WSUS Application Pool IIS Advanced Settings

WsusPool keeps crashing: stops again and again

Sometimes you find your WSUS server keeps crashing over and over again. The WSUS application pool periodically stops, WSUS is unavailable and/or the WSUS management console hangs. When you start to investigate as to why Windows Server Update Services crashes, you’ll notice the following error message being logged in the HTTPErr log files:

2017-05-08 05:03:53 203.0.113.144 56433 203.0.113.4 80 HTTP/1.1 POST /SimpleAuthWebService/SimpleAuth.asmx 503 707060612 AppOffline WsusPool

In the Eventlog you might find errors indicating that the WSUS administration console is unable to connect to WSUS Server via remote API:

The WSUS administration console was unable to connect to the WSUS Server via the remote API.

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

Sometimes clients checking for Windows Updates would quickly error out with a code 0x80244021, which indicates the inability to reach WSUS. Let’s optimize WSUS performance and improve Windows Server Update Services (WSUS) availability to stop the WSUS application from crashing.

How to improve Windows Server Update Services (WSUS) availability

To improve WSUS availability, you need to increase IIS Private Memory Limit. The default limit is set to 1843200KB. And when an IIS worker process uses more than 2GB, WSUS crashes and the problem occurs.

Increase Private Memory Limit (KB) to a higher number that fits your server specifications or simply 0, which means no limit, instead of the hard-coded 1843200. Follow this path to find the setting:

WSUS Application Pool IIS Advanced Settings
WSUS Application Pool IIS Advanced Settings

Internet Information Services (IIS) Manager → Server → Application Pools → Select “WSUSPool” → Actions Advanced → Recycling → change “Private Memory Limit (KB)”.

This’ll improve WSUS availability.

A second approach may be to set Enable 32-Bit Applications to False in the Application Pools Advanced Settings. This’ll disable the 32-bit mode for WSUSPool, and forces it to run 64-bit. Be sure to have an ISAPI Filter set for 64-bit Framework as well!

  • Open IIS Manager on the WSUS server.
  • Browse to the website being used by WSUS. Depending on the WSUS configuration, this will typically be either the Default Web Site or a site named WSUS Administration.
  • Double-click ISAPI Filters.
  • Verify there is an entry that corresponds to ASP.Net v4.0 (the specific version number may vary) and has an Executable path set with Framework64.

In PowerShell you can use the following:

(Get-WebConfiguration "/system.applicationHost/applicationPools/add[@name='WsusPool']").enable32BitAppOnWin64Code language: JavaScript (javascript)

And

Get-WebConfigurationProperty -PSPath "IIS:\Sites\WSUS Administration" -Filter /system.webServer/isapiFilters -Name Collection[path="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll"]Code language: JavaScript (javascript)

Set WsusPool “Private Memory Limit” value using PowerShell

Of course you can use PowerShell to set WsusPool’s Private Memory Limit to 0. Just use the following webadministration module example:

Set-WebConfiguration "/system.applicationHost/applicationPools/add[@name='WsusPool']/recycling/periodicRestart/@privateMemory" -Value 0Code language: JavaScript (javascript)

WSUS Maintenance and Server Cleanup Wizard

Learn how to clean up WSUS, how to re-index the WSUS 3.0 database, and how to get the WSUS version in PowerShell (thanks to Johan de Haan @ Serverfault):

[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("wsus-server",$False)
$wsus.VersionCode language: PHP (php)

You can use server cleanup to free up old computers, updates and update files from your server. I recommend to perform this action regularly. Go to Options -> Server Cleanup Wizard, and follow the steps.

WSUS Server Cleanup Wizard screen 1
WSUS Server Cleanup Wizard screen 2
WSUS Server Cleanup Wizard screen 3

I just performed a cleanup prior to making these images…

learn how to fix the issue when WSUS is downloading patches extremely slow. Force BITS to ForegroundPriority in WSUS’ configuration.

Conclusion and giveaway

In this post you learned how to improve Windows Server Update Services (WSUS) availability. Because sometimes you find your WSUS server keeps crashing over and over again, WSUS is unavailable and/or the WSUS management console hangs.

When you start to investigate as to why Windows Server Update Services crashes, you notice the error messages being logged in the HTTPErr log files. In the Eventlog you might find errors indicating that the WSUS administration console is unable to connect to WSUS Server via remote API. Sometimes clients checking for Windows Updates would quickly error out with a code 0x80244021, which indicates the inability to reach WSUS. Following this post, you fixed error code 0x80244021 in Windows Server Update Services.

You also learned that in order to improve WSUS availability, you need to increase IIS Private Memory Limit. The default limit is set to 1843200KB. When an IIS worker process uses more than 2GB, WSUS crashes and the problem occurs.

Protip: Donate $10, 20 or 30 through Paypal (or see my donate page) and support this site. Thank you <3

Jan Reilink

Hi, my name is Jan. I am not a hacker, coder, developer or guru. I am merely an application manager / systems administrator, doing my daily thing at Embrace - The Human Cloud. In the past I worked for clidn and Vevida. With over 20 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization. I blog at https://www.saotn.org.

29 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Carl Merritt
17/02/2021 18:53

And still relevant here in 2021 on a Windows Server 2019 installation. Sigh…
Also FWIW, if you have lots of resoruces, I find better and more reliable performance by increasing the IIS worker count a bit as well.

Michel D.
08/05/2020 17:30

Thank you for posting the fix. For those who fixed it, how much memory did you allocate to the WSUS pool?

Did you try the 64 bits mode as well?

Payamps
05/12/2019 17:55

This fixed my issue, thank you!

Hasan
23/10/2019 09:42

Thank you sir.

Wolfgang Heid
21/07/2019 15:37

How can I say THANK YOU loud enough! After hours of reading, testing and trying, I found your post. Setting up System Managed Paging files on my Azure Machine and then setting memory to 0 as you suggested for both Private Memory and Virtual Memory, followed by a reboot got me up and running in a few seconds!

Dave
25/06/2019 22:27

Excellent advice. Well done.

Evil-A
21/05/2019 01:46

May 2019 still working (saving lifes) on Windows Server 2016!

Michael Dutcher
10/04/2019 01:01

This worked for me. Thx!

Baf
08/03/2019 15:49

Thanks for this! One thing I discovered was that my WSUSPool was stopped when I initially looked at the Private Memory Limit. With it stopped it reads 0. Luckily, I started it and then checked the value again and it was at the default 1843200. So, make sure your WSUSPool is running before inspecting the values!

Cheers!

Christian
12/12/2018 16:38

This fixed my issue!

Thanks.

05/10/2018 17:24

Unfortunately, this does not resolve the issue for my installation. I’ve tried using the console on the server, and using the remote console on my computer. I still get timeout errors even with 24GB of RAM and a fresh reboot of the server.

Ian Simons
10/09/2018 17:26

I WISH I had found this post before constantly having to remove/reapply the WSUS role to our server – this issue has been bugging me off and on for a couple of years now. Increased the AppPool memory to 8GB and ZAP! instant performance! Thank you SO much for this.

Alex Gibson
24/07/2018 23:54

This tweak is essential for the product to work correctly. Only the most minor of reporting was available to us w/o implementing this change on our WSUS Server 2016.

Thank you very much for discovering and writing this up.

Jack H
11/07/2018 06:42

Still relevant July 2018 on Server 2016. THANK YOU.

Steve
20/06/2018 07:05

Phew, I could’ve sworn I’d changed this setting on the server, turns out I hadn’t, set it to 0 and no more 503 errors, thank you!

KB
11/05/2018 20:51

You are the Man!

Andrea Soc
13/04/2018 16:24

I love you ! thanks , you are solved my frustating problem..

Anonymous
25/01/2018 18:39

This worked for me. Thanks!

O.V
04/12/2017 18:52

Thanks, Man. Your solution has saved the day!

Alex Felipe
16/11/2017 21:54

Thanks for this post, I’ve been this same (boring) problem.

Anonymous
13/10/2017 07:58

This is a good post! thanks…

I’ve been looking for this answer