This topic describes how to manually update the virtio drivers of Windows Elastic Compute Service (ECS) instances.

Procedure

  1. Create snapshots to back up data.
    We recommend that you create snapshots for your Windows instance to back up instance data. If an exception occurs in the instance when the virtio driver is updated, you can use snapshots to roll back the data stored in the instance. For more information, see Create a snapshot for a disk.
  2. Disable the third-party antivirus software.
    To ensure that the update script or Cloud Assistant plug-in of the virtio driver runs normally, we recommend that you log on to your Windows instance and temporarily disable the third-party antivirus software installed in the instance. You do not need to disable the antivirus software that comes with the instance. If you confirm that your Windows instance does not need to update the virtio driver or that the virtio driver is updated, restart the third-party antivirus software in a timely manner.
  3. Manually check or use Alibaba Cloud Security Center to check whether the virtio driver of your Windows instance needs to be updated.
    • You can use the vulnerability fixing feature of Security Center to check whether the virtio driver of your Windows instance needs to be updated. For more information, see Use Security Center to update virtio drivers.
      Notice Security Center provides multiple editions, and different editions support different features. For more information, see Features. If you use Security Center Basic or other editions that support only the vulnerability detection feature but not the vulnerability fixing feature, you can use the vulnerability detection feature to view the information of your Windows instance for which you want to update the virtio driver, and then manually update the virtio driver.
    • You can manually check whether the virtio driver of your Windows instance needs to be updated. For more information, see Manually check whether virtio drivers need to be updated.
  4. Manually update the virtio driver.
    You can use one of the following methods to manually update the virtio driver.
    Notice When you manually update the virtio driver, the network interface controller (NIC) driver is also updated. The network of the ECS instance is interrupted for about 10 seconds. Pay attention to the impacts on business caused by network interruption.
    Note If the virtio driver cannot be updated by using a script, we recommend that you use a Cloud Assistant plug-in (acs-plugin-manager.exe --exec --plugin=UpdateVirtIo) to update the driver. If the update still fails, submit a ticket.

Use Security Center to update virtio drivers

Alibaba Cloud Security Center provides the vulnerability detection and fixing feature to handle the possible impacts caused by virtio drivers of earlier versions. The following procedure describes how to use the vulnerability fixing feature of Security Center to check and update virtio drivers. For more information about the vulnerability fixing feature of Security Center, see Overview.

  1. Log on to the Security Center console.
  2. In the left-side navigation pane, choose Precaution > Vulnerabilities.
  3. On the Vulnerabilities page, click the Windows System tab.
  4. Select Unhandled from the Handled or Not Unhandled drop-down list and check whether the Windows virtio driver BUG causes disk data loss Risk Update vulnerability announcement exists in the vulnerability announcement list.
    Detect virtio driver bugsDescription of the vulnerability announcement:
    • If the vulnerability announcement does not exist, you do not have Windows instances whose virtio drivers need to be updated within your Alibaba Cloud account. You can skip the steps in this topic.
    • If the vulnerability announcement exists, you can choose one of the following methods based on your Security Center edition to update your virtio drivers. For information about the vulnerability fixing feature of different editions of Security Center, see Vulnerability fixing.
      • If your Security Center edition supports the vulnerability detection feature but not the vulnerability fixing feature, you can manually update the virtio driver based on the methods for manually updating virtio drivers in this topic.
      • If your Security Center edition supports both the vulnerability detection and fixing features, you can follow this procedure to update the virtio driver.
  5. Click Windows virtio driver BUG causes disk data loss Risk Update to go to the details panel of the vulnerability.
  6. On the Detail tab, select all the Windows instances whose virtio drivers need to be updated and click Fix in the lower part of the panel.
    Detail
  7. In the Repair dialog box, click Fix Now.
    You can manually specify whether to create snapshots for ECS instances whose vulnerabilities are to be fixed. We recommend that you select Create snapshots automatically and fix. If you confirm that snapshots are already created for each instance before you fix the vulnerabilities, you can select Skip snapshot backup and fix directly. Fix
  8. After the vulnerabilities are fixed, click Restart in the Actions column to restart all the Windows instances whose vulnerabilities are fixed.
    After the instances are restarted, Reboot successful is displayed in the Status column on the Detail tab.
  9. View the details of handled vulnerabilities.
    1. Go back to the Vulnerabilities page and click the Windows System tab.
    2. Select Handled from the Handled or Not Handled drop-down list and click Windows virtio driver BUG causes disk data loss Risk Update.
      On the Detail tab, you can view the instances whose vulnerabilities are fixed, as shown in the following figure. Handled

Manually check whether virtio drivers need to be updated

Before you update virtio drivers, you can run commands in your Windows instances to check whether the virtio drivers of your instances need to be updated. After you update virtio drivers based on the methods provided in this topic, you can also check whether the virtio drivers of your Windows instances are of the latest version.

  1. Connect to your Windows instance.
    For more information, see Connection methods.
  2. On the desktop, press Win+R to open the Run dialog box.
  3. Enter powershell to start PowerShell.
  4. Run the following command to check the version of the virtio driver:
    [System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:\Windows\System32\drivers\viostor.sys")
    The following figure shows the command output. If the product version (ProductVersion) is earlier than 58017, we recommend that you follow the instructions provided in this topic to update your virtio driver. virtio version
  5. Run the following command to view the unique identifier of the disk in the instance:
    Get-Disk | Select-Object uniqueid
    The following figure shows the command output. If the uniqueid value is 141463431303031 or a value that does not start with 000000, we recommend that you follow the instructions provided in this topic to update your virtio driver. Disk identifier

Method 1 for manual update: Use a script

If your Windows instance can access the Internet, you can use a script to update the virtio driver of your instance.

  1. Connect to your Windows instance.
    For more information, see Connection methods.
  2. In the Windows instance, download the script used to update the virtio driver.
    Click InstallVirtIo.ps1 to download the InstallVirtIo.ps1 script.
  3. Run the InstallVirtIo.ps1 script to update the virtio driver.
    In this example, InstallVirtIo.ps1 is downloaded to the C:\test directory.
    1. Open the C:\test folder.
      Access the directory to which InstallVirtIo.ps1 is downloaded.
    2. Select and right-click InstallVirtIo.ps1 and then select Run with PowerShell.
      Run the script
      Alternatively, you can press the Shift key and right-click a blank area in the folder window at the same time. Then, select Open PowerShell window here. Run the InstallVirtIo.ps1 script in Windows PowerShell.
      Note
      • If you are logged on to the Windows instance as a regular user, you must run this script as an administrator. If you are logged on as an administrator, you can directly run this script.
      • If you are prompted that you are not allowed to run the script when you manually run the script, you must first modify the script execution policy of PowerShell. For more information, see FAQ.
  4. After the script is run, restart the instance.
    For more information, see Reboot the instance. The updated virtio driver takes effect after your instance is restarted.

Method 2 for manual update: Use an installation package

If your Windows instance cannot access the Internet, you can use this method to update the virtio driver.

  1. On your computer, download the virtio driver package provided by Alibaba Cloud.
    Click Virtio Driver Package to download the package.
    The downloaded package is named 210408.1454.1459_bin.zip.
  2. Upload 210408.1454.1459_bin.zip to the Windows instance.
    You can use one of the following methods to upload the package:
    • If your computer runs a Windows operating system, use the Windows Remote Desktop Connection tool to connect to the instance from your computer and then upload the package.
    • Build an FTP site on the instance and then use an FTP client to upload the package. For more information, see Manually build an FTP site on a Windows instance.
  3. On the Windows instance, decompress 210408.1454.1459_bin.zip and open the 210408.1454.1459_bin folder.
    In the 210408.1454.1459_bin folder, you can find the subfolders that correspond to different Windows versions. Windows versionsThese subfolders contain the virtio driver installation files for the corresponding Windows versions. Take note of the following subfolders:
    • win10: contains the driver installation files for Windows Server 2016, Windows Server 2019, and Windows 10.
    • Win8: contains the driver installation files for Windows Server 2012 R2 and Windows 8.1.
    • win7: contains the drivers installation files for Windows Server 2008 R2 and Windows 7.

    In each of these subfolders, driver installation files are put into the x86 or amd64 subfolder based on the architectures on which the drivers can be installed. The installation files in the amd64 subfolders are applicable to 64-bit operating systems with an AMD64 architecture. The installation files in the x86 subfolders are applicable to 32-bit operating systems with an x86 architecture.

  4. Open an appropriate subfolder based on the operating system version of the Windows instance.
    In this example, open the amd64 subfolder in the C:\test\210408.1454.1459_bin\Win8\amd64 directory because the Windows instance runs a Windows Server 2012 R2 64-bit operating system.
  5. After the amd64 subfolder is opened, press the Shift key and right-click a blank area at the same time. Then, select Open PowerShell window here.
    powershell
  6. Run the following command in Windows PowerShell to install the virtio driver of the latest version.
    Note If you are logged on to the Windows instance as a regular user, you must run this command as an administrator. If you are logged on as an administrator, you can directly run this command.
    pnputil -i -a *.inf
    A command output shown in the following figure indicates that the virtio driver of the latest version is installed. Driver update
  7. Restart the Windows instance.
    For more information, see Reboot the instance. The updated virtio driver takes effect after your instance is restarted.

Method 3 for manual update: Use Cloud Assistant to batch update virtio drivers of multiple instances

If you want to update virtio drivers of multiple Windows instances that have access to the Internet or the internal networks within VPCs, you can use Cloud Assistant provided by Alibaba Cloud to batch update the drivers of your instances.
Note To update virtio drivers by using Cloud Assistant, you must download the required installation package. The system downloads the package over the internal networks within VPCs. If the package cannot be downloaded over the internal networks, the system downloads the package over the Internet.
  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Maintenance & Monitoring > ECS Cloud Assistant.
  3. In the top navigation bar, select a region.
    The selected region must be the region where your instances reside.
  4. Use Cloud Assistant to batch update the virtio drivers.
    You can use Cloud Assistant to manually set the command content to update the virtio drivers. You can also use the common commands of Cloud Assistant to update the drivers. This section describes different methods for updating virtio drivers by using Cloud Assistant.
    • (Recommended) Use common commands to batch update virtio drivers
      1. On the Cloud Assistant page, click the Common Commands tab and enter ACS-ECS-InstallVirtioDriver-windows.ps1 in the search box. Common commands
      2. Click Create Task in the Actions column corresponding to the ACS-ECS-InstallVirtioDriver-windows.ps1 common command.
      3. In the Select Instances section of the Create Task panel, select the IDs of the instances whose virtio drivers need to be updated.
    • Manually set the command content to batch update virtio drivers
      1. On the Cloud Assistant page, click Create or Run Command.
      2. In the Create Command panel, configure parameters.
        • In the Command Information section, configure the required parameters described in the following table and use default values for other parameters:
          Parameter Description
          Command Source Select Enter Command Content.
          Command Name Specify a name or use the default name.
          Command Type Select PowerShell.
          Command Use one of the following methods to update the virtio drivers:
          • Run the InstallVirtIo.ps1 script to update the virtio drivers.

            You must download the InstallVirtIo.ps1 script to your computer and copy the entire script to the Command field.

          • Use a Cloud Assistant plug-in to update the virtio drivers.
            Copy the following command to the Command field:
            acs-plugin-manager.exe --exec --plugin=UpdateVirtIo
        • In the Select Instances section, select the IDs of the instances whose virtio drivers need to be updated.
  5. Click Run.
    You can view the execution results of the command on the Command Execution Result tab. For more information, see View execution results in the ECS console. The following figure shows a command output on one of the selected instances and indicates that the virtio driver of the instance is updated. Cloud Assistant update
  6. Batch restart the instances.
    For more information, see Reboot the instance. The updated virtio driver takes effect after your instance is restarted.

FAQ

  • What do I do if I am not allowed to run a script in PowerShell?

    In some versions of Windows, PowerShell disables the script running feature by default to ensure security. You can modify the script execution policy of PowerShell to enable the script running feature. Perform the following operations:
    1. Run the following command to make PowerShell run scripts:
      Set-ExecutionPolicy Unrestricted
    2. In the command line, enter A and press the Enter key to modify the script execution policy.
    3. Manually run the script again.
    4. To ensure system security, a security alert is returned in the command line of PowerShell. You must enter R in the command line and press the Enter key to run the script again.
    5. After the script is run, run the following command to restore the default settings of PowerShell to ensure system security:
      Set-ExecutionPolicy Restricted
    6. In the command line, enter A and press the Enter key to modify the script execution policy.
  • What do I do if I am prompted that no digital signature is available for the NIC driver after the virtio driver is updated?

    You can manually download the latest Windows driver package to replace the faulty NIC driver. Perform the following operations:
    1. Connect to the Windows instance.

      For more information, see Connect to a Windows instance by using password authentication.

    2. Click Windows driver package to download the latest Windows driver package.
      Note If you cannot download the driver package to your Windows instance, you can download the driver package to a physical host. Then, you can use Remote Desktop Connection or an FTP site to upload the driver package to the Windows instance. For information about how to build an FTP site, see Manually build an FTP site on a Windows instance.

      After the package is downloaded, you can view the new_virtio.zip driver package.

    3. Decompress the Windows driver package and open the new_virtio folder.
      In the folder, you can find the subfolders that correspond to different Windows versions. FolderThese subfolders contain the virtio driver installation files for the corresponding Windows versions. Take note of the following subfolders:
      • win10: contains the driver installation files for Windows Server 2016, Windows Server 2019, and Windows 10.
      • Win8: contains the driver installation files for Windows Server 2012 R2 and Windows 8.1.
      • win7: contains the drivers installation files for Windows Server 2008 R2 and Windows 7.
    4. Uninstall the NIC driver of the Windows instance.

      In this example, Windows Server 2019 64-bit is used. You can perform the similar steps for other Windows operating system versions.

      1. Open Windows Control Panel. In the Search Control Panel search box, enter Device Manager. Device Manager
      2. Click Device Manager.
      3. Click Network adapters and right-click Red Hat VirtIO Ethernet Adapter.
      4. Click Uninstall. Device uninstallation
      5. In the Confirm Device Uninstall dialog box, select Delete the driver software for this device and click OK.

        After the package is uninstalled, Network adapters is not displayed in Device Manager.

    5. Install the latest Windows NIC driver.
      1. Open the Windows driver package file based on the version of your Windows operating system.

        In this example, Windows Server 2019 64-bit is used, and the Windows driver package is stored in the C:\test folder. Therefore, the folder path is C:\test\new_virtio\win10\amd64.

      2. After the amd64 subfolder is opened, press the Shift key and right-click a blank area at the same time. Then, select Open PowerShell window here.
      3. In the PowerShell window, run the following command to install the latest Windows NIC driver:
        pnputil -i -a netkvm.inf
        The following figure shows that the NIC driver is installed. Install the NIC driver
    6. Return to or reopen Device Manager, right-click the hostname, and then click Scan for hardware changes.
      In this example, the hostname of the Windows instance is test, as shown in the following figure.Scan

      After the scanning is complete, you can view the added Network adapters in Device Manager.

    7. View the information of the latest NIC driver.
      1. Click Network adapters and right-click Red Hat VirtIO Ethernet Adapter.
      2. Click Properties.
      3. In the Red Hat VirtIO Ethernet Adapter Properties dialog box, click the Driver tab.
        You can view the digital signature information of the latest NIC driver, as shown in the following figure. Digital signature information
    8. Restart the Windows instance.

      For more information, see Reboot the instance. After the instance is restarted, the new driver takes effect.