Some time ago I was configuring WSUS server on Windows Server 2016, I needed to do it as performance of WSUS on 2012 was like caption of this image:
I’m putting all the changes I made for future reference (this basically also is the purpose of this blog, as my memory is also like the caption of the above image).
- We are downloading only metadata (no content) and we got WSUS SUSDB database on separate SQL server (NOT ON WID)
- UseCustomWebsite set to true
wsusutil.exe usecustomwebsite true
as found that here. Seems the change helped, but it took some time for server to cool down.
- WSUS pool settings have been changed to following:
Found information about that here.
Also changed this to 0:
As read about that here.
4. Ran servicing:
Wsusutil.exe /postinstall /servicing
As read about that here.
5. We set up cleanup scripts:
Invoke-WsusServerCleanup -CleanupObsoleteComputers #>> c:\temp\CleanupObsoleteComputers.txt Invoke-WsusServerCleanup -CleanupObsoleteUpdates #>> c:\temp\CleanupObsoleteUpdates.txt Invoke-WsusServerCleanup -CleanupUnneededContentFiles #>> c:\temp\CleanupUnneededContentFiles.txt Invoke-WsusServerCleanup -DeclineExpiredUpdates #>> c:\temp\CleanupObsoleteComputers.txt Invoke-WsusServerCleanup -DeclineSupersededUpdates #>> c:\temp\CleanupObsoleteComputers.txt
And it was good for sime time, till one day… when we decided to actually start using it.
The console was crushing all the time with errors “Connection error”, or “Database connection error”, it was impossible to do even an easy task.
Then I called Microsoft, support engineer’s first proposal was to reinstall WSUS server (well, let’s just tell I didn’t agree for that) so the next step was troubleshooting. What he saw was we were syncing drivers to WSUS – please note -we were only syncing metadata we were NOT downloading the actual data/content of the updates.
So he told me something interesting – we had basically two issues:
- Cleanup scripts triggered from the wsus application server didn’t do it’s job – we still had many old approved updates
- Syncing drivers were causing such terrible performance on the DB side – this is because each time you got driver that fits to many machines – it got duplicated causing terrible amount additional data on the WSUS SQL side.
Here is an article telling about WSUS and driver updates issue (10 years old! and they still haven’t rectified the issue!)
Microsoft support engineer ran couple of scripts on our WSUS server to rectify the situation, I would like to share them with you.
Script 1: WSUS_Remove_Hidden_Updates_SQL_Script
Script 4: WSUS_Clean_Obsolete_Updates_SQL_Script
Script 5: WSUS_Remove_Driver_Updates_SQL_Script
After running these (take note that one of that SQL scripts were running on our SQL for like 4 days and didn’t finish, I just killed it – just like I mentioned – for some it might work).
I was looking all over the Internet for these, and found some of these on technet, but never all of them on one place – so I think having all of them in one place is a good stuff.