*Prerequisite: WSUS server deployed (step by step instructions).
- Note: please make sure WSUS specs follow our guidelines (if POC, we recommend a new Windows 2019).
- Configure the patch classifications to include only the relevant patches for the environment you are managing:
-
- Specify relevant languages
- Options -> Update Files and Languages -> Update Languages -> Download updates only in these languages (recommended English)
- Note: It is IMPORTANT to choose all of the languages that are needed by all the clients of this WSUS server
- Remove Language Packs from classifications and products to synchronize.
- Options -> Products and Classifications -> Products (uncheck non-relevant language packs)
- Specify relevant languages
-
- Configure a daily synchronization sync
- On the WSUS console toolbar, click Options, and then click Synchronization Options.
- Under Schedule, click Synchronize daily at, and then in the list select the time you want synchronization to start each day.
- Under Tasks, click Save settings, and then click OK.
- Modify IIS WSUS Application Pool Settings
- Launch Server Manager – Launch IIS Manager
- IIS Console – Click on Application Pools
- Right-click ‘WsusPool’ and select ‘Advanced Settings’
- Change the value of 'Queue Length’ under the General section to 30,000
- Change 'Service Unavailable' Response Type from default HTTPlevel to TcpLevel
- Change failure interval minutes from 5 to 30 minutes
- Change the value of ‘Private Memory Limit’ under the Recycling section to 0
-
In order to apply these changes, open an administrative command prompt, and run IISRESET
- Please make sure that the WSUS content folder has been configured with suitable permission.
- NETWORK SERVICE and WSUS Administrators should have full control on this folder.
- Enable PowerShell execution policy to run scripts
- Disable IPv6
- If a WSUS replica is involved, see this article.
Next Step
Comments
0 comments
Please sign in to leave a comment.