Estimating Upload Bandwidth in Delivery Optimization
There is a policy(such as DOMaxBackgroundDownloadBandwidth) to control "download" bandwidth in Delivery Optimization (DO), but currently, there is no policy to control "upload" bandwidth. However, according to Microsoft's doc, the cacheable content that an uploading device can peer is limited to four slots. If four peer downloads occur simultaneously and the download bandwidth is limited to 1 Mbps, the upload bandwidth is expected to range from a minimum of 1 Mbps to a maximum of 4 Mbps. Is my understanding correct?Define Patch Approvals in WSUS but pull patches from Windows Update (Internet)
We currently use WSUS to distribute Microsoft patches and also use Solarwinds Patch Manager to push 3rd party patches into WSUS. This allows us to fully patch an endpoint with all MS and 3rd party software patches via Windows Update Agent/WSUS. We now have a fleet of laptops connected back to our Datacenter via a VPN and they are consuming a lot of bandwith during patching cycles. We have the following challanges: We do use some throttling on BITS/Delivery opitmization but have had mixed results We have MECM but don't use Cloud Management gatway as was deemed too expensive. we have not moved patching to MECM yet. If we use Windows Update for Business we cannot patch 3rd party updates and loose some control around pilot groups and reporting in our estimation Q: So is there a way for us to continue to define the approved patches/metadata via WSUS but have the system pull the patches files from the internet (Windows Update) source? Perhaps this is possible with MECM?Throttle Downstream WSUS Update Pull from upstream
Is it possible to throttle the download of updates on a downstream WSUS server i.e. when it is pulling it's updates from an upstream WSUS server? We have some downstream WSUS servers on low bandwidth links and whilst we generally schedule the pull of updates during an out-of-hours window this is problematic for us for several reasons. I'd rather they pull during the day but with throttling. I’m aware the WSUS clients can do this in Windows 10 BITS etc. but wondering can the WSUS server do this on the synchronisation cycles.
Azure Update Management for Intune and "feature upgrades"
Scenario: W10 Clients, 21H2 (by enablement package) Hybrid-joined to Intune MDM and on-prem AD DS. No SCCM / Co-Management Previously managed by WSUS policies All Intune Rings & Feature Update / Expedite Policies follow MS guidance. AD based GPO are successfully overide by Intune Policy All in all, Intune policies work as expected. The story: Implemented Intune management with hybrid join and policies and bells and whistles to leverage Update Compliance dashboard - also following the guidelines of Aria and the MS Mechanic team. The results are mixed. For some reasons I do not have section for quality updates only, just feature updates or expedited quality updates. Furthermore devices report "in-progress" for a feature upgrade to Windows 21H2, while they are already on Windows 10 21H2 (19043) and the compliance policies confirming this as well. Endpoint Manager Reports - Windows Updates Update Dashboard The issue: It seems like devices running on 21H2 by enablement package are recognized wrongly by the each of the dashboards. Reporting as if a feature upgrade would be missing. In addition I have not seen any Intune settings / nor settings catalog to prefer enablement packages over full upgrades either. Any ideas? cc AriaUpdated thanks for help in advance!
Latest LCU not detected from WSUS if corresponding SSU preinstalled
Hi, for a few months now, the SSU is bundled with the LCU. I have noticed that, if the bundled SSU is manually preinstalled with e.g. DISM, the corresponding LCU portion will no longer be detected as applicable from WSUS! It will however be detected if I scan against WU directly. WSUS will even show the entire bundle as installed for clients which only have the SSU portion installed! This doesn't seem like a common scenario, however it becomes a huge problem if a device does a feature upgrade (from media or WSUS, doesn't matter) from an older version (<= 1909) to 20H2, with the "/DynamicUpdate NoLCU" option enabled. What seems to happen is, Windows Setup does not, as instructed, download and apply the latest LCU, but will still download and apply the latest SSU! This results in an installation that's effectively stuck at the LCU of the upgrade media used (currently 2020-11 for the WSUS upgrade package) and cannot upgrade to the current LCU, if WSUS is used as the only update source - at least until a newer LCU is released and approved. And since SSUs cannot be uninstalled, there is no easy workaround for affected machines. I don't know if anyone from the WSUS team reads this, but there seems to be a faulty "is installed" detection logic in the SSU+LCU bundles published to WSUS, that needs to be addressed asap. Right now I have 35 Windows 10 clients stuck at the November '20 LCU, unable to upgrade. Can anybody else confirm this problem? Regards, MarkusWU / WuFB - Duplicate Download of Feature upgrades and DL of updates during Feature Upgrades
Dear Servicing Team, this is a repost because of a technical issue with the previous post. Thanks for heads-up Heather_Poulsen . Scenario: Windows 10 pro / Enterprise 1909 Using GPO for Update policies but effectively DL updates from WU no policy to limit the Feature Update version (all default) Issue 1: a computer using WU / WuFB does see two different feature upgrades in Settings and both seem be to be downloaded to SoftwareDistribution cache. Effectively the installation in windows.bt will fail because of the conflict starting another round of download. On "restart now" none of both updates would have been applied but cost bandwidth for the download. actual behaviour: both full installers are downloaded, non will be applied until restart, process starts over, eventually with only 2004 or 20H2. expected behaviour: in this scenario it should be expected that it either DL 2004 or 20H2, then using a enablement package to 20H2 or 21H1. proposed idea for a solution: When initiating Feature Update Downloads via WU / WuFB or even WSUS The USOclient / servicing stack should - recognize the latest FU version according to Server and/or Policy, if applied. - remove conflicting upgrades or updates (some have no supersedence marker by design). - should never download a CU or .net Update at the same time with a feature update*. Above measures should remove the issue to download outdated updates. In fact I have too little insights and knowledge about the internals of the process. *Issue 2: Especially this happens regularly. In practice this a very common and unwanted behaviour as the DL and install of a CU or .net update will cause pending restart even before the FU installation is ready. - causes a lot of unnecessary CPU time / system load as we install CUs that would go into Windows.old anyway. - it causes to install both the FU and CU one by another while all the time and ressources invested into the FU install will be canceled and reset on restart for the CU. It will start DL (cache) and install again after restart. Background: It feels like I have seen this more than once when I tested some behaviour for AriaUpdated evaluating how old and outdated version like 1507 or later would behave. Means would they directly download the latest release? No they do not. Mostly they picked some older releases from WU and would cause a 2 time upgrade. But also I have seen this behaviour above, where USOclient ist fetching 2 feature upgrades at a time. even though the softwaredistribution cache was clean.Windows office hours are closed: May 20, 2021
Thanks to everyone who joined us for office hours! Here is a list of who was in the virtual office today: Windows as a service strategies, tactics, best practices: Dave Backman, Namrata Bachwani, Roy Barton Windows update monitoring and reporting: Charles Inglis Windows app development (+ update monitoring and strategies): George Nelson Expediting updates in Microsoft Endpoint Manager: David Guyer Windows 10 deployment: Steve Thomas Cloud-based update management, Windows Update for Business: Aria Carley, Kay Toma Microsoft Endpoint Manager: Jason Sandys Microsoft Endpoint Manager (public sector, CMG, tenant attach, etc.): Danny Guillory Configuration Manager: Rob York, Bruno Yoshioka FastTrack: Kevin Mineweaser Security: Rick Munck Our next, regularly scheduled office hours event will take place on Thursday, June 17th, 9:00-10:00 a.m. Pacific Time. Add it to your calendar. For an up-to-date list of future events, see the Windows IT Pro Blog.Windows 10 Enablement package
Hi, has it been decided at MS that from now on, enablement packages will be available for N-1 builds whenever a new build comes out? We would like to know to help plan our tests/migration plan with our clients. The enablement package is a great way to reduce the pain points of inplace upgrades. Thks
