After we migrated our first SCCM server to Windows 2008 R2, we were dealing with a problem with the WSUS components. It had over 40k updates which clients were having issues described here in the link below. I'd definitely recommend pruning the upstream server if your other site servers are half way around the world before re-installing WSUS.
https://blogs.technet.microsoft.com/sus/2008/09/18/wsus-clients-fail-with-warning-syncserverupdatesinternal-failed-0x80244010/
The workaround was to test the component to see if it was working was to set the value for the item below, of course this caused issue for sites in slow links the next morning so it was reverted back to the default size of 5MB.
USE SUSDB
GO
UPDATE tbConfigurationC SET MaxXMLPerRequest = 0
https://social.technet.microsoft.com/Forums/en-US/29c7952e-6eb3-41e7-87f0-bc1162953179/wsus-30-sp1-client-update-failure?forum=winserverwsus
To prevent the next WSUS sites from inheriting unnecessary updates, there's a script to delete the updates that the Server Wizard is not removing after declining.
Using the script from the link below, we used it to remove the Drivers.
http://runesk.blogspot.com/2012/09/delete-oldunwanted-updates-from-wsus.html
For other updates, I modified it some to read it from a text file so I can review the updates and add it into one txt file and let it run overnight to remove all unneeded updates for OS we no longer use or never used like XP, Vista, Windows 8, Server 2003, etc. When I first ran it, it was faster than the query method but on subsequent it took just as long. Or if decline the updates, you can just change the script to delete declined updates.
Here's a good reference link on the updates you can decline from the WSUS console.
https://blogs.technet.microsoft.com/configurationmgr/2015/04/15/support-tip-configmgr-2012-update-scan-fails-and-causes-incorrect-compliance-status/
Delete Updates from list - Powershell
$wsusserver = "localhost"
$ids = get-content 'c:\Vista-guid.txt'
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | out-null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer($wsusserver,$False,"8530")
ForEach ($id in $ids){$wsus.DeleteUpdate($id); Write-Host $id removed}
or replace the red text with the below to delete the recently declined updates.
$wsus.getupdates() | Where {$_.IsDeclined -eq 'True'} | ForEach-Object { $wsus.DeleteUpdate($_.Id.UpdateID); Write-Host $_.Title removed }
To get the updates, you'll need to open up the SQL console and connect to the WSUS DB, this is a sample query for declined items. Copy the UpdateID column into the txt file of updates you want to delete. Depending on your server resources, using the script to delete a criteria may be slower than from a list.
Get Declined Updates SQL
select UpdateID from PUBLIC_VIEWS.vUpdate
where isDeclined = '1'
Once you have cleaned it up, here's another good reference below on maintaining it. If you are in a multi-hierarchy site you may want to configure it as a downstream replicas if the software update deployments are centrally managed on the parent site and no SUP deployments are managed from the child primaries.
https://blogs.technet.microsoft.com/configurationmgr/2016/01/26/the-complete-guide-to-microsoft-wsus-and-configuration-manager-sup-maintenance/
No comments:
Post a Comment