IIS Worker Role (WSUS) Causing HIGH CPU Utilization 100%

Problem Statment: Client failed to Scan for updates and WSUS server CPU utilization (w3wp.exe) process explode to 99%/100%. Some Clients pass through, few have failed the root cause is Windows 10 Client getting a cumulative update, or example, KB4022723, KB4022715, KB4025339, etc. See here for the list of Windows 10 1607 updates.

Microsoft is aware of the known issue with KB4034658 and currently investigating to provide the hotfix.

Symptoms :

  • High CPU on your WSUS server – 70-100% CPU in w3wp.exe hosting WsusPool.
  • WSUSPool worker process (w3wp.exe) high memory utilization.
  • Constant recycling of the W3wp.exe hosting the WsusPool
  • Clients failing to scan with 8024401c (timeout) errors in the WindowsUpdate.log
  • Mostly 500 errors for the /ClientWebService/Client.asmx requests in the IIS logs

Remediation :

1) Stop the WSUS service and go to IIS manager\application pools and then open the advanced settings on the WSUSPool.

2)Set CPU memory limits to 50% (You can move it up to 70\80 once your CPU usage has stopped hitting 100% for a couple days).

3) Private Memory Limit: Set to 10 GB, minimum of 8 GB recommended by Microsoft.
Set to 0 for unlimited, depends on your current environment.

4) Queue length is kept at 15000 but it depends on how many clients its supporting at your site, however increasing this can help.

5) Now if you are having connection errors when connecting to the WSUS console you need to get onto the SUS_DB.

6) Add Server memory and CPU’s for virtual environments. If you have hotplug enable for your VM’s you can do it directly else have change control to get it done.

7) Clean WSUS obsolete updates :
Run the store procedure “spGetObsoleteUpdatesToCleanup” to gather the amount of obsolete updates. If you haven’t cleaned by past 1 year you could have WSUS DB nearly to 1000+ updates.
Note: It’s highly recommended to clean WSUS on a timely basis, every year should be better in my opinion.

8) Now run the following script to delete them:

DECLARE @var1 INT
DECLARE @msg nvarchar(100)

CREATE TABLE #results (Col1 INT)
INSERT INTO #results(Col1) EXEC spGetObsoleteUpdatesToCleanup

DECLARE WC Cursor
FOR
SELECT Col1 FROM #results

OPEN WC
FETCH NEXT FROM WC
INTO @var1
WHILE (@@FETCH_STATUS > -1)
BEGIN SET @msg = ‘Deleting ‘ + CONVERT(varchar(10), @var1)
RAISERROR(@msg,0,1) WITH NOWAIT EXEC spDeleteUpdate @localUpdateID=@var1
FETCH NEXT FROM WC INTO @var1 END
CLOSE WC
DEALLOCATE WC
DROP TABLE #results

9) Run WSUS Server Cleanup Wizard to remove “Superseded and Expired Updates ” as well.

10) After Cleanup is finished , we need to re-index WSUS database , run below script

Download here . For more details how to Cleanup WSUS click here.

Microsoft is working to provide hotfix ASAP for this open issue, till then follow above steps to keep your WSUS environment healthy.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s