First step: WSUS server deployed (step by step instructions from Microsoft).
- Note: please make sure WSUS specs follow our guidelines
Assuming WSUS is installed on windows,
- Configure the patch classifications to include only the relevant patches for the environment you are managing:
-
-
Specify relevant languages
- Options -> Update Files and Languages -> Update Languages -> Download updates only in these languages (recommended English)
- Note: It is IMPORTANT to choose all of the languages that are needed by all the clients of this WSUS server
-
Remove Language Packs from classifications and products to synchronize.
- Options -> Products and Classifications -> Products (uncheck non-relevant language packs)
-
Specify relevant languages
-
- Configure a daily synchronization sync
- On the WSUS console toolbar, click Options, and then click Synchronization Options.
- Under Schedule, click Synchronize daily at, and then in the list select the time you want synchronization to start each day.
- Under Tasks, click Save settings, and then click OK.
- Modify IIS WSUS Application Pool Settings
- Launch Server Manager – Launch IIS Manager
- IIS Console – Click on 'View Application Pools' on the right-side menu
- Right-click ‘WsusPool’ and select ‘Advanced Settings’
- (General): Change Queue Length from 1,000 (Default) to 30,000
- Rapid-Fail Protection: Change Service Unavailable from “HttpLevel” (Default) to Reponse to “TcpLevel”
- Rapid-Fail Protection : Change Failure Internal (minutes) from (Default) “5” to “30”
- Recycling: Change Private Memory Limit to 0 (unlimited)
-
In order to apply these changes,
- open an administrative command prompt, and run IISRESET
- and make sure WSUSpool is started
- Enable PowerShell execution policy to run scripts
- Disable IPv6
- Please make sure that the WSUS content folder has been configured with suitable permission.
- NETWORK SERVICE and WSUS Administrators should have full control on this folder.
- If a WSUS replica is involved, see this article.
Next Step
Comments
0 comments
Please sign in to leave a comment.