locked
kb3159706 causes massive BITS download to WSUS server RRS feed

Answers

  • In my experience, It's just not worth it.

    We were finding that with the update rollups that the update cycle was taking too long. On the basis of a single update cycle Express Updates has helped that significantly. Looks worth it at the moment. Several hundred production servers taking less time to update is worth my pain in setting it up and being more vigorous with clean-ups.
    Thursday, May 18, 2017 6:41 AM

All replies

  • I've tried throttling the bandwidth through Local Policy 'Limit the maximum network bandwidth for BITS background transfers' (and checked the registry that it has applied) but it ignores this and zooms back up to >60Mbs.

    Using Get-BitsTransfer I can see that one transfer is in error and it is Update for Windows Server 2012 R2 (KB3159706)\AMD64-all-windows8.1-kb3159706-x64                   _034b30c6c261d4e76b8c6f8fe3cc9fa5fa4e977b.msu which is the update I applied - so not sure why it's in the BITS queue and under my account name as the owner.

    Tuesday, May 9, 2017 10:43 AM
  • Try following this how-to

    https://community.spiceworks.com/how_to/133819-use-gpo-to-limit-wsus-downloads-during-the-day

    It works very well to limit WSUS Downloads.

    Saturday, May 13, 2017 4:43 AM
  • Hi Eric G-S,

    How do you download the KB3159706 on the WSUS server, use windows updates or download it from Internet and install manually?

    Besides, please check if there are pending download of update files, especially upgrade files. You may check if the WSUS overview to view if there are updates downloading, also check if you set auto-approve rules which will trigger downloading update files:

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Wednesday, May 17, 2017 11:31 AM
  • I installed KB3159706 manually and enabled Express Updates. This caused WSUS to re-download all the updates in the repository, which was unexpected and not in any documentation I've seen about this. To try and stop this taking the entire organisation's internet traffic I tried to throttle the BITS transfer as specified but this did not work.

    Fortuitously, our ISP chose that afternoon to upgrade our internet connection, weeks earlier than the planned date. The increased download speed could cope with WSUS demands and everything eventually downloaded. 

    Wednesday, May 17, 2017 1:19 PM
  • and enabled Express Updates.

    This was your mistake.

    https://technet.microsoft.com/en-us/library/cc708456(v=ws.10).aspx#Anchor_2

    "When you distribute updates by using this method, it requires an initial investment in bandwidth. Express installation files are larger than the updates they are meant to distribute. This is because the express installation file must contain all the possible variations of each file it is meant to update."

    This is revision control (like source code control). In my experience, It's just not worth it. It does have advantages though if you're in a location with really bad internet speeds and stability and bandwidth caps (I'm talking dialup type speeds). In this day and age in modern countries, the advantages do not outweigh the disadvantages in my opinion.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Wednesday, May 17, 2017 4:17 PM
  • After your WSUS server calms down, go uncheck it and run my script.

    Have a peek at my Adamj Clean-WSUS script. It is the last WSUS Script you will ever need.

    http://community.spiceworks.com/scripts/show/2998-adamj-clean-wsus

    What it does:

    1. Remove all Drivers from the WSUS Database.
    2. Shrink your WSUSContent folder's size by declining superseded updates.
    3. Remove declined updates from the WSUS Database.
    4. Clean out all the synchronization logs that have built up over time (configurable, with the default keeping the last 14 days of logs).
    5. Compress Update Revisions.
    6. Remove Obsolete Updates.
    7. Computer Object Cleanup (configurable, with the default of deleting computer objects that have not synced within 30 days).
    8. Application Pool Memory Configuration to display the current private memory limit and easily increase it by any configurable amount.
    9. Run the Recommended SQL database Maintenance script on the actual SQL database.
    10. Run the Server Cleanup Wizard.

    It will email the report out to you or save it to a file, or both.

    Although the script is lengthy, it has been made to be super easy to setup and use. There are some prerequisites and instructions at the top of the script. After installing the prerequisites and configuring the variables for your environment, simply run:

    .\Clean-WSUS.ps1 -FirstRun

    and then

    .\Clean-WSUS.ps1 -InstallTask

    If you wish to view or increase the Application Pool Memory Configuration, you must run it with the required switch. See Get-Help .\Clean-WSUS.ps1 -Examples

    If you're having trouble, there's also a -HelpMe option that will create a log so you can send it to me for support.


    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Wednesday, May 17, 2017 4:19 PM
  • In my experience, It's just not worth it.

    We were finding that with the update rollups that the update cycle was taking too long. On the basis of a single update cycle Express Updates has helped that significantly. Looks worth it at the moment. Several hundred production servers taking less time to update is worth my pain in setting it up and being more vigorous with clean-ups.
    Thursday, May 18, 2017 6:41 AM
  • In my experience, It's just not worth it.

    We were finding that with the update rollups that the update cycle was taking too long. On the basis of a single update cycle Express Updates has helped that significantly. Looks worth it at the moment. Several hundred production servers taking less time to update is worth my pain in setting it up and being more vigorous with clean-ups.

    At the same time, it depends on how you have your GPOs setup for the updates - if you tell it to download and alert you, there's no issues. As you're doing a few hundred, you've probably set it so that it automatically installs, in which case yes, that would take a longer time, and is worth it at that point. My experience has been with sub-100 servers, so I've always done it manually by downloading and notifying for install.

    Adam Marshall, MCSE: Security
    http://www.adamj.org

    Thursday, May 18, 2017 7:31 PM