This topic describes how to manually update the virtio drivers of Windows Elastic Compute Service (ECS) instances.
Procedure
- Create snapshots to back up data. We recommend that you create snapshots for your Windows instance to back up instance data. If an exception occurs in the instance when the virtio driver is updated, you can use snapshots to roll back the data stored in the instance. For more information, see Create a snapshot of a disk.
- Disable the third-party antivirus software. To ensure that the update script or Cloud Assistant plug-in of the virtio driver runs normally, we recommend that you log on to your Windows instance and temporarily disable the third-party antivirus software installed in the instance. You do not need to disable the antivirus software that comes with the instance. If you confirm that your Windows instance does not need to update the virtio driver or that the virtio driver is updated, restart the third-party antivirus software in a timely manner.
- Manually check or use Alibaba Cloud Security Center to check whether the virtio driver of your Windows instance needs to be updated.
- You can use the vulnerability fixing feature of Security Center to check whether the virtio driver of your Windows instance needs to be updated. For more information, see Use Security Center to update virtio drivers. Important Security Center provides multiple editions, and different editions support different features. For more information, see Functions and features. If you use Security Center Basic or other editions that support only the vulnerability detection feature but not the vulnerability fixing feature, you can use the vulnerability detection feature to view the information of your Windows instance for which you want to update the virtio driver, and then manually update the virtio driver.
- You can manually check whether the virtio driver of your Windows instance needs to be updated. For more information, see Manually check whether virtio drivers need to be updated.
- You can use the vulnerability fixing feature of Security Center to check whether the virtio driver of your Windows instance needs to be updated. For more information, see Use Security Center to update virtio drivers.
- Manually update the virtio driver. You can use one of the following methods to manually update the virtio driver.Important When you manually update the virtio driver, the network interface controller (NIC) driver is also updated. The network of the ECS instance is interrupted for about 10 seconds. Pay attention to the impacts on business caused by network interruption.
- If your Windows instance can access the Internet, we recommend that you use a script to update the virtio driver. For more information, see Method 1 for manual update: Use a script.
- If your Windows instance cannot access the Internet, we recommend that you upload an installation package of the virtio driver to manually update the driver. For more information, see Method 2 for manual update: Use an installation package.
- If you want to update the virtio drivers of multiple Windows instances that have access to the Internet or the internal networks within virtual private clouds (VPCs), we recommend that you use Cloud Assistant provided by Alibaba Cloud to batch update the drivers. For more information, see Method 3 for manual update: Use Cloud Assistant to batch update virtio drivers of multiple instances.
Note If the virtio driver cannot be updated by using a script, we recommend that you use a Cloud Assistant plug-in (acs-plugin-manager.exe --exec --plugin=UpdateVirtIo
) to update the driver. If the update still fails, submit a ticket.
Use Security Center to update virtio drivers
Alibaba Cloud Security Center provides the vulnerability detection and fixing feature to handle the possible impacts caused by virtio drivers of earlier versions. The following procedure describes how to use the vulnerability fixing feature of Security Center to check and update virtio drivers. For more information about the vulnerability fixing feature of Security Center, see Overview.
- Log on to the Security Center console.
- In the left-side navigation pane, choose .
- On the Vulnerabilities page, click the Windows System tab.
- Select Unhandled from the Handled or Not Unhandled drop-down list and check whether the Windows virtio driver BUG causes disk data loss Risk Update vulnerability announcement exists in the vulnerability announcement list. Description of the vulnerability announcement:
- If the vulnerability announcement does not exist, you do not have Windows instances whose virtio drivers need to be updated within your Alibaba Cloud account. You can skip the steps in this topic.
- If the vulnerability announcement exists, you can choose one of the following methods based on your Security Center edition to update your virtio drivers. For information about the vulnerability fixing feature of different editions of Security Center, see Functions and features.
- If your Security Center edition supports the vulnerability detection feature but not the vulnerability fixing feature, you can manually update the virtio driver based on the methods for manually updating virtio drivers in this topic.
- If your Security Center edition supports both the vulnerability detection and fixing features, you can follow this procedure to update the virtio driver.
- Click Windows virtio driver BUG causes disk data loss Risk Update to go to the details panel of the vulnerability.
- On the Detail tab, select all the Windows instances whose virtio drivers need to be updated and click Fix in the lower part of the panel.
- In the Repair dialog box, click Fix Now. You can manually specify whether to create snapshots for ECS instances whose vulnerabilities are to be fixed. We recommend that you select Create snapshots automatically and fix. If you confirm that snapshots are already created for each instance before you fix the vulnerabilities, you can select Skip snapshot backup and fix directly.
- After the vulnerabilities are fixed, click Restart in the Actions column to restart all the Windows instances whose vulnerabilities are fixed. After the instances are restarted, Reboot successful is displayed in the Status column on the Detail tab.
- View the details of handled vulnerabilities.
Manually check whether virtio drivers need to be updated
Before you update virtio drivers, you can run commands in your Windows instances to check whether the virtio drivers of your instances need to be updated. After you update virtio drivers based on the methods provided in this topic, you can also check whether the virtio drivers of your Windows instances are of the latest version.
- Connect to your Windows instance. For more information, see Connection methods.
- On the desktop, press Win+R to open the Run dialog box.
- Enter powershell to start PowerShell.
- Run the following command to check the version of the virtio driver:
[System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:\Windows\System32\drivers\viostor.sys")
The following figure shows the command output. If the product version (ProductVersion) is earlier than58017
, we recommend that you follow the instructions provided in this topic to update your virtio driver. - Run the following command to view the unique identifier of the disk in the instance:
Get-Disk | Select-Object uniqueid
The following figure shows the command output. If the uniqueid value is141463431303031
or a value that does not start with000000
, we recommend that you follow the instructions provided in this topic to update your virtio driver.
Method 1 for manual update: Use a script
If your Windows instance can access the Internet, you can use a script to update the virtio driver of your instance.
- Connect to your Windows instance. For more information, see Connection methods.
- In the Windows instance, download the script used to update the virtio driver. Click InstallVirtIo.ps1 to download the InstallVirtIo.ps1 script.
- Run the InstallVirtIo.ps1 script to update the virtio driver. In this example, InstallVirtIo.ps1 is downloaded to the C:\test directory.
- After the script is run, restart the instance. For more information, see Restart instances. The updated virtio driver takes effect after your instance is restarted.
Method 2 for manual update: Use an installation package
If your Windows instance cannot access the Internet, you can use this method to update the virtio driver.
- On your computer, download the virtio driver package provided by Alibaba Cloud. Click Virtio Driver Package to download the package.The downloaded package is named 210408.1454.1459_bin.zip.
- Upload 210408.1454.1459_bin.zip to the Windows instance. You can use one of the following methods to upload the package:
- If your computer runs a Windows operating system, use the Windows Remote Desktop Connection tool to connect to the instance from your computer and then upload the package.
- Build an FTP site on the instance and then use an FTP client to upload the package. For more information, see Manually build an FTP site on a Windows instance.
- On the Windows instance, decompress 210408.1454.1459_bin.zip and open the 210408.1454.1459_bin folder. In the 210408.1454.1459_bin folder, you can find the subfolders that correspond to different Windows versions. These subfolders contain the virtio driver installation files for the corresponding Windows versions. Take note of the following subfolders:
- win10: contains the driver installation files for Windows Server 2016, Windows Server 2019, and Windows 10.
- Win8: contains the driver installation files for Windows Server 2012 R2 and Windows 8.1.
- win7: contains the drivers installation files for Windows Server 2008 R2 and Windows 7.
In each of these subfolders, driver installation files are put into the x86 or amd64 subfolder based on the architectures on which the drivers can be installed. The installation files in the amd64 subfolders are applicable to 64-bit operating systems with an AMD64 architecture. The installation files in the x86 subfolders are applicable to 32-bit operating systems with an x86 architecture.
- Open an appropriate subfolder based on the operating system version of the Windows instance. In this example, open the amd64 subfolder in the C:\test\210408.1454.1459_bin\Win8\amd64 directory because the Windows instance runs a Windows Server 2012 R2 64-bit operating system.
- After the amd64 subfolder is opened, press the Shift key and right-click a blank area at the same time. Then, select Open PowerShell window here.
- Run the following command in Windows PowerShell to install the virtio driver of the latest version. Note If you are logged on to the Windows instance as a regular user, you must run this command as an administrator. If you are logged on as an administrator, you can directly run this command.
pnputil -i -a *.inf
A command output shown in the following figure indicates that the virtio driver of the latest version is installed. - Restart the Windows instance. For more information, see Restart instances. The updated virtio driver takes effect after your instance is restarted.
Method 3 for manual update: Use Cloud Assistant to batch update virtio drivers of multiple instances
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- In the top navigation bar, select a region. The selected region must be the region where your instances reside.
- Use Cloud Assistant to batch update the virtio drivers. You can use Cloud Assistant to manually set the command content to update the virtio drivers. You can also use the common commands of Cloud Assistant to update the drivers. This section describes different methods for updating virtio drivers by using Cloud Assistant.
- (Recommended) Use common commands to batch update virtio drivers
- On the Cloud Assistant page, click the Common Commands tab and enter
ACS-ECS-InstallVirtioDriver-windows.ps1
in the search box. - Click Create Task in the Actions column corresponding to the
ACS-ECS-InstallVirtioDriver-windows.ps1
common command. - In the Select Instances section of the Create Task panel, select the IDs of the instances whose virtio drivers need to be updated.
- On the Cloud Assistant page, click the Common Commands tab and enter
- Manually set the command content to batch update virtio drivers
- On the Cloud Assistant page, click Create or Run Command.
- In the Create Command panel, configure parameters.
- In the Command Information section, configure the required parameters described in the following table and use default values for other parameters:
Parameter Description Command Source Select Enter Command Content. Command Name Specify a name or use the default name. Command Type Select PowerShell. Command Use one of the following methods to update the virtio drivers: - Run the InstallVirtIo.ps1 script to update the virtio drivers.
You must download the InstallVirtIo.ps1 script to your computer and copy the entire script to the Command field.
- Use a Cloud Assistant plug-in to update the virtio drivers. Copy the following command to the Command field:
acs-plugin-manager.exe --exec --plugin=UpdateVirtIo
- Run the InstallVirtIo.ps1 script to update the virtio drivers.
- In the Select Instances section, select the IDs of the instances whose virtio drivers need to be updated.
- In the Command Information section, configure the required parameters described in the following table and use default values for other parameters:
- (Recommended) Use common commands to batch update virtio drivers
- Click Run. You can view the execution results of the command on the Command Execution Result tab. For more information, see View execution results in the ECS console. The following figure shows a command output on one of the selected instances and indicates that the virtio driver of the instance is updated.
- Batch restart the instances. For more information, see Restart instances. The updated virtio driver takes effect after your instance is restarted.
FAQ
What do I do if I am not allowed to run a script in PowerShell?
In some versions of Windows, PowerShell disables the script running feature by default to ensure security. You can modify the script execution policy of PowerShell to enable the script running feature. Perform the following operations:- Run the following command to make PowerShell run scripts:
Set-ExecutionPolicy Unrestricted
- In the command line, enter
A
and press the Enter key to modify the script execution policy. - Manually run the script again.
- To ensure system security, a security alert is returned in the command line of PowerShell. You must enter
R
in the command line and press the Enter key to run the script again. - After the script is run, run the following command to restore the default settings of PowerShell to ensure system security:
Set-ExecutionPolicy Restricted
- In the command line, enter
A
and press the Enter key to modify the script execution policy.
- Run the following command to make PowerShell run scripts:
What do I do if I am prompted that no digital signature is available for the NIC driver after the virtio driver is updated?
You can manually download the latest Windows driver package to replace the faulty NIC driver. Perform the following operations:- Connect to the Windows instance.
For more information, see Connect to a Windows instance by using a password.
- Click Windows driver package to download the latest Windows driver package. Note If you cannot download the driver package to your Windows instance, you can download the driver package to a physical host. Then, you can use Remote Desktop Connection or an FTP site to upload the driver package to the Windows instance. For information about how to build an FTP site, see Manually build an FTP site on a Windows instance.
After the package is downloaded, you can view the new_virtio.zip driver package.
- Decompress the Windows driver package and open the new_virtio folder. In the folder, you can find the subfolders that correspond to different Windows versions. These subfolders contain the virtio driver installation files for the corresponding Windows versions. Take note of the following subfolders:
- win10: contains the driver installation files for Windows Server 2016, Windows Server 2019, and Windows 10.
- Win8: contains the driver installation files for Windows Server 2012 R2 and Windows 8.1.
- win7: contains the drivers installation files for Windows Server 2008 R2 and Windows 7.
- Uninstall the NIC driver of the Windows instance.
In this example, Windows Server 2019 64-bit is used. You can perform the similar steps for other Windows operating system versions.
- Open Windows Control Panel. In the Search Control Panel search box, enter
Device Manager
. - Click Device Manager.
- Click Network adapters and right-click Red Hat VirtIO Ethernet Adapter.
- Click Uninstall.
- In the Confirm Device Uninstall dialog box, select Delete the driver software for this device and click OK.
After the package is uninstalled, Network adapters is not displayed in Device Manager.
- Open Windows Control Panel. In the Search Control Panel search box, enter
- Install the latest Windows NIC driver.
- Open the Windows driver package file based on the version of your Windows operating system.
In this example, Windows Server 2019 64-bit is used, and the Windows driver package is stored in the C:\test folder. Therefore, the folder path is C:\test\new_virtio\win10\amd64.
- After the amd64 subfolder is opened, press the Shift key and right-click a blank area at the same time. Then, select Open PowerShell window here.
- In the PowerShell window, run the following command to install the latest Windows NIC driver:
pnputil -i -a netkvm.inf
The following figure shows that the NIC driver is installed.
- Open the Windows driver package file based on the version of your Windows operating system.
- Return to or reopen Device Manager, right-click the hostname, and then click Scan for hardware changes. In this example, the hostname of the Windows instance is
test
, as shown in the following figure.After the scanning is complete, you can view the added Network adapters in Device Manager.
- View the information of the latest NIC driver.
- Click Network adapters and right-click Red Hat VirtIO Ethernet Adapter.
- Click Properties.
- In the Red Hat VirtIO Ethernet Adapter Properties dialog box, click the Driver tab. You can view the digital signature information of the latest NIC driver, as shown in the following figure.
- Restart the Windows instance.
For more information, see Restart instances. After the instance is restarted, the new driver takes effect.
- Connect to the Windows instance.