Translate

Showing posts with label WSUS. Show all posts
Showing posts with label WSUS. Show all posts

Monday, August 21, 2017

Windows cummulative updates cause WSUS to fail

Recently Microsoft released an interesting article about failing WSUS to deliver updates to Windows Clients. Currently affected are Versions before 1703 but due to the nature of the updates and the issue this will be soon the case also for the current Version.



Short Story:
High CPU and Memory consumption on the WSUS process (w3wp.exe IIS worker threat) due to the high volume of meta data caused by later and therefore larger cummulative updates for Windows 10.
 
The symptoms include:
  • High CPU on your WSUS server – 70-100% CPU in w3wp.exe hosting WsusPool
  • High memory in the w3wp.exe process hosting the WsusPool – customers have reported memory usage approach 24GB
  • Constant recycling of the W3wp.exe hosting the WsusPool (identifiable by the PID changing)
  • Clients failing to scan with 8024401c (timeout) errors in the WindowsUpdate.log
  • Mostly 500 errors for the /ClientWebService/Client.asmx requests in the IIS logs
The solution is:
  • Configure IIS to stop recycling the IIS pool
  • Limit the number of inbound connections to IIS
  • Increase the ASP.net timeout
  • Monitor the processes
Long Story with solution details:
https://blogs.technet.microsoft.com/configurationmgr/2017/08/18/high-cpuhigh-memory-in-wsus-following-update-tuesdays/

Created from um
Labels: , ,

Monday, February 13, 2017

Windows Update Optimization

Recently I discussed the Windows Update Peer to Peer functionality with one of my customers. And MS also added some GPOs to control this better.


In Windows Update -> Advanced Options -> Choose how updates are delivered
You will find the plain simple setting for this. But you can do much more.

 

 


What it is for:

Windows Update Delivery Optimization enables you to download Windows updates and Windows Store apps from sources other than Microsoft. This can help you get updates and apps more quickly if you have a limited or unreliable Internet connection. If you own more than one PC, Delivery Optimization can reduce the amount of Internet bandwidth that is required to keep all your PCs up-to-date. Delivery Optimization also sends updates and apps from your PC to other PCs on your local network or on the Internet.






You can use Group Policy to configure Windows Update Delivery Optimization. To do this, follow these steps:
  1. Download the Administrative Templates (.admx) file for Windows 10 from the following Microsoft Download Center website:

    Download     Administrative Templates (.admx) for Windows 10 Version 1607 and Windows Server 2016

    Download Administrative Templates (.admx) for Windows 10 and Windows 10 Version 1511
  2. Copy the following files to the SYSVOL central store:
    • DeliveryOptimization.admx from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions
    • DeliveryOptimization.adml from C:\Program Files (x86)\Microsoft Group Policy\Windows 10\PolicyDefinitions\en-US
  3. Start the Gpeditor tool.
  4. Browse to the following location:
    Computer Configuration\Administrative Templates\Windows Components\Delivery Optimization
  5. Make the following Windows Update Delivery Optimization settings, as appropriate.
Source
https://support.microsoft.com/en-us/help/3088114/how-to-use-group-policy-to-configure-windows-update-delivery-optimization-in-windows-10


Whats new in 1607:



There are also additional GPO settings available in 1607 which added more control on this (The support article refer to an obsolete article at the end!) This is the new replaced blog entry from Michael Niehaus.
https://blogs.technet.microsoft.com/mniehaus/2016/08/16/windows-10-delivery-optimization-and-wsus-take-2/
Created from um
Labels: , ,

Wednesday, September 7, 2016

Updates needed to serve Windows 10 updates and upgrades with WSUS

I created a demo environment and thought it would be nice to use latest SCCM on latest Windows and guess what?  (SCCM Current Branch on Windows Server 2016 TP5)


You WILL FAIL!











Reason is you need to install a patch to WSUS to enable Windows 10 catalog.
But this patch is only available to Windows Server 2012 R2.
Not yet available to Windows Server 2016 TP5 (curious but that's the way it is)


So I installed another WSUS Server on Windows Server 2012 R2 latest patches stand alone. Then I enabled WSUS role.


But before you start configuring it. You must install at least these patches for 
Windows Server 2012 R2:
This Update enables the Win10 classification in the WSUS catalog
KB3095113
https://support.microsoft.com/en-us/kb/3095113
(also checkout note from WSUS team:
https://blogs.technet.microsoft.com/wsus/2015/12/03/important-update-for-wsus-4-0-kb-3095113/)

If you synced the catalog already and you missed the fix in the first place you need to read this for fixing it!https://blogs.technet.microsoft.com/wsus/2016/01/29/how-to-delete-upgrades-in-wsus/


This Update enables the ESD function. Without it you can not deploy 1607 or newer!
BE CAREFULL AND READ THE MANUAL STEPS NECESSARY!!!https://support.microsoft.com/en-us/kb/3159706

This update also replaces the problematic fix KB3148812. If it is installed you can install the KB3159706 on top of it! But don't miss the manual steps!


HINT:
You get all the updates also through (you need to know the KB article number)
http://catalog.update.microsoft.com




Microsoft promised these steps are not necessary for WSUS on Windows Server 2016 RTM.


HAPPY UPDATING!



Created from um
Labels: ,
Subscribe to: Posts (Atom)