Add legacy driver and GlobalFlag IPU blocker detection to OSUpgrade Assessment script#1
Open
jdickson289 wants to merge 195 commits into
Open
Add legacy driver and GlobalFlag IPU blocker detection to OSUpgrade Assessment script#1jdickson289 wants to merge 195 commits into
jdickson289 wants to merge 195 commits into
Conversation
sync from master
Uploaded a new version of Ghosted NICs removal script with time warning added
Let's move the scripts. Readmes need more content
…ticSymbols.db-wal
…ure-support-scripts into scotro/movescripts
Move the scripts and add readme
WindowsUpgradeScriptv2
Added link to Ghosted NIC Removal script on GitHub
V2 Update Windows_GhostedNIC_Check_Time_warning.ps1
Adding warning to backup VM before running script
Just an update to messaging, no substantial code change
Big Change - move scripts from runcommand Add readme.mds
doc and bug fix for vmassist linux
Update Windows_WindowsActivation_Validation.ps1
Refactor string splitting to use splitlines method
Add RHUI connectivity check script v2.
Add RHUI Break/Fix script for testing scenarios
…Azure service endpoints.
.SYNOPSIS
Validates Windows Firewall configuration and checks connectivity to Azure service endpoints.
.DESCRIPTION
This script performs the following checks:
- Verifies Windows Firewall service status
- Checks firewall profile states (Domain, Private, Public)
- Validates RDP (3389), WinRM (5985/5986), SMB (445), HTTP/HTTPS port accessibility
- Tests connectivity to comprehensive Azure endpoints including:
* Infrastructure: IMDS, WireServer, KMS, Time Sync
* Management: ARM, Azure Portal
* Identity: Azure AD/Entra ID, Microsoft Graph
* Storage: Blob, File, Table, Queue
* Monitoring: Azure Monitor, Log Analytics, Application Insights
* Backup: Azure Backup, Site Recovery
* Security: Key Vault, Defender
* Updates: Windows Update, WSUS
* Certificates: DigiCert, Microsoft CRL/OCSP
* DevOps: Azure DevOps, NuGet
* Containers: ACR, MCR
- Checks PerfInsights storage account connectivity if configured
- Identifies blocking rules for Azure infrastructure IPs
- Provides remediation guidance for detected issues
…eStuff
Validates Windows Firewall configuration and checks connectivity to Azure service endpoints.
… and volatile temp-drive references on Azure VMs.
.SYNOPSIS
Analyzes Windows service dependency chains, startup type mismatches, and
volatile temp-drive references on Azure VMs.
.DESCRIPTION
WindowsServiceDependencyAnalyzer performs three categories of checks:
1. Dependency Chain Analysis
- Maps each service's DependOnService list and reverse-depends (dependents)
- Detects circular dependencies
- Identifies chains deeper than 4 levels (fragile startup order)
- Flags services depending on a Disabled or Manual service
2. Startup Type Mismatch Detection
- Services set to Automatic that are currently Stopped (and not trigger-started)
- Services set to Disabled that have active dependents set to Automatic
- Services in a failed state (StartType = Automatic, Status = Stopped,
ExitCode != 0)
3. Volatile Path Detection
- Scans service ImagePath and common registry parameters for references to
the Azure temp drive (typically D:\) or well-known volatile paths
- Flags services whose binaries or data live on drives that are wiped on
redeployment/resize
Output is a structured report with findings grouped by severity:
CRITICAL - Service failures or broken dependency chains
WARNING - Mismatches likely to cause issues after reboot/redeploy
INFO - Advisory observations
Analyzes Windows service dependency chains, startup type mismatches and volatile temp-drive references on Azure VMs.
Update Beta_Windows_Update_Common_Error_Detections.ps1
This script is a read-only Secure Boot health check for Windows devices. It collects registry, event log, firmware, and task data to determine whether the UEFI CA 2023 Secure Boot update is fully applied, then prints a color-coded report with clear next steps.
Secure Boot Certificate Check script
Detects Mellanox mlx5 network adapter driver versions on Azure Windows VMs and checks for DRIVER_IRQL_NOT_LESS_OR_EQUAL (0x000000D1) bugcheck events. Related TSG: Mellanox mlx5 Driver Crash - Outdated Driver (Windows) https://dev.azure.com/Supportability/AzureIaaSVM/_wiki/wikis/AzureIaaSVM/2539440/ - Detection only - no system changes - Follows Windows_GhostedNIC_Detection pattern - Includes README with TSG reference and usage table
- Added README.md with full documentation: overview, requirements, parameters, usage examples (local, Azure Portal, CLI, Az module), script logic walkthrough, sample output, and full error code table - Renamed Beta_Windows_Update_Common_Error_Detections.ps1 to Windows_Update_Common_Error_Detections.ps1 (removed Beta_ prefix)
…r-detection-readme Add README and rename script for Windows_Update_Common_Error_Detection
…alse-positive filter
…-driver-validation Add Windows_Mellanox_Driver_Validation RunCommand script
…k-readme Add README for SecureBootCertCheck script
…ssessment script Adds two new pre-upgrade checks to Windows_OSUpgrade_Assessment_Validation.ps1: 1. Get-LegacyDriverBlockers: Scans the Services registry for known legacy VMware/ghost hardware drivers (vmmouse, vm3dmp, flpydisk, vmhgfs, vmrawdsk, vmusbmouse, vmvss, vmscsi, vmxnet) that are set to load (Start <= 3). These drivers cause IPU to fail with 0xC1900101-0x50016 when Windows Setup boots into SafeOS and encounters hardware unsupported by the Azure Hyper-V host. 2. Get-GlobalFlagStatus: Detects GlobalFlag enabled in Session Manager (HKLM\SYSTEM\CurrentControlSet\Control\Session Manager). When set, this forces Windows Setup into PageHeap/debug mode, throttling memory operations and causing IPU to time out and roll back. Both checks output [Failed] checklist items with inline remediation guidance: - Disable (not Uninstall) legacy devices in Device Manager before retrying IPU - Remove GlobalFlag via reg delete and reboot before retrying IPU Addresses scenario: lift-and-shift Azure VMs from VMware/on-premises environments. Related ADO: #35892966 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds two new pre-upgrade checks to
Windows_OSUpgrade_Assessment_Validation.ps1to detect known IPU blockers on lift-and-shift Azure VMs migrated from VMware/on-premises environments.New Checks
1. Legacy VMware / Ghost Hardware Driver Detection
Scans
HKLM:\SYSTEM\CurrentControlSet\Servicesfor known legacy drivers set to load (Start <= 3):vmmouse,vm3dmp,flpydisk,vmhgfs,vmrawdsk,vmusbmouse,vmvss,vmscsi,vmxnetThese drivers cause IPU to fail with 0xC1900101-0x50016 when Windows Setup boots into SafeOS and encounters hardware unsupported by the Azure Hyper-V host.
2. GlobalFlag Debug Mode Detection
Checks for
GlobalFlagset inHKLM:\SYSTEM\CurrentControlSet\Control\Session Manager. When enabled, this forces Windows Setup into PageHeap/debug mode — throttling memory operations and causing IPU to time out and roll back.Output
Both checks produce
[Failed]checklist items with inline remediation guidance:reg deleteand reboot before retrying IPUTesting
Validated locally — script correctly detects
flpydiskas a blocker on a lift-and-shift test VM.Related