locked
WSUS on Server 2016 does not report itself RRS feed

  • Question

  • Hello all,

    I have updated our WSUS from 2012 R2 to 2016 and I'm having a strange issue. The update services picks up every other machine in our domain just fine including other 2016 servers (virtual and physical), but it never checks in with itself. It has been like this for days and after many reboots. It's a core install server that was already up to date before I added it to the domain. I'll attach an image for clarity. Any ideas? Is this a WSUS 2016 bug?

    Thanks!

    Friday, September 8, 2017 12:42 PM

All replies

  • Hello all,

    I have updated our WSUS from 2012 R2 to 2016 and I'm having a strange issue. The update services picks up every other machine in our domain just fine including other 2016 servers (virtual and physical), but it never checks in with itself. It has been like this for days and after many reboots. It's a core install server that was already up to date before I added it to the domain. I'll attach an image for clarity. Any ideas? Is this a WSUS 2016 bug?

    Thanks!

    Here is something from 2013, not sure if it would solve your issue today though.

    https://social.technet.microsoft.com/Forums/en-US/021118b4-7b88-4b37-ada0-5e25d93fc39c/wsus-server-not-updating-itself?forum=winserverwsus

    Hope this helps.

    Friday, September 8, 2017 4:21 PM
  • 2 other possibilities. First, IPv6 should be ENABLED and any firewall enabled with the appropriate ports punched through it. WSUS communicates with itself using IPv6 so it should be enabled.

    Second, my script has been known to solve these types of problems.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need!

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Add WSUS Index Optimization to the database to increase the speed of many database operations in WSUS by approximately 1000-1500 times faster.
    2. Remove all Drivers from the WSUS Database (Default; Optional).
    3. Shrink your WSUSContent folder's size by declining multiple types of updates including by default any superseded updates, preview updates, expired updates, Itanium updates, and beta updates. Optional extras: Language Packs, IE7, IE8, IE9, IE10, Embedded, NonEnglishUpdates, ComputerUpdates32bit, WinXP.
    4. Remove declined updates from the WSUS Database.
    5. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    6. Compress Update Revisions.
    7. Remove Obsolete Updates.
    8. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    9. Application Pool Memory Configuration to display the current private memory limit and easily set it to any configurable amount including 0 for unlimited. This is a manual execution only.
    10. Checks to see if you have a dirty database, and if you do, fixes it. This is primarily for Server 2012 WSUS, and is a manual execution only.
    11. Run the Recommended SQL database Maintenance script on the actual SQL database.
    12. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use so don't over think it. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment (email settings only if you are accepting all the defaults), simply run:

    .\Clean-WSUS.ps1 -FirstRun

    If you wish to view or increase the Application Pool Memory Configuration, or run the Dirty Database Check, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Saturday, September 9, 2017 12:41 AM
  • Okay, so I figured this out after much Googling.

    It seems that changing the IIS settings helps a lot:

    • Queue Length: 25000 from 10000
    • Limit Interval (minutes): 15 from 5
    • "Service Unavailable" Response: TcpLevel from HttpLevel
    • (Optional) Private Memory Limit (KB): 0 from 18342456

    And also adding alternate download server to group policy helped, I believe:

    However, WSUS still reports 2016 core installs at Windows (Version 10.0) This happened on two separate environments, both involving server 2016 core installs. This seems to be a bug in WSUS?

    Tuesday, September 12, 2017 6:03 PM
  • All you've done is patch a problem 'by throwing more RAM at it'

    Increasing queue length, switching to TcpLevel, and changing the private memory limit to 0 or unlimited is basically covering up the actual issues by 'throwing more RAM at it' (figuratively speaking, as well as actually speaking)

    Your alternative download server very probable was a helping factor and is not a patch, but what should have been done.

    The Windows 10.0 reporting is known. It doesn't hurt anything and WSUS knows what update applies to what system, but if you want to make it all pretty, follow this and grab this SQL script to run hourly

    https://wsus.de/de/Scripts/Windows-Editionen-anzeigen


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    • Proposed as answer by Yan Li_ Wednesday, September 27, 2017 5:11 AM
    Tuesday, September 12, 2017 6:47 PM