Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

WsusPool keeps crashing: stops again and again

Sometimes you find your WSUS server keeps crashing over and over again. WSUS is unavailable and/or the WSUS management console hangs. When you start to investigate as to why Windows Server Update Services crashes, you’ll notice the following error message being logged in the HTTPErr log files:

2017-05-08 05:03:53 203.0.113.144 56433 203.0.113.4 80 HTTP/1.1 POST /SimpleAuthWebService/SimpleAuth.asmx 503 707060612 AppOffline WsusPool

In the Eventlog you might find an error like:

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

 

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

And sometimes clients checking for Windows Updates would quickly error out with a code 0x80244021 which indicates the inability to reach WSUS.

How to improve Windows Server Update Services (WSUS) availability

To improve WSUS availability, you need to increase IIS Private Memory Limit. The default limit is set to 1843200KB. And when an IIS worker process uses more than 2GB WSUS crashes and the problem occurs.

Change Private Memory Limit (KB) to a higher number that fits your server specifications or simply 0 , which means no limit, instead of the hard-coded 1843200. Follow this path to find the setting:

WSUS Application Pool IIS Advanced Settings

WSUS Application Pool IIS Advanced Settings

Internet Information Services (IIS) Manager → Server → Application Pools → Select “WSUSPool” → Actions Advanced → Recycling → change “Private Memory Limit (KB)“.

This’ll improve WSUS availability.

This may interest you:   Tunnel RDP through SSH & PuTTY

Pro tip: to get the WSUS version in PowerShell (thanks to Johan de Haan @ Serverfault):

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("wsus-server",$False)
$wsus.Version

14 Comments

  1. I WISH I had found this post before constantly having to remove/reapply the WSUS role to our server – this issue has been bugging me off and on for a couple of years now. Increased the AppPool memory to 8GB and ZAP! instant performance! Thank you SO much for this.

  2. Alex Gibson

    24 July 2018 at 23:54

    This tweak is essential for the product to work correctly. Only the most minor of reporting was available to us w/o implementing this change on our WSUS Server 2016.

    Thank you very much for discovering and writing this up.

  3. Still relevant July 2018 on Server 2016. THANK YOU.

  4. Phew, I could’ve sworn I’d changed this setting on the server, turns out I hadn’t, set it to 0 and no more 503 errors, thank you!

  5. You are the Man!

  6. I love you ! thanks , you are solved my frustating problem..

  7. This worked for me. Thanks!

  8. Thanks, Man. Your solution has saved the day!

  9. Thanks for this post, I’ve been this same (boring) problem.

  10. This is a good post! thanks…

    I’ve been looking for this answer

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

36 queries, 0.592 seconds running PHP version 7.2.9
shares