Config Manager Current Branch Delta Downloads and WSUS

Well!

So I am having a bit of fun with finally getting round to migrating to Current Branch. there are a lot of cool new features, which tbh, I probably don’t need but I am like a child in a sweet shop!

I noted that we have a new log called DeltaDownload – it was just sat there humming quietly to itself though. Little did I know it was about to unleash hell.

What we do in WSUS, echos in Config Manager.

I managed to start testing this month’s software update release on the Current Branch servers, with my alpha test group. Everything was rolling along fine. to my delight, i noticed that the DeltaDownload.log was finally doing something:

Reporting in…

…but, true to form. It was not quite right. It took *hours* for the delta download to run. it got to 1830, Friday night, so I was off home. I had plans for the evening!

Come Monday morning, I return to my terminal server session, but every, and I mean every active PC that had been migrated to Current Branch, had their WUAHANDLER.log splatered with red.

Oops I did it again :0)

The error:

OnSearchComplete – Failed to end search job. Error = 0x80244022.

So, every PC… after returning from a sudden and unexpected bathroom run, I took a look at the WSUS server. I couldn’t open the snap in. The standard event logs were not happy either.

Lots of recurring errors…

The error:

component SMS_WSUS_CONTROL_MANAGER on computer **SNIP**  reported: WSUS Control Manager failed to configure proxy settings on WSUS Server “**SNIP**”.

Possible cause: WSUS Server version 3.0 SP2 or above is not installed or cannot be contacted.
Solution: Verify that the WSUS Server version 3.0 SP2 or greater is installed. Verify that the IIS ports configured in the site are same as those configured on the WSUS IIS website.You can receive failure because proxy is set but proxy name is not specified or proxy server port is invalid.

Additionally, every WSUS IIS element was reporting an error, as per the screenshot above. I am now starting to think this is something IIS/WSUS related. Interestingly, the errors started around the time ONE of my test PCs went active with a Delta Download. Purely a coincidence I hear you say. Yes.

Config Manager was equally unhappy, but again, it was pointing at an inability to communicate with WSUS on the server.

Config Manager – actually helpful this time!

The error:

WSUS Control Manager failed to monitor WSUS Server “**SNIP**”.

So I dive into IIS. To my surprise I found that the WSUS Application Pool was stopped:

As my daughter would say, eek.

I started the WSUSPool, but it just failed again. I did some more digging, and found this rather fabulous explanation here. Basically, the memory limit default is around 1.7GB, and it isn’t enough!

In a nutshell:

  1. Select the WsusPool from the list under Application Pools
  2. Right click and select Advanced Settings
  3. Scroll to the bottom to Private Memory Limit (KB)
  4. Amend the value to something appropriate to your needs

Again MS, why have a default set so low?

I set my value to 8GB. I kickstarted the WsusPool, and thus far, everything is good. Obviously I would not recommend setting it higher than the memory limit on the server. Cos you know… stupid is as stupid does 😛

I do worry what will happen when we have one hundred or one thousand Windows 10 PCs hitting WSUS for the DeltaDownload. Having one PC seems to have brought down my house of cards…

Perhaps it’s just an initial hit, as you’d need the main file plus delta file changes and it’ll be a one-off per PC – which is in itself troubling.

Or perhaps increasing the memory pool will fix it period.

Time will tell.

What is very worrying is that over the course of the weekend, no anti-virus definitions went out. We’re integrated into SCEP; I do personally love it, and the integration of information into the Config Manager console. However having WSUS syncs fail, and the only clue being an email stating a failure out of hours… well scary times! Obviously that’s a resourcing issue for where I work but still. It shows the problems of integrating – not that I’d change it mind.

Either way, changing the memory limit and starting the application pool was an instant fix.

Advertisements

3 thoughts on “Config Manager Current Branch Delta Downloads and WSUS

  1. Scott

    tut tut, This is a “known” configuration setting for any WSUS/SUP regardless 🙂
    If you have a server with lots of memory, or you use a dedicated server for the SUP you can set it to ‘0’ for unlimited and let IIS manage it all.

    Like

    Reply
    1. Leldance40k Post author

      You know, with hindsight, I would have preferred an independent box for WSUS but it is tied in with Config Manager. Failing that, a box purely to act as the SUP/WSUS but hey ho. Maybe next time.

      There is a decent chunk of system memory in there, but I didn’t want to set it at unlimited as I am sure how well it’ll play on the VM host or with the other Config Manager roles hosted on the box.

      Not the best design but that was out of my hands :-/

      Like

      Reply
      1. Scott

        It’s easy enough to add another box, make it a SUP and decomm the current service. A good thing about CM these days is how easy it is to expand and shrink the environment to suit needs.
        There are a lot of little config tweaks like this that I’d like to see ConfigMgr do when it configures a role. It configures lots of other settings, so really it *should* be doing these settings also.

        Liked by 1 person

Flame on xD

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s