Skip to Content
Last modified by Sebastian Marsching on 2022/05/30 12:44
From version 2.1
edited by Sebastian Marsching
on 2022/05/30 12:25
Change comment: There is no comment for this version
To version 4.1
edited by Sebastian Marsching
on 2022/05/30 12:28
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -22,37 +22,50 @@
22 22  
23 23  # Optimizing IIS pool settings
24 24  
25 -- Queue length: 2000 (default 1000, WAM recommends 25000)
26 -- Idle time-out (minutes): 0 (default 20)
27 -- Ping enabled: False (default True)
28 -- Private memory limit (KB): 0 (unlimited, default 4294967)
29 -- Regular Time Interval (minutes): 0 (default 1740)
25 +* Queue length: 2000 (default 1000, WAM recommends 25000)
26 +* Idle time-out (minutes): 0 (default 20)
27 +* Ping enabled: False (default True)
28 +* Private memory limit (KB): 0 (unlimited, default 4294967)
29 +* Regular Time Interval (minutes): 0 (default 1740)
30 30  
31 -(see https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices)
31 +(see <https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices>)
32 32  
33 33  # IIS site settings for TLS
34 34  
35 35  Configure TLS certificate for port 8531. After that, run
36 36  
37 - C:\Program Files\Update Services\Tools\WsusUtil.exe configuressl <FQDN>
37 +```bat
38 +"%programfiles%\Update Services\Tools\WsusUtil.exe" configuressl <FQDN>
39 +```
38 38  
39 39  Require SSL (SSL Settings => Require SSL) for the following endpoints:
40 40  
41 -- ApiRemoting30
42 -- ClientWebService
43 -- DssAuthWebService
44 -- ServerSyncWebService
45 -- SimpleAuthWebService
43 +* ApiRemoting30
44 +* ClientWebService
45 +* DssAuthWebService
46 +* ServerSyncWebService
47 +* SimpleAuthWebService
46 46  
47 -(see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852346(v=ws.11)?redirectedfrom=MSDN#35-secure-wsus-with-the-secure-sockets-layer-protocol and https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-7-ssl-setup-for-wsus-and-why-you-should-care/)
49 +(see <https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852346(v=ws.11)?redirectedfrom=MSDN#35-secure-wsus-with-the-secure-sockets-layer-protocol> and <https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-7-ssl-setup-for-wsus-and-why-you-should-care/>)
48 48  
49 49  # Enabling compression
50 50  
51 51  Enable dynamic compression by running
52 52  
53 - cscript "%programfiles%\update services\setup\DynamicCompression.vbs" /enable "%programfiles%\Update Services\WebServices\suscomp.dll"
55 +```bat
56 +cscript "%programfiles%\update services\setup\DynamicCompression.vbs" /enable "%programfiles%\Update Services\WebServices\suscomp.dll"
57 +```
54 54  
59 +# Importing updates into WSUS
60 +
61 + $wsus = Get-WsusServer
62 + $wsus.ImportUpdateFromCatalogSite('<Update ID>', '<Full path to update file>')
63 +
64 +(see https://www.windowspro.de/wolfgang-sommergut/updates-manuell-wsus-importieren-ie-powershell (in German))
65 +
66 +Strong cryptography for the .NET Framework has to be enabled in order for this to work, but even then I somehow couldn’t make this method work, so I resorted to opening the Microsoft Update Catalog in Internet Explorer and directly importing the updates from there (that method worked for me).
67 +
55 55  # Resources
56 56  
57 -- WSUS Best Practices: https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/windows-server-update-services-best-practices
58 -- WSUS Maintenance: https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/wsus-maintenance-guide
70 +* WSUS Best Practices: <https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/windows-server-update-services-best-practices>
71 +* WSUS Maintenance: <https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/wsus-maintenance-guide>