Constant WSUS issues (Connection Errors)
-
I also have a group policy set to prevent users from upgrading Windows 10 (works for them all, though). For example, if you try to upgrade from 1703 to 1709, it will fail and never upgrade.
However, if I approve the upgrade through WSUS, it will succeed. I don't want upgrades until it's been approved and expected.
-
@tim_g said in Constant WSUS issues (Connection Errors):
I also have a group policy set to prevent users from upgrading Windows 10 (works for them all, though). For example, if you try to upgrade from 1703 to 1709, it will fail and never upgrade.
However, if I approve the upgrade through WSUS, it will succeed. I don't want upgrades until it's been approved and expected.
Awesome, thanks for all the info!! I will follow your example with the groups and the types of updates.
As for Windows 10 upgrades, I never really thought twice about these and I've already upgraded Windows 10 to 1709 for the few systems we have.. no issues so far as far as I know.
-
@dave247 said in Constant WSUS issues (Connection Errors):
As for Windows 10 upgrades, I never really thought twice about these and I've already upgraded Windows 10 to 1709 for the few systems we have.. no issues so far as far as I know.
There's not problem doing it, and there shoudn't be any issues. Go ahead if you can.
When 1709 came out, there were too many issues that would have directly effected out environment. SO I'm glad I was doing it that way or there would have been great money loss.
-
@tim_g said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
As for Windows 10 upgrades, I never really thought twice about these and I've already upgraded Windows 10 to 1709 for the few systems we have.. no issues so far as far as I know.
There's not problem doing it, and there shoudn't be any issues. Go ahead if you can.
When 1709 came out, there were too many issues that would have directly effected out environment. SO I'm glad I was doing it that way or there would have been great money loss.
Ok, thanks so much, Tim. One last question (maybe) for you: Are all your GPO's copies of each other or what? How do they differ?
-
yeah, you definitely don't want to have Windows 10 do auto upgrades to a new version until you test it on some users.
I have a client that is 10 PCs.. so no WSUS, not worth it, the auto upgrade to 1709 caused issues with Webroot. Definitely test before full rollout.
-
@dashrender said in Constant WSUS issues (Connection Errors):
yeah, you definitely don't want to have Windows 10 do auto upgrades to a new version until you test it on some users.
I have a client that is 10 PCs.. so no WSUS, not worth it, the auto upgrade to 1709 caused issues with Webroot. Definitely test before full rollout.
Well the Windows 10 systems we have are all on 1709, so I guess I'm going to consider them my test group for now..
-
@dave247 said in Constant WSUS issues (Connection Errors):
@tim_g said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
As for Windows 10 upgrades, I never really thought twice about these and I've already upgraded Windows 10 to 1709 for the few systems we have.. no issues so far as far as I know.
There's not problem doing it, and there shoudn't be any issues. Go ahead if you can.
When 1709 came out, there were too many issues that would have directly effected out environment. SO I'm glad I was doing it that way or there would have been great money loss.
Ok, thanks so much, Tim. One last question (maybe) for you: Are all your GPO's copies of each other or what? How do they differ?
Each GPO points to a different WSUS group. The server GPOs have a different update schedule than the client PCs. The "Lab" groups follow a different reboot and update plan and schedule.
-
@dave247 said in Constant WSUS issues (Connection Errors):
@dashrender said in Constant WSUS issues (Connection Errors):
yeah, you definitely don't want to have Windows 10 do auto upgrades to a new version until you test it on some users.
I have a client that is 10 PCs.. so no WSUS, not worth it, the auto upgrade to 1709 caused issues with Webroot. Definitely test before full rollout.
Well the Windows 10 systems we have are all on 1709, so I guess I'm going to consider them my test group for now..
lol, then 1803 will be your first test of this.
-
Another reason to split everything up at least by OS is because it makes approving updates easier. You can show only, for example, Critical, definition, and security updates for Win7, then approve them all for the Win7 WSUS groups. Then everything else should happen automatically including reboots if needed.
Also, I have clients checking WSUS for updates ever 6 hours. So if I do approve an update, the clients will download the update from WSUS, then install it according to the schedule set in group policy.
-
Well crap... I'm back to having that connection error again. I only have about 8 computers added to WSUS and I've deselected a bunch of products and classifications I didn't really need. Should I consider increasing the private memory limit and queue lengths again?
I haven't had the connection error since I made those changes Tim_G suggested I make to the WSUS resource pool. It's worth mentioning that the server has been pretty slow since adding the WSUS role. I literally have nothing else running on this system and it's a dual six-core processors (@ 2.20 GHz) and 56.0 GB of memory. I thought this would be sufficient..
-
My system is a VM with 6 GB ram and 2 vCPU.
Your resources are way over kill.
-
We've got ~500 systems on 8GB of RAM with 2vCPUs.
-
I get the error posted in the OP every now and again from the WSUS console on my Win10 PC. A reset always reconnects it.
-
I have a VM with 2vCPU and 8 GB of RAM for WSUS and about 250 devices.
-
Holy crap... I don't understand why it keeps getting disconnected or why it's chugging along. Although, it's reconnected now and seems to be stable.
One other question for you guys: What do you do about other non-Microsoft updates, like Java and Adobe. Does WSUS cover any of that at all?
-
@dave247 said in Constant WSUS issues (Connection Errors):
Holy crap... I don't understand why it keeps getting disconnected or why it's chugging along. Although, it's reconnected now and seems to be stable.
One other question for you guys: What do you do about other non-Microsoft updates, like Java and Adobe. Does WSUS cover any of that at all?
I've used a combination of pdq inventory and pdq deploy for managing 3rd party updates
-
@irj said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
Holy crap... I don't understand why it keeps getting disconnected or why it's chugging along. Although, it's reconnected now and seems to be stable.
One other question for you guys: What do you do about other non-Microsoft updates, like Java and Adobe. Does WSUS cover any of that at all?
I've used a combination of pdq inventory and pdq deploy for managing 3rd party updates
We have DesktopCentral. I guess I will keep using that for 3rd party updates as well as some software deployment.
-
@dave247 said in Constant WSUS issues (Connection Errors):
Well crap... I'm back to having that connection error again. I only have about 8 computers added to WSUS and I've deselected a bunch of products and classifications I didn't really need. Should I consider increasing the private memory limit and queue lengths again?
I haven't had the connection error since I made those changes Tim_G suggested I make to the WSUS resource pool. It's worth mentioning that the server has been pretty slow since adding the WSUS role. I literally have nothing else running on this system and it's a dual six-core processors (@ 2.20 GHz) and 56.0 GB of memory. I thought this would be sufficient..
Maybe it's busy downloading every available update.
I made sure to set it to only download approved updates. That's saves so much space and bandwidth.
But yeah that's way overkill on server resources. I use similar to what others mentioned with over 600 managed devices.
I've been doing WSUS for years and don't have these issues. The only issue I had cleared up and never came back... the one I said earlier.
-
@tim_g said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
Well crap... I'm back to having that connection error again. I only have about 8 computers added to WSUS and I've deselected a bunch of products and classifications I didn't really need. Should I consider increasing the private memory limit and queue lengths again?
I haven't had the connection error since I made those changes Tim_G suggested I make to the WSUS resource pool. It's worth mentioning that the server has been pretty slow since adding the WSUS role. I literally have nothing else running on this system and it's a dual six-core processors (@ 2.20 GHz) and 56.0 GB of memory. I thought this would be sufficient..
Maybe it's busy downloading every available update.
I made sure to set it to only download approved updates. That's saves so much space and bandwidth.
But yeah that's way overkill on server resources. I use similar to what others mentioned with over 600 managed devices.
I've been doing WSUS for years and don't have these issues. The only issue I had cleared up and never came back... the one I said earlier.
ok I will look to set that option.. I'm sure I messed up somewhere in there..
-
@dave247 said in Constant WSUS issues (Connection Errors):
@tim_g said in Constant WSUS issues (Connection Errors):
@dave247 said in Constant WSUS issues (Connection Errors):
Well crap... I'm back to having that connection error again. I only have about 8 computers added to WSUS and I've deselected a bunch of products and classifications I didn't really need. Should I consider increasing the private memory limit and queue lengths again?
I haven't had the connection error since I made those changes Tim_G suggested I make to the WSUS resource pool. It's worth mentioning that the server has been pretty slow since adding the WSUS role. I literally have nothing else running on this system and it's a dual six-core processors (@ 2.20 GHz) and 56.0 GB of memory. I thought this would be sufficient..
Maybe it's busy downloading every available update.
I made sure to set it to only download approved updates. That's saves so much space and bandwidth.
But yeah that's way overkill on server resources. I use similar to what others mentioned with over 600 managed devices.
I've been doing WSUS for years and don't have these issues. The only issue I had cleared up and never came back... the one I said earlier.
ok I will look to set that option.. I'm sure I messed up somewhere in there..
Yeah, a server busy doing downloads/catalog updates, etc can definitely cause it to be sluggish. You also need to do weekly if not daily maintenance on WSUS (or use the scripts posted on SW) to keep WSUS tight.