Simon says – unleash WSUS performance

Some time ago I was configuring WSUS server on Windows Server 2016, I needed to do it as performance of WSUS on 2012 was like caption of this image:


I’m putting all the changes I made for future reference (this basically also is the purpose of this blog, as my memory is also like the caption of the above image).

  1. We are downloading only metadata (no content) and we got WSUS SUSDB database on separate SQL server (NOT ON WID)
  2. UseCustomWebsite set to true

    wsusutil.exe usecustomwebsite true

    as found that here. Seems the change helped, but it took some time for server to cool down.

  3. WSUS pool settings have been changed to following:


Found information about that here.

Also changed this to 0:


As read about that here.

4. Ran servicing:

Wsusutil.exe /postinstall /servicing

As read about that here.

5. We set up cleanup scripts:

Invoke-WsusServerCleanup -CleanupObsoleteComputers #>> c:\temp\CleanupObsoleteComputers.txt
Invoke-WsusServerCleanup -CleanupObsoleteUpdates #>> c:\temp\CleanupObsoleteUpdates.txt
Invoke-WsusServerCleanup -CleanupUnneededContentFiles #>> c:\temp\CleanupUnneededContentFiles.txt
Invoke-WsusServerCleanup -DeclineExpiredUpdates #>> c:\temp\CleanupObsoleteComputers.txt
Invoke-WsusServerCleanup -DeclineSupersededUpdates #>> c:\temp\CleanupObsoleteComputers.txt

And it was good for sime time, till one day… when we decided to actually start using it.

The console was crushing all the time with errors “Connection error”, or “Database connection error”, it was impossible to do even an easy task.

Then I called Microsoft, support engineer’s first proposal was to reinstall WSUS server (well, let’s just tell I didn’t agree for that) so the next step was troubleshooting. What he saw was we were syncing drivers to WSUS – please note -we were only syncing metadata we were NOT downloading the actual data/content of the updates.

So he told me something interesting – we had basically two issues:

  1. Cleanup scripts triggered from the wsus application server didn’t do it’s job – we still had many old approved updates
  2. Syncing drivers were causing such terrible performance on the DB side – this is because each time you got driver that fits to many machines – it got duplicated causing terrible amount additional data on the WSUS SQL side.

Here is an article telling about WSUS and driver updates issue (10 years old! and they still haven’t rectified the issue!)

Microsoft support engineer ran couple of scripts on our WSUS server to rectify the situation, I would like to share them with you.

Script 1: WSUS_Remove_Hidden_Updates_SQL_Script

Script 2:WSUS_Reindex_Database_SQL_Script

Script 3: WSUS_Decline_Superseeded_Updates_SQL_Script (this was working for 4 days and didn’t finish, but thought I will put that here anyway, maybe for someone it will work)

Script 4: WSUS_Clean_Obsolete_Updates_SQL_Script

Script 5: WSUS_Remove_Driver_Updates_SQL_Script

After running these (take note that one of that SQL scripts were running on our SQL for like 4 days and didn’t finish, I just killed it – just like I mentioned – for some it might work).

I was looking all over the Internet for these, and found some of these on technet, but never all of them on one place – so I think having all of them in one place is a good stuff.


3 thoughts on “Simon says – unleash WSUS performance

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s