Professional Documents
Culture Documents
Honeywell Suit Iso User Guide
Honeywell Suit Iso User Guide
AUGUST 2021
DISCLAIMER
This document contains Honeywell proprietary information.
Information contained herein is to be used solely for the purpose submitted, and no part of this
document or its contents shall be reproduced, published, or disclosed to a third party without the
express permission of Honeywell International Sàrl.
While this information is presented in good faith and believed to be accurate, Honeywell disclaims the
implied warranties of merchantability and fitness for a purpose and makes no express warranties except
as may be stated in its written agreement with and for its customer.
In no event is Honeywell liable to anyone for any direct, special, or consequential damages. The
information and specifications in this document are subject to change without notice.
Table of contents
1 ABOUT THIS GUIDE ....................................................................................................5
1.1 Support and other contacts ................................................................................................................... 5
3.7.12 Known Issue: When update installation is done by mounting SUIT ISO media, installation
stops after system restart, after installing Service Stack Updates (SSU) ...................................................... 49
3.7.13 Known Issue: Last ISO Installation details not getting updated in Windows 10 1809 tablet
(Node ID: 285) ............................................................................................................................................. 49
3.7.14 Known Issue: MS Updates fails to install with multiple error codes .............................................. 50
Microsoft has suggested below 3 workarounds for fixing this issue: ........................................................... 51
Korea Honeywell 82-2-799-6317 (toll free Honeywell Co., Ltd 4F, Sangam +82-2-792-
Global TAC within Korea) IT Tower 9015
– Korea 1590, DMC Sangam-dong, Mapo-
gu Seoul, 121-835, Korea/
Global-TAC-
Korea@honeywell.com
Symbols Definitions
NOTE: Identifies advice or hints for the user, often in terms of performing a
task.
1.3 Scope
This document is expected to guide a user to keep systems updated with the latest Microsoft
Security/Non-Security updates qualified by Honeywell for the supported HPS products that are
released to market.
Microsoft Security/Non-Security updates are re-distributed as a standard ISO which has a tool
embedded, Update Manager, designed to manage the Security/Non-Security updates for the
supported HPS product nodes.
The document also provides information on the HPS product nodes which are assigned with a
unique node ID, used by the Update Manager to identify the node.
The document describes the various recommendation standards followed by Honeywell to help
a user to understand the importance of recommendations which Honeywell provides to all the
security updates.
The recommendations are provided in the datasheets of all the security updates bundled in the
ISO. The datasheets can be accessed from the Honeywell On Line Support OLS.
Though Honeywell provides a recommendation for all the security updates,Honeywell would
not account for any consequences if a user is at his/her own discretion to override the
recommendation provided.
This document also deals with the security update install exceptions, it is imperative for a user
to visit this section to obtain a clear set of instructions, if a security update is to be exempted
from installation on any of the HPS products.
1.0 June 2012 Merged Update Manager User guide and SUIT-
ISO user guide, added region wise contact details.
1.1 July 2012 ISO support for Safety Manager has been upgraded
to R133.3, R145.1 and R1501.
1.3 September 2012 ISO support for Windows Server 2008 & Windows
Server 2008 R2 Domain Controllers and TPA
R690 has been added.
1.4 October 2012 ISO support for LS/HS R400 and PCUS R400.1 on
Windows 7 SP1 has been added.
1.5 November 2012 ISO support for RAE R610 has been added.
1.6 January 2013 ISO support for PMD R800.1, EPKS R410 RESS
and SM 133.4 on XP SP3 IE6 & IE7 has been
added.
1.8 March 2013 ISO support for FDM R430.1 and EBR R410.1 on
Windows Server 2008 SP2 has been added.
1.9 April 2013 ISO support for EPKS R410.2 and RAE5.0
Update6 with EPKS R301.3 & R310.3 has been
added. Removed updates to obsolete Operating
Systems/ obsolete Windows Components from
ISO.
2.0 June 2013 ISO support for Plant Cruise R100.3 on Windows 7
SP1 and DVM R500.1 has been added.
2.1 July 2013 ISO support for BMA and RAE5 Desktop Server
with EPKS R30x, R310.x & R311.x has been
added.
2.2 August 2013 ISO support for HS R410 and vCenter Server 5.0
on Windows Server 2008 R2 SP1 has been added.
2.3 September 2013 ISO support for EPKS R410.3 and FDM R430.1 on
x86 has been added.
2.4 October 2013 ISO support for Print a GUS has been added.
2.5 January 2014 ISO support for BMA OPBC Standalone Client
nodes and EBR R410.2 on Windows Server 2008
R2 SP1 has been added.
2.6 March 2014 ISO support for EPKS R430.1, FDM R440.1 and
SM R133.5/146.1 on Windows Server 2003 SP2 &
Windows XP SP3 has been added.
2.8 January 2015 ISO support for PMD R830.1 ha`s been added.
3.0 April 2015 ISO support for EPKS R431, PCUS R431, EPKS
R430 & 431 Flex Server, and FDM R450 on x86 &
x64, EBR R430 and SH R200.2 on x86 & x64 has
been added.
3.1 May 2015 ISO support for FDM R440 on x86, PBM R431.x,
SM R152.1 and FSC R710.7 has been added.
3.2 June 2015 ISO support for PCUS R430 has been added.
3.5 October 2015 ISO Support added for EPKS 400.8 with IE9,
PCUS 431.2 with IE9 PMD 831.1 and EPKS 410.x
& 430.x combinations are added for BMA nodes
202 to 206
3.6 December 2015 Added Sec 3.7 – Known Issues and Workarounds
3.11 July 2016 ISO support added for EPKS R430.5/ R431.3/
R410.9/ R432.1 (Server A, Server B, ESF, EST,
EAPP, Flex Sever) with IE 11 and .Net 4.5.2,
EPKS 431.x Orion Console, BMA nodes for 4xx
releases, P3. Added Note IV in the end of section
2.2
3.12 September 2016 Reframed node IDs for EPKS R410.9 /R430.5/
R431.3/ R432.1 and added support (NONRED,
SCE, EServer, EHG, EAS and RESS) nodes. ISO
Support added for DC on W2K8 SP2 with IE 9 and
W2K8 R2 SP1 with IE11 Updated the Note I (1) in
section 2.2
3.15 December 2016 ISO support for FSC 710.9 and Domain
Controllers on Windows Server 2012 and
Windows Server 2012 R2 has been added
3.16 March 2017 ISO support for EPKS R500.1, PMD R900.1, PBM
R500.1, BMA R4xx nodes with IE11 &
3.17 April 2017 ISO support for RAE R700.1, BMA 400 nodes
with .Net 4.5 and Domain Controller on Windows
Server 2016 has been added. Updated Known
Issues section 3.7
3.18 June 2017 ISO support for HS R500 and EBR500 has been
added. Updated Known Issues section 3.7
3.19 July 2017 ISO support for FDM R500 has been added.
3.20 August 2017 ISO support for SM R153.4, DVM R600.1 and
EBR R431.x on Windows Server 2012 has been
added.
3.21 October 2017 ISO support for EPKS R505, DVM R620.1 and
SM R153.5 has been added.
3.25 April 2018 ISO support for EPKS R501.x, Profit Suite
R412/R431/R442, CPM R601.x, EBI R500.1 and
NAS on Windows Server 2016 & Windows Server
2012R2 has been added.
3.26 May 2018 ISO support for PBM R501.x, RAE R701.1 has
been added. Updated Known Issues section 3.7
3.27 June 2018 ISO support for EPKS R510.x, CPM R570.x, EBI
R430.x and PA R500/R430 has been added.
3.28 August 2018 ISO support for Safety Manager R200.2 has been
added and removed support for EPKS
R505.Updated Known Issues section 3.7
3.29 October 2018 ISO support for PMD R910.2 has been added and
Updated Known Issues section 3.7
3.31 March 2019 Information added for March SUIT ISO DVD size.
3.32 April 2019 Added attention section for April month ISO.
3.36 July 2019 Added ISO support for DVM R700, Carbon Black
8.1.0, EBI R600, EBR R501 and Process Safety
Analyzer R115 Added Reboot required check box
support for rebooting the system automatically
after installing all updates
3.37 September 2019 Added ISO support for Console stations on all
EPKS releases on Windows 2008 R2 and Windows
Server 2016
3.38 October 2019 Modified Node ID support for EPKS 511 Updated
Known issues and workarounds section to include
workaround for file not found error in DVM and
EBI nodes
3.41 February 2020 Added ISO support for vCenter Server 6.0 on
Windows 2012 R2
3.45 July 2020 Added support for EPKS R520 on Windows Server
2019 and Windows 10 1809 Build.
Added support for EBR R5xx installed on NAS
node.
Added support for SPA R130.1 on Windows
Server 2016 and Windows Server 2012 R2.
3.49 December 2020 Added support for CPM 603.1 on Windows Server
2019
Updated Known issues and workarounds section to
include issue related to SQL Server Cumulative
Update 22 KB4577467 installation
3.50 January 2021 Added support for ProfitSuite R510.1 on Windows
Server 2016 and Windows Server 2019
Introduced System Restart after installing Service
Stack Updates (SSU)
Introduced Disabling Experion services before
installing updates and Enabling these services after
completion of update installation
Updated Known issues section with details on
Error message “Script not found”
3.53 April 2021 Added support for PHD R410 on Windows Server
2012 R2, Windows Server 2016 and Windows
Server 2019
Added support for SM 211.1 on Windows 10 and
Windows Server 2016.
Anti-Virus Software
Guidelines for
Virtualization This document guides installation and configuration of McAfee MOVE
Environment Antivirus (Agentless) in an NSX for virtualized environment.
2 Introduction
2.1 Overview
The qualified Security/Non-Security updates are re-distributed as an ISO which is posted at Honeywell
OLS.
Qualification of the Security updates abide by Honeywell policy of supporting N, N-1 and N-2 HPS
product releases, N being the latest HPS product release available to the customer.
Effectively, systems are updated with latest qualified Security updates using a Honeywell proprietary
application which automatically deploys all the Security updates required on the target systems. This
application is typically termed as Update Manager which is responsible for managing the qualified
updates on systems hosting various Windows Operating Systems.
The following table describes HPS product releases which are Supported by the Update Manager.
If a HPS product is not mentioned in the list below, then that product is not supported by Update
Manager and it is recommended to contact the local TAC for registering a request.
Update Manager doesn’t support all HPS products by default, using ISO on a
product node not supported by Update Manager will not help a user to keep
ATTENTION system updated with latest qualified security updates.
USB lockdown policy must be disabled. Kindly follow the steps described in
section 3.6 of “SUIT-ISO-USER-GUIDE.pdf” before deploying the MS ISO
ATTENTION updates.
Microsoft Windows 7 64bit and Windows Server 2008 R2 64bit reached End of Extended
Support on 14-Jan-2020, and general security updates are no longer available for these
operating systems. Continued access to critical security updates is available through an
ATTENTION
active Extended Security Update (ESU) agreement with Honeywell. Please contact your
Honeywell account manager for details.
Update Manager tool supports only those systems which have ESU key installed in it. User
will not be able to proceed with update installation if ESU key is not installed on systems
with Windows 7 and Windows Server 2008 R2 operating systems.
Pulp, Paper and Printing RAE 600, RAE 601, RAE 602, RAE 603, RAE 61X.x,
RAE 700.x, RAE R701.x and RAE R702.x, TPA 690,
PMD R800.x, PMD 830.x, PMD831.x, PMD R900.x,
PMD R910.x, PMD R920.x
Field Device Manager R410.x, R430.x, R440.x, R450.x, R500.x, R501.x, R511.x
AAM R321.x
Domain Controller (Only with High Windows 2008 SP2, Windows 2008 R2
Security Policies) SP1, Windows 2012, Windows 2012 R2, Windows 2016
Latitude 7220 Rugged Extreme Tablet Windows 10 1903, 64bit, No Service Pack
NOTE IV
The Optional updates are excluded from the ISO media, due to the size
NOTE
constraints.
Also, the “Optional Updates” recommendation document is provided with ISO
media, where the user can download and install the necessary optional updates
based on the recommendations provided for EPKS 4xx/5xx releases.
NOTE V
From March-17 onwards providing four ISO images. i.e.
NOTE
1. ISO for HPS Products/Releases running on Windows Vista SP2, Windows
Server 2008 SP2, Windows 7 SP1-x86, and Windows Server 2008R2 SP1
and Windows 7 SP1-x 64 operating systems.
2. ISO1 for HPS Products/Releases running on Windows Server 2016 and
Windows 10x64 operating systems.
3. ISO3 for HPS Products/Releases running on Windows Server 2012,
Windows Server 2012 R2 and Windows 8.1 operating systems. ISO
supports Domain Controller on Win 2012 SP2 with IE10 and Win 2012 R2
with IE11 only.
NOTE VI
In some cases, (for example, prerequisites for the current updates are not
NOTE
installed), the Update Manager will identify prior updates to be installed, and the
user will be presented with the option to install those prior updates and continue
the installation of the current updates. In rare instances, the Update Manager may
not be able to locate the prior updates; in these instances, the Honeywell Technical
Assistance Center (TAC) should be contacted for assistance.
NOTE VII
NOTE VIII
NOTE SQL Server 2017 security update “CU22 - KB4577467” has been included in the December1
2020 ISO media. Follow special instruction given in this media to install it.
The recommendations are provided by Honeywell with respect to the HPS products and this
recommendation is made in the datasheets provided for every security update against all supported
HPS products. These datasheets along with the ISO image and user guide can be obtained from the
OLS.
Recommendation Description
Mandatory install.
This update is related directly to Honeywell software. This update has
been qualified for installation and should be installed at the earliest
Install
convenience. Please use the installation procedures as per the Microsoft
instructions (click the link in the Microsoft KB Article column) associated
with the update.
Recommendation Description
This update is related to approving the optional software loaded on a
node, an example of this is Microsoft Excel. This update has been
qualified for installation and should be installed at the earliest convenience
based on the existence of the approved optional software. Please use the
installation procedures as per the Microsoft instructions (click the link in
the Microsoft KB Article column) associated with the update.
Mandatory install.
This update is related to an embedded software in the OS that is not used
by Honeywell software or recommended for use (e.g. Outlook Express)
but their existence without their updates represents a security risk. This
Install – Latent
update has been qualified for the installation and should be installed at the
earliest convenience. Please use the installation procedures as per the
Microsoft instructions (click the link in the Microsoft KB Article column)
associated with the update.
Do not install.
This update that is not applicable to the approved Base Honeywell
Exception
Platform software implementation. Note that the components for the update
are not present in the system.
Take no action until the testing is complete, and final recommendation has
Hold
been posted to OLS.
A user must complete registration with the Honeywell OLS website. to view and
download the details of Update Manager from the ISO.
ATTENTION
RAE R702.x AV/ QCS Server with EPKS R50X.x WIN 2016 NA 11 36
Experion R501.x (ESF, EST, ESC, Orion Console, PCUS, WIN 10 1607 NA 11 67
vSphere)
TPA GUS 032 on Remote Srv Win2K8 SP1 IE8 WIN 2008R2 1 8 99
Safety Manager R200.x / R201.x / R210.2 License Server WIN 2016 NA 11 111
/ R211.1
Experion R511.1 (ESF, EST, ESC, Orion Console, WIN 10 1607 NA 11 160
PCUS,)
Experion R430.1Server (ESV, eServer, EAS, ACE, ESC, WIN 2008R2 1 9 167
EHG, SCE, RESS)
Experion R431.1Server (ESV, eServer, EAS, ACE, ESC, WIN 2008R2 1 9 174
EHG,
SCE, RESS)
EBI 500 With DVM 620 on Windows Server 2012 R2, WIN 2012R2 NA 11 213
64bit,
EBR 430 With SM151 and SH200 ON Windows 7, 32bit, WIN 7 1 11 214
Service Pack 1
EBR 430 With SM151 and SH200 ON Windows 7, 32bit, WIN 7 1 11 215
Service Pack 1
Experion R516.1 (ServerA, ServerB, ESVT, ACE, ACE WIN 2016 NA 11 252
T, ESC, SCE, eServer, EHG, EAS, RESS, PCUS,
ELCNHM)
Experion R516.1(ESF, ESC, EST, Orion Console, PCUS) WIN 10 1607 NA 11 253
RAE 61X.x AV/QCS Srv on WIN2K8 R2 SP1 IE11 WIN 2008R2 1 11 261
(EPKS 410.x)
A left click on Check All Updates would enable the Update Manager to read the configuration file
from the local directory and parse the information to determine a list of
Security/Non-Security updates that have been qualified for a particular node. Additionally, the Update
Manager checks whether the updates have already been installed on the system.
If the updates are not installed, they are included in a custom batch file which is used for automatic
installation there by making sure that only those updates are listed as Required Updates which are not
installed on a target system, as shown in the screenshot below.
A left click on the Load Updates which is placed at the bottom of Required Updates window; this
will initiate an installation of all the Required Updates listed above. If an update is already installed on
the target system, then the Update Manager does not list that update in the Required Updates
window.
After initiating the load updates, a command line window opens up to process the installation of updates
as shown below. It is recommended to read information inside this window before the user
acknowledges by pressing any key.
From January-2021 ISO media onwards, System restart has been introduced after installing
Service Stack Update (SSU) as per recommendations from Microsoft. After this modification,
the system will be restarted twice, once after installing SSU and another time after installing
ATTENTION Monthly Rollup (MR) update.
From January-2021 ISO media onwards, on standalone EPKS nodes, Experion Services listed
below along with all dependent services will be disabled before starting update installation.
All these services will be enabled after completing MS update installation. Note that these
ATTENTION disabled services will NOT be enabled incase the update installation is interrupted for any
reasons.
1.Experion PKS BOOTP Server (bootpsrv)
2.Experion PKS GCL Name Server (gclnamesrv)
3.Experion PKS Server System (HSCSERVER_System)
Update Manager tools in May 2019.ISO and May1 2019.ISO rerun the installer
automatically post reboot and check if all the required updates are installed or
ATTENTION not. If all the required updates are installed, then user will be prompted with a
message “No more updates are required for this node”.
In addition, the SQL Server and the DST Security updates are not installed
automatically on servers and users must install manually by following the
special instructions available below.
\SPECIALHANDLING\ directory.
Please note that, in case if the SQL Server or the DST security updates are not
installed on the system, the Update Manager tool lists those updates on restart
until these updates are installed.
A check box has been added for the user’s input if a reboot is required.
• Selecting this check box before applying the updates will result in automatic
restart of the system, after installing all the updates.
• Not selecting this check box will result in waiting for the user confirmation, to
reboot the system after applying all updates.
All activities are logged into the following files:
• %programdata% Honeywell\SUIT\honeywell_mspatches.txt - This log file is
for auditing only and contains all information about what is required to be on
the node and what was installed. This file is appended each time whenever the
application is run. If there is an issue with the Update Manager application,
please contact TAC for further assistance.
• %programdata% Honeywell\SUIT \honeywell_required_updates.log - This
log file is for auditing only and contains a log of required updates for a specific
node. This file is overwritten whenever the application is run.
• %programdata% Honeywell\SUIT \honeywell_installed_updates.log - This log
file is for auditing only and contains a log of installed updates for a specific
node. This file is overwritten whenever the application is run.
NOTE
A left click on Check Security Updates Only lists only the security updates which are qualified to be
installed on that node. The Update Manager finds the security updates which are installed on the
system and it is ensured that only those updates which are not present on the system are listed in the
Required Updates window as shown below.
A left click on Load Updates starts installing the required security updates.
A left click on Check Non-Security Updates Only lists only the Non-Security updates which are
qualified to be installed on that node. The Update Manager finds the Non-Security Updates which are
installed on the system and it is ensured that only those updates which are not present on the system are
listed in the Required Updates window as shown below.
A left click on Load Updates starts installing the required Non-Security Updates.
If the system is already installed with the latest updates, then the Update Manager notifies the user that
the system is already installed the with latest security updates as shown below.
When the ISO is mounted on a system which is not supported, then the Update Manager informs a
user with the message shown below. It is recommended to contact the local TAC for further details.
A click on View Config in Notepad launches the ISO configuration file with a notepad and the user
can look in to this file for details on ISO configuration.
3.7.1 Known Issue: Updates fail to install due to USB lockdown enabled. Ex: KB982018, KB2775511
Workaround: When usbstor.inf and usbstor.pnf files have non-inherited rights, the workaround is as
follows.
Go to Start > Run, type “regedit” and press enter to open the registry editor.
The value 4 will disable USB to OK. This will re-enable USB Ports and allow you
to use USB or Pen drives.
NOTE
If you cannot find Start under USBSTOR, right click USBSTOR and then select
Permission.
Click Advanced.
Check if right permissions are granted for usbstor.inf and usbstor.pnf files:
b. Navigate to C:\Windows\inf
d. Edit the security and set to inherit from parent folder Remove non-inherited rights from the
file
Install MS ISO.
3.7.2 Known Issue: SUIT ISO DVD is taking hours to deploy when a system has WSUS, but the user
wants to use the SUIT ISO to align the system.
Workaround: When WSUS is used, please perform the following steps on the system before
running the SUIT ISO.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
For more information, refer to the guide, Steps to clear windows services logs .docx
1. Press Windows+R, enter services.msc in the Run dialog, and then click OK to open the Services
window.
Select and right-click on the Background Intelligent Transfer Services, and then click Stop service.
Import the exported registry key from Export and remove the below registry key.
MS16-072: Security update for Group Policy is causing issues for many customers. Some possible
problems caused by the update:
Workaround: If the update is installed and the issues mentioned are observed, uninstall this update.
Workaround: None.
3.7.5 Known Issue: DVM R600/R620/700 and EBI R500/600 On Windows 10/Windows Server 2016.
When the Load Updates button is clicked, an exception is thrown stating that “MyPatchList.txt” is not
found in C:\Windows directory.
Go to C: drive.
Go to “C:\Windows” directory.
3.7.6 Known Issue: On certain scenarios installing MS update using Dec 2019 ISO may cause OS
crash.
PAR DESCRIPTION
3.7.7 Known Issue: ELCN Nodes get stuck in LOC_LOAD after installing Security Update Nov ‘19
or later.
Problem Description:
On Experion R5xx with ELCN, we have identified that ELCN Nodes may get stuck in LOC_LOAD
after installing Security Update November, or later. Honeywell has identified the problem and
recommends modifying the Windows Firewall rules to include the LCNP4Emulator process.
This only applies to the PC-based ELCN Nodes, and not the UEA/UVA-based ELCN Appliance Nodes.
November - KB4525236
December - KB4530689
January - KB4534271
Resolution
Honeywell has produced a hotfix which automates the Windows firewall rules creation.
On the applicable ELCN nodes. Right click on the exe and Run as administrator
On successful completion, it provides a message “Experion PKS R5XX ELCN PAR1-C6ISG33 Hotfix
installation completed successfully”. Click on OK.
Note: If LNCNP4emulator is not present, then it will display a message “ This patch is not applicable
on this node”
Once logged in to www.honeywellprocess.com, you would go to the Support Section, then search for
106148
3.7.8 Known Issue: Microsoft Security Update September ’19 ->Jan ‘20 might cause a memory leak
in Experion Station on Experion R43x and R5xx.
Problem Description:
Microsoft is still working on resolution; the January 2020 is also impacted. It is safe to deploy security
updates with the script workaround found in article 105374.
Microsoft has informed us that the problem is also applicable to Windows 7/W2008, therefore it also
impacts Experion R43x and R400/410 with IE11. The workaround can be safely used with the last KB
installed.
HPS Technical Support would like to inform that Microsoft has introduced a product anomaly in
Windows 7/W2008, Windows 10 & Windows 2016 September 2019-> Jan 2020 security roll up
affecting Station robustness on Experion R43x, R5xx. Customers running with August 2019 (and
earlier) are not affected.
The issue is triggered by the use of VBScript in HMIWeb displays causing Station processes to
accumulate memory (memory leak) and overtime impacting Station operations.
Microsoft has acknowledged the problem and is working on a resolution. At this time, Microsoft is not
able to provide a resolution date, we would revise this notification once Microsoft have communicated
their plan to resolve the product anomalies
Multiple triggers have been identified, it would be therefore complicated and impossible to modify
displays to mitigate the issue, we are recommending referring to the “recommended actions” section for
mitigation plans.
Recommended Actions:
Using the PowerShell script below ran from an Domain admin account, it would possible to verify the
Station memory usage, if the memory is usage is found to be > 300Mb, it would be the time to log
off/log in the affected Station.
The script enables you to provide a coma separated list of Station computer name to monitor (in
yellow).
We have identified a method to work around the issue with a simple Station script, it can be found in
article 105374. With the script, the memory leak is mitigated and there is no need to log off every day.
3.7.9 Known Issue: KB3125574 install failed on Windows Server 2008 R2 and Windows 7 using
August 2019 ISO or later
Symptoms
KB3125574 install failed on Windows Server 2008 R2 and Windows 7 using August 2019 ISO or
later.
Context
MS(SUIT) ISO
Diagnosis
KB3125574 installation was completed successfully but status changed back to fail after reboot.
Cause
Resolution
5. On the Services tab of System Configuration, select Hide all Microsoft services, and then
select Disable all.
9. On the Services tab of System Configuration, select Hide all Microsoft services, and then select
Enable all.
3.7.10 Known Issue: EPKS R510.x and R511.x nodes continue displaying popup to install SQL Server
Cumulative Update 22 (CU 22) update KB4577467 although already installed
Symptoms
EPKS R510.x and R511.x nodes continue displaying popup to install SQL server CU 22 MS19-08-SQL
KB4577467 although already installed
Context
December1 2020.ISO
Diagnosis
Cause
Resolution
The issue has already been reported to Microsoft. Microsoft has acknowledged the problem and is
working on a resolution. At this time, Microsoft is not able to provide a resolution date, we would
revise this notification once Microsoft have communicated their plan to resolve the product anomalies.
An internal PAR SUIT-407 has been raised for monitoring the issue.
3.7.11 Known Issue: Error message “Cannot find Script file” is displayed while running January 3
2021 ISO media
Symptoms
When the January 3 2021 ISO media is mounted and tried to install on any Windows Server 2012 \ 2012
R2 machines where updates are not installed from past few months, “Cannot find Script file” error
message is displayed.
Context
Diagnosis
When the January 3 2021 ISO media is mounted and tried to install on any Windows Server 2012 \ 2012
R2 machines where updates are not installed from past few months, “Cannot find Script file” error
message is displayed as shown below:
Cause
SUIT team is working on the issue and will fix the same in the next ISO release
Resolution
Click on the OK button to close the pop up message. ISO media will continue with update installation.
3.7.12 Known Issue: When update installation is done by mounting SUIT ISO media, installation
stops after system restart, after installing Service Stack Updates (SSU)
Symptoms
When update installation is done by mounting SUIT ISO media, installation stops after system
restart, after installing Service Stack Updates (SSU)
Context
Diagnosis
When update installation is done by mounting SUIT ISO media, installation stops after system
restart, after installing Service Stack Updates (SSU). The issue is caused due to unmounting of the
SUIT ISO media.
Cause
SUIT ISO media gets unmounted after system is restarted. It is an expected behavior with
Windows operating system.
Resolution
A pop up message has been introduced to inform the user that the ISO media is un-mounted. User
should mount the ISO media and then click on OK button to continue with the update installation. The
tool will wait for sufficient time for the user to re-mount the ISO media and then click on the button.
3.7.13 Known Issue: Last ISO Installation details not getting updated in Windows 10 1809 tablet
(Node ID: 285)
Symptoms
After installing MS updates using ISO media, Last Iso Installation detail in not getting updated in
Windows 10 1809 Tablet (Node ID : 285)
Context
Installing MS Updates
Diagnosis
After the system is restarted after completing the update installation, the Last ISO Installation details
should get updated with the ISO media Month. But in Windows 10 1809 Tablet, Last ISO Installed
details is being displayed as “Unknown”.
Cause
SUIT team is analyzing the issue and will fix the same in the future releases.
Resolution
3.7.14 Known Issue: MS Updates fails to install with multiple error codes
Symptoms
We are experiencing multiple windows update failure on Windows Server 2016 for x64-based
Systems and Windows 10. After installation of MS updates, it’s asking restart to complete the
installation. But during restart update is rolling back and getting uninstalled automatically.
Context
Installing MS Updates
Diagnosis
Workaround 1:
iii. Once the machine comes up run the NetSetupSvc in share mode again using below
command:
sc config netsetupsvc type= share
Workaround 2:
If netstupsvc is already in its own svchost container, a clean boot can solve the issue:
Workaround 3:
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp
C:\ProgramData\Honeywell\Experion PKS\Server\data\dct\temp
3. Delete any manual ERDB backups or similar in C\temp or similar project backup
4. If “C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb” is large, verify the
Search indexing configuration, see article 115303
5. Confirm the Experion history archive configuration using the Client Server Audit document (article
65350), check 6.
On Physical nodes (not on VMs or vSan), It is recommended to perform a disk defrag after having
deleted large files, the Experion Disk Defrag Procedure can be found in article 65216.
Terms Definitions
This is a tool designed to manage all the Security and Non-Security updates
Update Manager
supported for all the HPS product nodes.
5 Notices
Documentation feedback
You can find the most up-to-date documents on the Honeywell Process Solutions support website at:
http://www.honeywellprocess.com/support
If you have comments about Honeywell Process Solutions documentation, send your feedback to:
hpsdocs@honeywell.com
Use this email address to provide feedback, or to report errors and omissions in the documentation. For
immediate help with a technical problem, contact your local Honeywell Process Solutions Customer
Contact Center (CCC) or Honeywell Technical Assistance Center (TAC).
For the purpose of submission, a security vulnerability is defined as a software defect or weakness that
can be exploited to reduce the operational or security capabilities of the software.
Honeywell investigates all reports of security vulnerabilities affecting Honeywell products and services.
To report a potential security vulnerability against any Honeywell product, please follow the
instructions at:
https://honeywell.com/pages/vulnerabilityreporting.aspx
Submit the requested information to Honeywell using one of the following methods:
Contact your local Honeywell Process Solutions Customer Contact Center (CCC) or Honeywell
Technical Assistance Center (TAC).
Support
For support, contact your local Honeywell Process Solutions Customer Contact Center (CCC). To find
your local CCC visit the website, https://www.honeywellprocess.com/en-US/contact-us/customer-
support-contacts/Pages/default.aspx.
Training classes
Honeywell holds technical training classes that are taught by process control systems experts. For more
information about these classes, contact your Honeywell representative, or see
http://www.automationcollege.com.