Category Archives: WSUS

Weekly News – Microsoft Ignite – Windows Feature Update Size

So this week I am at Microsoft Ignite, only the start of day 2 at the moment but already some useful information. I will add more as the week goes on.

So apart from the heavy talk of cloud, the Desktop Track has some good news. A big focus seems to be around Windows Feature updates and how these will be managed going forward.

At the moment feature packs are huge, the ISO around 3.5GB and SCCM/WSUS deployments using ESD are about 1GB less. They plan to get this even smaller using something called a differential update which allows the client to only download what is required. This somewhat ties into express updates that were just released. The downside of this is that your WSUS/SCCM update point will need a much larger storage repository, these updates will take up to 5 times the storage of what you have now with WSUS so you will need weigh up whether the advantage of smaller updates to clients is worth the extra storage on your WSUS server and also your DP’s.

 

IIS w3wp.exe 100% CPU, WSUS and SCCM

Update (29/08/2017) :

Microsoft have released a patch for each WSUS version to resolve this issue. If you still run into issues please try the troubleshooting steps below in the original post.

Original Post:

A rather unique issue I came across recently in an environment was with the IIS Worker process w3wp.exe using 100% CPU.

With over 1500 clients you will see the WSUS IIS worker process start to use larger amounts of memory, and what happens when the default memory limit is hit, the CPU on the worker process will max out causing issues and stops WSUS from working.

The way to view the worker processes and current resource utilization is to go to IIS Manager, select the server name and open Worker Processes.

You will see here the utilization.  Make sure you check WCM.log and WSUSCtrl.log for any errors as well.

The recommendation usually is just to increase from the default limit 1843200 to a larger amount such as 4GB 4194304 however I found this didn’t resolve the issue. It is best to set it as so that it has access to the largest amount required.   This alone does not always fix the issue.

See the full  list of instructions below of what to change.

  1. On your WSUS Server, launch the IIS Manager
  2. Open Application Pools
  3. Right click ‘WsusPool’ and select ‘Advanced Settings…’
  4. To support the maximum SCCM Software Update Point clients, change ‘Queue Length’ from the default 1,000 to 25,000
  5. Change ‘”Service Unavailable” Response Type’ from the default HttpLevel to TcpLevel
  6. Change ‘Failure Interval (minutes) from the default 5 to 30
  7. Change ‘Maximum Failures’ from the default 5 to 60
  8. Click ‘OK’ to save the App Pool changes
  9. Open Services.Msc
  10. Restart the  World Wide Web Publishing Service 

The pool will use a large amount of memory initially but will start to settle. In this example it consumed around 11GB of RAM and now hovers around 1.0 GB.

Limit the number of inbound connections to WSUS

Reducing the number of allowed connections will cause clients to receive 503 errors (service not available), but they will retry. If the performance counter Web Services | Current Connections for the website on which WSUS is hosted has more than 1000 connections, complete this step:

  • Open IIS Manager for the WSUS server.
  • Expand <Server name> and then Sites.
  • Select the site hosting WSUS.
    • If you aren’t sure, expand each site and look for the ClientWebService directory underneath it – that is the WSUS site the clients use.
  • With the site selected, click the Limits link in the toolbar on the right side.
  • Check the option Limit number of connections and change it to 1000 (or even smaller).
  • Click Ok to save the changes.
  • From an elevated command prompt, run IISReset to restart IIS.

Increase the ASP.NET timeout

  • Make a copy of \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
  • Open \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
  • Find the element “<httpRunTime”. It will look like this (in an unmodified web.config):
<httpRuntime maxRequestLength="4096" />
  • Modify httpRunTime by adding an executionTimeout attribute:
<httpRuntime maxRequestLength="4096" executionTimeout="3600" />
  • Save the web.config to a different location and copy the modified one into the directory.
  • From an elevated command prompt, run IISReset to restart IIS.

If you are running WSUS 3.0 SP2 on Server 2008R2 ensure you have installed:

  • KB2720211
  • KB2734608

If you are running WSUS 4.0 on Server 2012R2 ensure you have installed:

  • KB2919442
  • KB2919355
  • KB3095113
  • KB3159706

This will bring you from version 6.3.9600.16384 to 6.3.9600.18324

Others as well to try if you are still getting issues for 2012 WSUS 4.0

  • KB2919355
  • KB3048824-v2

For WSUS 4.0 make sure you enable ESD for Windows 10 Servicing after installing the above updates

Open CMD as Administrator and run:
“C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing
Then finally restart the WSUS Services

If you are running this on VMware, ensure you have VMTools installed as it will impact the performance greatly. 

If it is still not working then you are best to start from scratch, remove WSUS, delete your WSUS files, Database, Wsus IIS Site and Worker Process. Ensure your OS is patched, Install WSUS then install the KB’s above. You will probably still need to modify the worker process as well. Restart your server and initiate a sync.

Happy Troubleshooting!

Additional Information available here