Changes for page Windows Server Update Services (WSUS)
Last modified by Sebastian Marsching on 2022/05/30 12:44
From version 4.1
edited by Sebastian Marsching
on 2022/05/30 12:28
on 2022/05/30 12:28
Change comment:
There is no comment for this version
To version 2.1
edited by Sebastian Marsching
on 2022/05/30 12:25
on 2022/05/30 12:25
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -22,50 +22,37 @@ 22 22 23 23 # Optimizing IIS pool settings 24 24 25 - *Queue length: 2000 (default 1000, WAM recommends 25000)26 - *Idle time-out (minutes): 0 (default 20)27 - *Ping enabled: False (default True)28 - *Private memory limit (KB): 0 (unlimited, default 4294967)29 - *Regular Time Interval (minutes): 0 (default 1740)25 +- Queue length: 2000 (default 1000, WAM recommends 25000) 26 +- Idle time-out (minutes): 0 (default 20) 27 +- Ping enabled: False (default True) 28 +- Private memory limit (KB): 0 (unlimited, default 4294967) 29 +- Regular Time Interval (minutes): 0 (default 1740) 30 30 31 -(see <https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices>)31 +(see https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices) 32 32 33 33 # IIS site settings for TLS 34 34 35 35 Configure TLS certificate for port 8531. After that, run 36 36 37 -```bat 38 -"%programfiles%\Update Services\Tools\WsusUtil.exe" configuressl <FQDN> 39 -``` 37 + C:\Program Files\Update Services\Tools\WsusUtil.exe configuressl <FQDN> 40 40 41 41 Require SSL (SSL Settings => Require SSL) for the following endpoints: 42 42 43 - *ApiRemoting3044 - *ClientWebService45 - *DssAuthWebService46 - *ServerSyncWebService47 - *SimpleAuthWebService41 +- ApiRemoting30 42 +- ClientWebService 43 +- DssAuthWebService 44 +- ServerSyncWebService 45 +- SimpleAuthWebService 48 48 49 -(see <https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852346(v=ws.11)?redirectedfrom=MSDN#35-secure-wsus-with-the-secure-sockets-layer-protocol>and<https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-7-ssl-setup-for-wsus-and-why-you-should-care/>)47 +(see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852346(v=ws.11)?redirectedfrom=MSDN#35-secure-wsus-with-the-secure-sockets-layer-protocol and https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-7-ssl-setup-for-wsus-and-why-you-should-care/) 50 50 51 51 # Enabling compression 52 52 53 53 Enable dynamic compression by running 54 54 55 -```bat 56 -cscript "%programfiles%\update services\setup\DynamicCompression.vbs" /enable "%programfiles%\Update Services\WebServices\suscomp.dll" 57 -``` 53 + cscript "%programfiles%\update services\setup\DynamicCompression.vbs" /enable "%programfiles%\Update Services\WebServices\suscomp.dll" 58 58 59 -# Importing updates into WSUS 60 - 61 - $wsus = Get-WsusServer 62 - $wsus.ImportUpdateFromCatalogSite('<Update ID>', '<Full path to update file>') 63 - 64 -(see https://www.windowspro.de/wolfgang-sommergut/updates-manuell-wsus-importieren-ie-powershell (in German)) 65 - 66 -Strong cryptography for the .NET Framework has to be enabled in order for this to work, but even then I somehow couldn’t make this method work, so I resorted to opening the Microsoft Update Catalog in Internet Explorer and directly importing the updates from there (that method worked for me). 67 - 68 68 # Resources 69 69 70 - *WSUS Best Practices:<https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/windows-server-update-services-best-practices>71 - *WSUS Maintenance:<https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/wsus-maintenance-guide>57 +- WSUS Best Practices: https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/windows-server-update-services-best-practices 58 +- WSUS Maintenance: https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/wsus-maintenance-guide