locked
WSUS downstream server forcing the upstream to download express files RRS feed

  • Question

  • Hi everyone

    Sometime over the past week, I noticed my WSUSContent folder almost doubled in size (going from approximately 260gb up to 460gb).

    After some research, I discovered that this increase was entirely due to the introduction of express installation files (.psf) now living in my WSUSContent.

    The checkbox to download express installation files has never been ticked on this server. It is a well maintained server, we run the server cleanup wizard at the start of every month. We don't patch anything directly from this server, SCCM infrastructure feeds of it and we patch everything using that.

    A Microsoft PFE advised me that if any of my downstream WSUS servers (I have 77 in total, 28 autonomous, 49 replica) do by chance have "express installation files" checked, then it will send that upstream and force my upstream server to pull down this content.

    That is not ideal.

    Unfortunately, majority of all the downstream servers exist in different networks/domains that I have no access to or control over. I don't know the people who support them, this is a large organization with many cooks in the kitchen. 

    My questions are, for anyone in the know..

    1) Is this true? Is the upstream server at the mercy of such a choice made downstream?
    2) Is there anything I can do on the upstream server to prevent this happening?
    3) Is there anything I can do to determine which downstream server is triggering this action?

    I considered routinely deleting any *.psf files from WSUSContent, but that seems impractical and does not actually fix the issue. I also considered declining all historic updates and just dealing with the content month by month (cumbersome). 

    Any useful advice would be greatly appreciated. Thanks


    Wednesday, August 3, 2016 1:21 AM

Answers

  • check the logfiles on your server. the autonomous DSS pulling the files from your USS will be doing so via BITS, so if nothing in the WSUS logfiles (\program files\update services\logfiles) nor \windows\windowsupdate.log then check your IIS logs.

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Wednesday, August 3, 2016 9:51 AM

All replies

  • Hi Timothy Crofts,

    >A Microsoft PFE advised me that if any of my downstream WSUS servers (I have 77 in total, 28 autonomous, 49 replica) do by chance have "express installation files" checked, then it will send that upstream and force my upstream server to pull down this content.

    Yes, it is true.

    If upstream server do not have related update files required by downstream server, the upstream server will be forced to download from MU. And it's pity to say it is a known issue, seems no good way to prevent it at present.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, August 3, 2016 5:20 AM
  • Thanks for the reply

    Is there any method by which I can work out the name of the downstream server requesting the files?

    Wednesday, August 3, 2016 6:35 AM
  • check the logfiles on your server. the autonomous DSS pulling the files from your USS will be doing so via BITS, so if nothing in the WSUS logfiles (\program files\update services\logfiles) nor \windows\windowsupdate.log then check your IIS logs.

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Wednesday, August 3, 2016 9:51 AM