Last modified by Sebastian Marsching on 2022/05/30 12:44

From version 2.1
edited by Sebastian Marsching
on 2022/05/30 12:25
Change comment: There is no comment for this version
To version 1.2
edited by Sebastian Marsching
on 2022/05/29 13:01
Change comment: Added tag [Windows]

Summary

Details

Page properties
Content
... ... @@ -19,40 +19,3 @@
19 19  In addition to the hints in that article, I found another trick: For me, the Server Cleanup Wizard was timing out when running the "Decline expired updates" action. I could fix this by running the `spDeclineExpiredUpdates` procedure from SQL Studio. I used "WUS Server" for the `adminName` parameter of this procedure. After that I ran the wizard again, and regenerated the indices. After doing this a few times, the wizard would finally complete without timing out. As always, make a backup of the `SUSDB` database before trying any of this.
20 20  
21 21  My idea to run `spDeclineExpiredUpdates` was based on the ideas given in [this thread](https://social.technet.microsoft.com/Forums/windows/en-US/7b12f8b2-d0e6-4f63-a98a-019356183c29/getting-past-wsus-cleanup-wizard-time-out-removing-unnecessary-updates?forum=winserverwsus).
22 -
23 -# Optimizing IIS pool settings
24 -
25 -- Queue length: 2000 (default 1000, WAM recommends 25000)
26 -- Idle time-out (minutes): 0 (default 20)
27 -- Ping enabled: False (default True)
28 -- Private memory limit (KB): 0 (unlimited, default 4294967)
29 -- Regular Time Interval (minutes): 0 (default 1740)
30 -
31 -(see https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices)
32 -
33 -# IIS site settings for TLS
34 -
35 -Configure TLS certificate for port 8531. After that, run
36 -
37 - C:\Program Files\Update Services\Tools\WsusUtil.exe configuressl <FQDN>
38 -
39 -Require SSL (SSL Settings => Require SSL) for the following endpoints:
40 -
41 -- ApiRemoting30
42 -- ClientWebService
43 -- DssAuthWebService
44 -- ServerSyncWebService
45 -- SimpleAuthWebService
46 -
47 -(see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852346(v=ws.11)?redirectedfrom=MSDN#35-secure-wsus-with-the-secure-sockets-layer-protocol and https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-7-ssl-setup-for-wsus-and-why-you-should-care/)
48 -
49 -# Enabling compression
50 -
51 -Enable dynamic compression by running
52 -
53 - cscript "%programfiles%\update services\setup\DynamicCompression.vbs" /enable "%programfiles%\Update Services\WebServices\suscomp.dll"
54 -
55 -# Resources
56 -
57 -- WSUS Best Practices: https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/windows-server-update-services-best-practices
58 -- WSUS Maintenance: https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/wsus-maintenance-guide