locked
traffic shaping for wsus clients RRS feed

  • Question

  • wsus updates takes its toll on remote clients that we have to block the wsus and the clients from talking to each other.

    i'm thinking, can traffic shaping be used for wsus ports 8530/8531 so that it doesn't use all bandwidth for remote sites? is this something that can be done from wsus server?

    Wednesday, August 9, 2017 9:58 AM

Answers

  • You should also configure


    Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization > Download Mode: Enabled

    Download Mode: LAN (1)

    so that clients can talk amongst themselves to download the updates from each other, so long as their on the same LAN (detected through IP Network).

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Marked as answer by Reno Mardo Sunday, August 13, 2017 5:09 PM
    Thursday, August 10, 2017 4:45 AM

All replies

  • Use Mike400's Guide here: https://community.spiceworks.com/how_to/133819-use-gpo-to-limit-wsus-downloads-during-the-day

    to limit WSUS downloads during the day

    Use my script below, for cleanup and maintenance of WSUS.Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need.

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Remove all Drivers from the WSUS Database.
    2. Shrink your WSUSContent folder's size by declining superseded updates.
    3. Remove declined updates from the WSUS Database.
    4. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    5. Compress Update Revisions.
    6. Remove Obsolete Updates.
    7. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    8. Application Pool Memory Configuration to display the current private memory limit and easily increase it by any configurable amount.
    9. Run the Recommended SQL database Maintenance script on the actual SQL database.
    10. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment, simply run:

    .\Clean-WSUS.ps1 -FirstRun

    and then

    .\Clean-WSUS.ps1 -InstallTask

    If you wish to view or increase the Application Pool Memory Configuration, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Thursday, August 10, 2017 4:41 AM
  • You should also configure


    Computer Configuration > Policies > Administrative Templates > Windows Components > Delivery Optimization > Download Mode: Enabled

    Download Mode: LAN (1)

    so that clients can talk amongst themselves to download the updates from each other, so long as their on the same LAN (detected through IP Network).

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Marked as answer by Reno Mardo Sunday, August 13, 2017 5:09 PM
    Thursday, August 10, 2017 4:45 AM
  • hey cool. thanks for the script. was looking for something like this to do housecleaning for wsus.

    however, i believe my post was misunderstood. i have no issues downloading updates from Microsoft to my WSUS servers. my bandwidth problem is with my clients. i want to throttle the wsus updates from WSUS server to remote clients, say, use only 10Kbps instead of all the bandwidth.

    the script will definitely help.

    regards,

    Thursday, August 10, 2017 5:29 AM
  • i couldn't find that in my GPO so i believe it belongs to the wsus server?
    Thursday, August 10, 2017 5:31 AM
  • i couldn't find that in my GPO so i believe it belongs to the wsus server?

    Make sure you have the latest ADMX Templates in your Central Store

    Administrative Templates (.admx)
    -----------------
    You will want to get the latest Administrative Templates (.admx) for Windows 10 which, at the time of this writing, is located at:

    https://www.microsoft.com/en-us/download/details.aspx?id=55080

    Install these Administrative Templates in your Central PolicyDefinitions folder on your Domain Controller overwriting files as required. Don't worry, these Administrative Templates are inclusive of all the prior versions of Windows but now with updated descriptions and applies to fields that are actually very good and very accurate.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Thursday, August 10, 2017 1:06 PM