WSUS tunning 2

Details
Category: Windows tips
Hits: 252

+ Build new Server 2019 machine

# could be 2016 or even 2012R2

  • vCPU = 4, vSocket = 1, RAM = 12 GB, PageFile = 32768 MB
  • HDD1 = 150 GB, used for C drive (System)
  • HDD2 = 3500 GB, used for D drive (WSUS data & content store, SQL Backup)
  • HDD3 = 50 GB, used for G drive (SQL Data)
  • HDD4 = 40 GB, used for H drive (SQL Temp DB)
  • HDD5 = 40 GB, used for L drive (SQL Log)

 

+ Install SQL Server 2019 Standard

 

+ Update Windows & SQL server with Microsoft Online Updates

 

+ Add WSUS role

 

+ Configure WSUS role 

  • Update Files and Languages: Update Files tab, tick Download express installation files.  Click OK
  • Automatic Approvals: Tick the Default Automatic Approval Rule.  Change the rule so that ONLY “Approve the update for all computers” is shown.  Click the Advanced tab. Ensure all check boxes are ticked.  Click OK
  • E-Mail Notifications: Tick Send status report, set to Weekly, set time to 7.30am, set Recipient
  • Set the outgoing SMTP server
  • Personalization: Click round selector “Show Computer and status from this server alone”

 

+ Install WSUS reporting

  • Find CLR type for SQL Server 2012 MSI and install. Its a challenge as the file is no longer on the Microsoft catalog site.
  • Find Report Viewer MSI and install.

 

+ Optimize WSUS Configuration

# The need is to modify web.config parameters. Within an elevated CMD shell;

  • sc stop wsusservice
  • cd "C:\Program Files\Update Services\WebServices\ClientWebService"
  • takeown /f web.config
  • icacls web.config /grant administrator:(F)
  • copy web.config web.config.org

 

  • notepad web.config

         # Find line;
            <add key="maxInstalledPrerequisites" value="400"/>
         # change this line to
            <add key="maxInstalledPrerequisites" value="800"/>

         # Find remark “MAXREQUESTLENGTH”, and then move to the line starting with
            <httpRuntime maxRequestLength="4096" />
         # change this line to
            <httpRuntime maxRequestLength="204800" executionTimeout="7200" />

         # Save web.config and exit notepad

 

+ Optimize IIS Configuration

# Within an elevated CMD shell;

  • # Run IIS Admin
  • %windir%\system32\inetsrv\inetmgr.exe
  • # Navigate to <servername> \ Application Pools \
  • # Right click on “WsusPool” and select Advanced Settings.
  • # Make the following changes in the respective sub-sections shown in front left column;

         General

                  Queue Length = 25000

         Rapid-Fail Protection
                  “Service Unavailable” Response = TcpLevel
                  Failure Interval (minutes) = 15
                  Maximum Failures = 5
         Recycling
                  Private Memory Limit (KB) = 0
                  Request Limit = 0
                  Virtual Memory Limit (KB) = 0

 

+ Restart Computer

  • After 5 minutes, initiate testing on the WUA machine.  No errors should occur, although scanning may take many minutes, even over an hour of slow low bandwidth WAN links.
  • Results may include either no updates available which most likely means the WSUS is still updating its self (which can take days), or available updates are shown and are available for WUA to download and install.

Login Form