You’ve prepared your templates, configured your network, your firewalls and everything you could think of, yet your automated provisioning takes forever and eventually fails…

Well, check if you have a patching task in your node template. If you do, you’ll need a way to reach the Microsoft Update service and download any patches. You may need to set a proxy on the nodes for that. Alas, the GUI interface does not offer you an option to do that. Also, any proxy setting that you specify in Internet Options is effective just for the logged-in user. So, how can you set a proxy for windows update to use?

The Windows Update service uses the WinHTTP protocol. You can set a protocol-level proxy with:

netsh winhttp set proxy proxy-server=”http=<your proxy:port>” bypass-list=”<local>”

Where <local> is typed literally <local>. You could have that command line run before the patching task in the template.

Alternatively, you could deploy the nodes without the patching task, run that command across the cluster, then apply a template with a patching task.

Last but not least, you could set up a Windows Update Server on your corporate network and then use group policies to direct the update service on the nodes to that server.

Anyway, if your nodes go anywhere near the Internet, please keep them patched!