Its pretty straight forward. I have done a couple of them and they work fine. I would hold off on the windows updates until you are completely done and tested. At least update SQL and Exchange, the OS, hold off on until you are done with testing and failover.
It doesn't mention the usability of the secondary server while upgrading the primary.
Have you failed over to the secondary, and removed the RG from CUCM for the primary while upgrading? After completion of the primary, I would add the RG back in for the primary, upgrade the secondary and re-run the failover config.
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.