Clustering Best Practices: Using PowerShell to Check Hotfix Compliance

So Guys + Gals

As well as writing PowerShell scripts and running a PowerShell course here in the UK, I spend a lot of time looking at clusters.  I go to customers and run a cluster health check to make sure that their cluster adheres to best practices.  Lots of what I do involves manual checking of various values, so I thought I would write some PowerShell scripts to automate some of this checking.


So for the next few posts I am going to post some scripts to check that certain aspects of a high availability cluster adhere to best practice.


My friend and colleague Richard Macdonald is doing exactly the same thing but in VBScript (boo ... hisss).  Check out his similar version(s), but in VBScript.



Checking Hotfix Compliance


What does this script do?  It checks whether the recommended hotfixes that should be installed on a cluster are installed on each node.  With high availability systems it’s crucial that all nodes are patched consistently, and they are patched with the latest fixes.


Check out the following KB’s for a list of fixes for each Operating System and Service Pack level.


Windows 2000 – Service Pack 4


Windows 2003 -RTM


Windows 2003 – Service Pack 1


Windows 2003 – Service Pack 2


How to use this script


Firstly, download the script.  It is attached to this blog in a zip file.


This script takes the cluster name, and text file with listed fixes as arguments. E.g.


.\Check-ClusHotfix.ps1 MyCluster  Fixes-Win2k3-SP1.txt


This will create some output on the screen, and a tab delimited file which can be manipulated easily in Excel if needed.  It tells you exactly what fix is installed on each node.  You do not need to run this script on the cluster, just on a workstation which has RPC access to the cluster nodes.


How this script works


It reads in a txt file with a list of fixes, then queries each node in the cluster to ascertain if the fix is installed.  It writes the output to screen and creates a csv file with the output. 


In order to get this working I have used the Cluster WMI provider.   More details on the cluster WMI provider can be found here:


I won’t explain the whole script, however these are some the key parts that are worth looking at in detail.



$AllNodes = Get-WmiObject -class MSCluster_Node -namespace "root\mscluster" -computername $ClusterName



This returns a collection of cluster nodes.  In order to make sure we connect to each node in the cluster, we can use a foreach loop.



foreach ($Node in $AllNodes)



Then with each node we can use the WMI class Win32_QuickFixEngineering  to get the installed fixes.



$InstalledFixes = Get-WmiObject -class "Win32_QuickFixEngineering" -namespace "root\CIMV2" -computername $Node.Name



All we then do is loop through each hotfix from the text file and run the following command.  $Checklist is created by using get-content and is an array of text lines.  This is the collection that we loop through



$FixInstalled = $InstalledFixes | where-object {$_.HotfixID -like '*' + $checklist[$i] + '*'}



We then just write out results to a 2 dimensional array which mimics a table, which we can output at the end.


The actual code that does the useful stuff is very small, the rest of it is basic error checking and formatting the output.  Attached is a zip file with the script and some text files for checking various systems.


Please, please make sure you test this in a non-production environment before you run it against your production cluster.  Never run anything on a cluster unless you are 110% confident that it is fine to do so.


If you have any questions or feedback, just give me a shout.


That is all.


Comments (2)
  1. Anonymous says:

    Finally, here is the last demo. Demo 5 – Administering Failover Clustering I have already written a detailed

Comments are closed.

Skip to main content