


Drill into Upgrade Readiness to see more details.


Scroll over. Now we can see really useful information. We can find applications and drivers with known issues. These are the issues we need to resolve before the Windows 10 deployment.

Note that the information can be exported to Excel and saved locally. That's really cool.

The not-so-good stuff

I have a few little problems with the solution which I felt I should mention:
  • Windows 7 computers require that two KBs are installed for the solution to work. KB2952664 and KB3150513 are required. It's unfortunate that KB2952664 has to be installed already before KB3150513 can be installed. I appreciate that computers should be fully patched but that isn't always the case. I needed multiple reboots for my pilot clients with this customer. It will now be a little awkward to automate this to the remaining clients using a Group Policy computer startup script.
  • This TechNet article contains exit codes for the upgrade readiness script. 0 is the "successful" exit code. However I got a 0 code even though the script could not run and a log file was not created. This was a little confusing.
  • It can take quite a while to onboard devices - up to 3 days for my second pilot client.
  • Windows 10 Version 1703 is not yet available as a target version. Perhaps it's too early, or perhaps it will be available when 1703 is declared business ready.
  • The free data plan is a little restrictive. The daily upload limit is 500MB and the data retention period is 7 days. Note that the initial upload for each client is expected to average 2MB.
  • You can increase this by purchasing an another offering.

Next steps

Integrate Upgrade Readiness with ConfigMgr to access client upgrade compatibility data in the admin console. You'll then be able to target devices for upgrade or remediation from the device list.

Final Verdict

I'm generally quite happy with the solution. It will do exactly what I need for this customer.

Until next time......



8 comments:

  1. Very good blog, thanks! However, I do not agree about the restrictions topic. Whilst the limits are correct for the free sata plan, the data related to Upgrade Readiness coming into OMS are exempt from billing, which makes UR completely free.

    See https://blogs.technet.microsoft.com/ukplatforms/2017/03/03/getting-started-with-upgrade-readiness/

    Your Azure subscription will not incur any costs for any data being transferred for Upgrade Readiness. So, from a cost perspective, spinning up an Azure subscription should not be a cause for concern.

    ReplyDelete
  2. Hi Gerry,
    nice article. I've been in contact with MS regarding the cost model and they have said that there is no upload limit for Upgrade Readiness. Upgrade Readiness is the excemption to OMS upload limits.

    ReplyDelete
    Replies
    1. Thanks for sharing that information. It's very useful.

      Delete
    2. Good work Gerry!
      Network monitoring shows endpoint "watson.telemetry.microsoft.com" might also need whitelisting, its for Windows Error reporting.

      Cheers James P

      Delete
  3. Extremely good Job Gerry. Thank you so much.

    ReplyDelete
  4. Just back to the topic on data plans. Do you happen to know if the data plan within OMS makes a difference in the data that is being reported in the Monitoring Upgrade Readiness area in SCCM? WE are seeing “mixed” results with the use of the free data plan (7 days retention). Not sure if the data plan in the OMS suite makes a difference?

    ReplyDelete
  5. Thank you Gerry, how can we change the frequency at which Windows 7 client uploads its inventory to OMS?

    ReplyDelete