Monday, August 21, 2017

Windows cummulative updates cause WSUS to fail

Recently Microsoft released an interesting article about failing WSUS to deliver updates to Windows Clients. Currently affected are Versions before 1703 but due to the nature of the updates and the issue this will be soon the case also for the current Version.

Short Story:
High CPU and Memory consumption on the WSUS process (w3wp.exe IIS worker threat) due to the high volume of meta data caused by later and therefore larger cummulative updates for Windows 10.
The symptoms include:
  • High CPU on your WSUS server – 70-100% CPU in w3wp.exe hosting WsusPool
  • High memory in the w3wp.exe process hosting the WsusPool – customers have reported memory usage approach 24GB
  • Constant recycling of the W3wp.exe hosting the WsusPool (identifiable by the PID changing)
  • Clients failing to scan with 8024401c (timeout) errors in the WindowsUpdate.log
  • Mostly 500 errors for the /ClientWebService/Client.asmx requests in the IIS logs
The solution is:
  • Configure IIS to stop recycling the IIS pool
  • Limit the number of inbound connections to IIS
  • Increase the timeout
  • Monitor the processes
Long Story with solution details: