On Azure, if we have a Windows VM and want to upgrade it to the latest version; e.g. Windows server 2019, there is no direct way or available template on Azure to do it smoothly. Though there are a couple of alternatives to achieve this.
- Download the OS drive (c:) VHD on one of your systems, do the in-place upgrade (keeping all the files intact) and post local in-place upgrade, upload the upgraded OS drive (c drive) VHD to the Azure storage account and replace the C drive of your VM.
- Create the new VM all together with the new OS version, install your required software, set up file share user permission & do all the required settings, do the thorough testing and switch the old server domain name to a new one & discard the old server.
All these processes are a time-consuming activity that requires more effort from operations as well as from a testing point of view.
What if we upgrade on Azure windows VM itself (in-place upgrade) with more confidence? Yes, we can and it can be done in 4-6 hours. Keep in mind before upgrading that you need to take the backup of VHDs (OS & data disks), make note of extensions, NIC.
Here is the step by step process to update the IaaS VM Windows server:
- Enable boot diagnostic
- Take Screenshot of Disks from Portal:
The idea is to get the LUN number and disk names detail.
- Take Screenshot of Disks from Server: The iea is to get the LUN number and disk drive letter mapped to it
- Step 2 & 3 will help us when we are going to create a new VM from disk snapshot if required
- Disable the disk encryption.
- $vmName = "<<your-vm-name"
- $rgName = "<<your-resource-group-name>>"
- Disable-AzureRmVMDiskEncryption -ResourceGroupName $rgName -VMName $vmName -VolumeType All
- Remove the disk encryption
- Wait for a few minutes until all disks are fully decrypted. Wait time all depends on disk size. Depending on your disk size it may vary. For TBs of data disk, it will take a few hours to fully decrypt the disks.
Steps to verify:
- Open PowerShell in admin mode
- Command: Get-BitLockerVolume
- If we see VolumeStatus (FullyDecrypted) or EncryptionPercentage (0)
We are good to proceed with the next step of removing the disk encryption.
NOTE
Before executing the below command make sure all OS & Data disks are fully decrypted.
- Remove-AzureRmVMDiskEncryptionExtension -ResourceGroupName $rgName -VMName $vmName
- Take the snapshot or full backup of the C drive and Other data drives (Other drives are for UAT & PROD) keep the name of the snapshot as <ORIGINAL-Name>_snapshot
- Log in to the server
- Uninstall System Center Endpoint Protection (SCEP)
- Get the Windows server 2019 bit (Windows Server 2019 Standard and Datacenter)
- Start the in place upgrade.
When getting the option “select image” choose the “Desktop experience”
- Windows Server 2019 Standard
- Windows Server 2019 Standard(Desktop Experience)
- Windows Server 2019 DataCenter
- Windows Server 2019 DataCeneter(Desktop Experience)
Select the Windows server 2019 DataCenter (Desktop Experience)
In the screen “Choose what to keep” select “Keep personal files and apps”
- You may get a warning/alert to remove some of the protection software like (SCEP)
- Take note and uninstall them one by one.
- And again restart the in-place upgrade
- Start the server upgrade activity, it will take 2-2.5 hours to upgrade. We can keep track of the upgrade activity from Boot diagnostics from the Azure portal
- Restart the server a couple of times after the in place upgrade.
- Do the sanity testing and share the result with the team.
- Do the disk encryption. [It's possible to do this activity after a day or two]
- Look into the protection software [from Step 8], in an ideal case, it should be installed in a couple of days as it will be handled by extension; if not we have to install it manually or take your server admin help.
After doing all the above steps we’re good to go with the upgrade.