Changes for page Windows Server Update Services (WSUS)
Last modified by Sebastian Marsching on 2022/05/30 12:44
From version 2.1
edited by Sebastian Marsching
on 2022/05/30 12:25
on 2022/05/30 12:25
Change comment:
There is no comment for this version
To version 1.2
edited by Sebastian Marsching
on 2022/05/29 13:01
on 2022/05/29 13:01
Change comment:
Added tag [Windows]
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -19,40 +19,3 @@ 19 19 In addition to the hints in that article, I found another trick: For me, the Server Cleanup Wizard was timing out when running the "Decline expired updates" action. I could fix this by running the `spDeclineExpiredUpdates` procedure from SQL Studio. I used "WUS Server" for the `adminName` parameter of this procedure. After that I ran the wizard again, and regenerated the indices. After doing this a few times, the wizard would finally complete without timing out. As always, make a backup of the `SUSDB` database before trying any of this. 20 20 21 21 My idea to run `spDeclineExpiredUpdates` was based on the ideas given in [this thread](https://social.technet.microsoft.com/Forums/windows/en-US/7b12f8b2-d0e6-4f63-a98a-019356183c29/getting-past-wsus-cleanup-wizard-time-out-removing-unnecessary-updates?forum=winserverwsus). 22 - 23 -# Optimizing IIS pool settings 24 - 25 -- Queue length: 2000 (default 1000, WAM recommends 25000) 26 -- Idle time-out (minutes): 0 (default 20) 27 -- Ping enabled: False (default True) 28 -- Private memory limit (KB): 0 (unlimited, default 4294967) 29 -- Regular Time Interval (minutes): 0 (default 1740) 30 - 31 -(see https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices) 32 - 33 -# IIS site settings for TLS 34 - 35 -Configure TLS certificate for port 8531. After that, run 36 - 37 - C:\Program Files\Update Services\Tools\WsusUtil.exe configuressl <FQDN> 38 - 39 -Require SSL (SSL Settings => Require SSL) for the following endpoints: 40 - 41 -- ApiRemoting30 42 -- ClientWebService 43 -- DssAuthWebService 44 -- ServerSyncWebService 45 -- SimpleAuthWebService 46 - 47 -(see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852346(v=ws.11)?redirectedfrom=MSDN#35-secure-wsus-with-the-secure-sockets-layer-protocol and https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-7-ssl-setup-for-wsus-and-why-you-should-care/) 48 - 49 -# Enabling compression 50 - 51 -Enable dynamic compression by running 52 - 53 - cscript "%programfiles%\update services\setup\DynamicCompression.vbs" /enable "%programfiles%\Update Services\WebServices\suscomp.dll" 54 - 55 -# Resources 56 - 57 -- WSUS Best Practices: https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/windows-server-update-services-best-practices 58 -- WSUS Maintenance: https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/wsus-maintenance-guide