Articles in this section

See more

3a. Installing and Optimizing WSUS

Overview

This article covers the essential steps for installing and optimizing a Windows Server Update Services (WSUS) server for use with JetPatch. 

It includes deployment prerequisites, performance optimizations, and configuration requirements to ensure proper patch management functionality.

First step: WSUS server deployed

Follow the step-by-step instructions from Microsoft to deploy your WSUS server.

Note: please make sure WSUS specs follow our guidelines

WSUS Configuration and Optimization Steps

  • Disable IPv6 on WSUS Primary and Replicas (if any)
  • Enable PowerShell execution policy to run scripts (RemoteSigned)
  • Please make sure that the WSUS content folder has been configured with suitable permissions.
    • NETWORK SERVICE and WSUS Administrators should have full control of this folder.
  • Schedule a Weekly WSUS Server Cleanup 
  • If a WSUS replica is involved, see this article.
  • Configure the patch classifications to include only the relevant patches for the environment you are managing:
    •  
      • Specify relevant languages
        • Options -> Update Files and Languages -> Update Languages -> Download updates only in these languages (recommended English)
        • Note: It is IMPORTANT to choose all of the languages that are needed by all the clients of this WSUS server
      • Remove Language Packs from classifications and products to synchronize.
        • Options -> Products and Classifications  -> Products (uncheck non-relevant language packs) 
  • Configure a daily synchronization sync
    • On the WSUS console toolbar, click Options, and then click Synchronization Options.
    • Under Schedule, click Synchronize daily at, and then in the list select the time you want synchronization to start each day.
    • Under Tasks, click Save settings, and then click OK.
  • Modify IIS WSUS Application Pool Settings to prevent connection errors and reset the server node
    • Launch Server Manager – Launch IIS Manager
    • IIS Console – Click on 'View Application Pools' on the right-side menu

    • Right-click ‘WsusPool’ and select ‘Advanced Settings.’ 

      • (General): Change Queue Length from 1,000 (Default) to 30,000
      • Rapid-Fail Protection: Change  Service Unavailable from “HttpLevel” (Default) to Response to “TcpLevel”
      • Rapid-Fail Protection: Change Failure Internal (minutes) from (Default) “5” to “30.”
      • Recycling: Change Private Memory Limit to 0 (unlimited)
    • To apply these changes:
      • Open an administrative command prompt and run IISRESET
      • and make sure WSUSpool is started
Note: It is IMPORTANT to choose all of the languages that are needed by all the clients of this WSUS server

Next Step 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.