*Prerequisite: WSUS server deployed (step by step instructions).
- Note: please make sure WSUS specs follow our guidelines (if POC, we recommend a new Windows 2019).
- Configure the patch classifications to include only the relevant patches for the environment you are managing:
-
- Specify relevant languages
- Options -> Update Files and Languages -> Update Languages -> Download updates only in these languages (recommended English)
- Note: It is IMPORTANT to choose all of the languages that are needed by all the clients of this WSUS server
- Remove Language Packs from classifications and products to synchronize.
- Options -> Products and Classifications -> Products (uncheck non-relevant language packs)
- Specify relevant languages
-
- Configure a daily synchronization sync
- On the WSUS console toolbar, click Options, and then click Synchronization Options.
- Under Schedule, click Synchronize daily at, and then in the list select the time you want synchronization to start each day.
- Under Tasks, click Save settings, and then click OK.
- Modify IIS WSUS Application Pool Settings
- Launch Server Manager – Launch IIS Manager
- IIS Console – Click on Application Pools
- Right-click ‘WsusPool’ and select ‘Advanced Settings’
- Change (General) Queue Length from 1,000 (Default) to 30,000
- Change (Rapid-Fail Protection) Service Unavailable from “HttpLevel” (Default) to Reponse to “TcpLevel”
- Change (Rapid-Fail Protection) Failure Internal (minutes) from (Default) “5” to “30”
- Change (Recycling) Private Memory Limit to 0 (unlimited)
- In order to apply these changes, open an administrative command prompt, and run IISRESET
- Enable PowerShell execution policy to run scripts
- Disable IPv6
- Please make sure that the WSUS content folder has been configured with suitable permission.
- NETWORK SERVICE and WSUS Administrators should have full control on this folder.
- If a WSUS replica is involved, see this article.
Next Step
Comments
0 comments
Please sign in to leave a comment.