SOLVED

Problems with WSUS and recent Windows 10 CU updates

Silver Contributor

It seems realted to SCOM crashesreported here https://blogs.technet.microsoft.com/germanageability/2016/10/17/october-2016-windows-patch-kb3192392...

 

But recently WSUS is having problems replying to update check from Windows 10 clients:

https://social.technet.microsoft.com/Forums/en-US/1e93872d-7dd4-4139-9537-ce40c92305f2/wsus-problem-...

 

It works fine until you synchronize Windows 10 product (just Security Updates). Then Win10 clients report 0x8024401c error when checking for updates on WSUS and IIS on WSUS is reporting time outs and memory issues with WsusPool.

11 Replies

In case someone runs into same problem with WSUS 4 on WS2012R2: i have opened IIS Manager and right-clicked Sites > WSUS Administration site. Went into Advanced settings, expanded Limits section and increased Connection Time-out from 180 to 320. Rebooted the server. When doing updates check from Win10 machine it was faster than before and the load on the server was very brief. Win10 reported status and found updates on WSUS correctly. I suspect i might need to bump that limit even more in the future once more updates for Windows 10 come out and the total size of download files increases.

Was too quick to rejoice. After enabling Critical Updates and Update Rollups and synchronizing again it shows the same error and increasing timeout value not helping anymore.

best response confirmed by wroot (Silver Contributor)
Solution

Have made additional changes: WsusPool, made Private Memory Limit (KB) to zero (not limited) and edited web.config for WSUS

changed: <httpRuntime maxRequestLength="4096" />

to <httpRuntime maxRequestLength="204800" executionTimeout="7200"/>

 

This helps for the already updated from Internet machines. But fresh 1607 build still shows the same problem. Will see how it goes.

My standalone Windows 10 PRO computer has downloaded the updates from Microsoft - Internet directly. When it try to install the updates of KB3211320 and KB3213986 it gives error below. I even downloaded them as standalone packages, still same issue. any idea. ? appreciate any help on this please. Thanks.

 

"There were some problems installing updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x800705b4)."

 


@wroot wrote:

Have made additional changes: WsusPool, made Private Memory Limit (KB) to zero (not limited) and edited web.config for WSUS

changed: <httpRuntime maxRequestLength="4096" />

to <httpRuntime maxRequestLength="204800" executionTimeout="7200"/>

 

This helps for the already updated from Internet machines. But fresh 1607 build still shows the same problem. Will see how it goes.


Was this happening on a 2016 WSUS server?

No, on Windows Server 2012 R2. Btw, i think this issue is probably only with fresh 1607 installs. We are currently installing 1703 on new machines (will switch to fresh 1709 or even 1803 this year). But i haven't reverted this changes on the WSUS server, so i can't say for sure. Have too many issues with Windows 10 and WSUS already to bring back this older issue..

I have similar issues on 2016

Do you mean with 1607 version of Windows 10 or newer?

C:\Program Files\Update Services\WebServices\ReportingWebService\Web.config

or
C:\Program Files\Update Services\WebServices\ServerSyncWebService\Web.config

or

C:\Program Files\Update Services\WebServices\ClientWebService\Web.config

?

ClientWebService

@wroot After extensive investigation to achieve a reliable enterprise WSUS, below are the build notes that I share with you and the larger community that I have found to work successfully.  Readers may also be able to use these settings to remediate numerous WUAgent errors when pointing to a WSUS machine.

 

+ Build new Server 2019 machine

# could be 2016 or even 2012R2

  • vCPU = 4, vSocket = 1, RAM = 12 GB, PageFile = 32768 MB
  • HDD1 = 150 GB, used for C drive (System)
  • HDD2 = 3500 GB, used for D drive (WSUS data & content store, SQL Backup)
  • HDD3 = 50 GB, used for G drive (SQL Data)
  • HDD4 = 40 GB, used for H drive (SQL Temp DB)
  • HDD5 = 40 GB, used for L drive (SQL Log)

 

+ Install SQL Server 2019 Standard

 

+ Update Windows & SQL server with Microsoft Online Updates

 

+ Add WSUS role

 

+ Configure WSUS role 

  • Update Files and Languages: Update Files tab, tick Download express installation files.  Click OK
  • Automatic Approvals: Tick the Default Automatic Approval Rule.  Change the rule so that ONLY “Approve the update for all computers” is shown.  Click the Advanced tab. Ensure all check boxes are ticked.  Click OK
  • E-Mail Notifications: Tick Send status report, set to Weekly, set time to 7.30am, set Recipient
  • Set the outgoing SMTP server
  • Personalization: Click round selector “Show Computer and status from this server alone”

 

+ Install WSUS reporting

  • Find CLR type for SQL Server 2012 MSI and install. Its a challenge as the file is no longer on the Microsoft catalog site.
  • Find Report Viewer MSI and install.

 

+ Optimize WSUS Configuration

# The need is to modify web.config parameters. Within an elevated CMD shell;

  • sc stop wsusservice
  • cd "C:\Program Files\Update Services\WebServices\ClientWebService"
  • takeown /f web.config
  • icacls web.config /grant administrator:(F)
  • copy web.config web.config.org

 

  • notepad web.config

         # Find line;
            <add key="maxInstalledPrerequisites" value="400"/>
         # change this line to
            <add key="maxInstalledPrerequisites" value="800"/>

         # Find remark “MAXREQUESTLENGTH”, and then move to the line starting with
            <httpRuntime maxRequestLength="4096" />
         # change this line to
            <httpRuntime maxRequestLength="204800" executionTimeout="7200" />

         # Save web.config and exit notepad

 

+ Optimize IIS Configuration

# Within an elevated CMD shell;

  • # Run IIS Admin
  • %windir%\system32\inetsrv\inetmgr.exe
  • # Navigate to <servername> \ Application Pools \
  • # Right click on “WsusPool” and select Advanced Settings.
  • # Make the following changes in the respective sub-sections shown in front left column;

         General

                  Queue Length = 25000

         Rapid-Fail Protection
                  “Service Unavailable” Response = TcpLevel
                  Failure Interval (minutes) = 15
                  Maximum Failures = 5
         Recycling
                  Private Memory Limit (KB) = 0
                  Request Limit = 0
                  Virtual Memory Limit (KB) = 0

 

+ Restart Computer

  • After 5 minutes, initiate testing on the WUA machine.  No errors should occur, although scanning may take many minutes, even over an hour of slow low bandwidth WAN links.
  • Results may include either no updates available which most likely means the WSUS is still updating its self (which can take days), or available updates are shown and are available for WUA to download and install.
1 best response

Accepted Solutions
best response confirmed by wroot (Silver Contributor)
Solution

Have made additional changes: WsusPool, made Private Memory Limit (KB) to zero (not limited) and edited web.config for WSUS

changed: <httpRuntime maxRequestLength="4096" />

to <httpRuntime maxRequestLength="204800" executionTimeout="7200"/>

 

This helps for the already updated from Internet machines. But fresh 1607 build still shows the same problem. Will see how it goes.

View solution in original post