How to Uninstall Windows Updates via CMD or PowerShell in Hyper-V Server: A Step-by-Step Guide for SysAdmins


2 views

html

When troubleshooting Hyper-V VM guest issues after Windows Updates, first identify the problematic update using:

# PowerShell command to list recent updates
Get-HotFix | Sort-InstalledOn -Descending | Select-Object -First 10

For servers without GUI, use this CMD sequence:

:: List all installed updates
wmic qfe list brief /format:table

:: Uninstall specific update by KB number
wusa /uninstall /kb:5005565 /quiet /norestart

More robust PowerShell alternatives:

# Get update details by KB number
$update = Get-WindowsUpdateLog -KBArticleID "KB5005565" 

# Full removal with logging
Remove-WindowsUpdate -KBArticleID "KB5005565" -Confirm:$false -Verbose *> "C:\logs\update_removal.log"

After uninstalling updates affecting virtualization:

# Restart Hyper-V services
Restart-Service vmms -Force
Restart-Service vmcompute -Force

# Verify VM worker processes
Get-VM | Get-VMIntegrationService

For multiple Hyper-V hosts, create a remediation script:

# PS function to safely rollback updates
function Remove-HyperVUpdate {
    param(
        [Parameter(Mandatory=$true)]
        [string]$KBNumber,
        [switch]$RestartServices
    )
    
    try {
        $update = Get-WindowsUpdate -KBArticleID $KBNumber -ErrorAction Stop
        if ($update) {
            Write-Host "Removing $($update.Title)..."
            $update | Uninstall-WindowsUpdate -Confirm:$false
            
            if ($RestartServices) {
                Restart-Service vmms, vmcompute -Force
                Write-Host "Hyper-V services restarted"
            }
        }
    }
    catch {
        Write-Error "Update removal failed: $_"
    }
}

Always confirm update removal and check VM stability:

# Check removal status
Get-WindowsUpdate -IsInstalled:$false | Where-Object KBArticleID -eq "KB5005565"

# Test VM connectivity
Test-VMNetworkAdapter -VMName (Get-VM).Name

When Hyper-V VMs start behaving unexpectedly after a Windows update, the first step is identifying the problematic update. Run this PowerShell command to list recent updates:

Get-WmiObject -Class Win32_QuickFixEngineering | Sort-Object -Property InstalledOn -Descending | Select-Object -First 10

For Windows Server 2016/2019/2022, the most reliable method is using the wusa.exe utility through PowerShell. Here's the complete process:

# Get update KB number first (example: KB5005565)
$updateKB = "KB5005565"

# Uninstall command
wusa /uninstall /kb:$updateKB /quiet /norestart

# For multiple updates
$updatesToRemove = @("KB5005565","KB5005625")
foreach ($kb in $updatesToRemove) {
    Start-Process "wusa.exe" -ArgumentList "/uninstall /kb:$kb /quiet /norestart" -Wait
}

On Server 2012 R2 or earlier, you might need this approach:

# List packages first
Get-WindowsPackage -Online | Where-Object {$_.PackageState -eq "Installed"}

# Then uninstall (use PackageIdentity from above)
Remove-WindowsPackage -Online -PackageName "Package_for_KB5005565~31bf3856ad364e35~amd64~~10.0.1.3"

For updates that refuse to uninstall, try the DISM approach:

# List all packages
DISM /Online /Get-Packages /Format:Table

# Remove specific package
DISM /Online /Remove-Package /PackageName:Package_for_KB5005565~31bf3856ad364e35~amd64~~10.0.1.3 /NoRestart

After removing updates, these commands help stabilize your Hyper-V host:

# Check Hyper-V services
Get-Service vm* | Where-Object {$_.Status -ne "Running"} | Start-Service

# Validate VM state
Get-VM | Get-VMIntegrationService | Where-Object {$_.Enabled -eq $true -and $_.PrimaryStatusDescription -ne "OK"}

Configure update rings to avoid similar problems:

# Create a new update ring (requires WSUS or Windows Update for Business)
New-CMUpdateRing -Name "Hyper-V Safety Ring" -Description "Delays updates by 30 days" -BusinessReadyOnly $true -DeferQualityUpdatesPeriodInDays 30