BritV8 | IT at Full Throttle...trying to avoid the speed bumps.....

SCCM – Fixing SUP Memory Issues

Posted on November 28, 2018 by BritV8Admin Leave a comment

Basically , as my dad would say, WSUS has got its knickers in a knot, as by default the application pool is limited to RAM.

It needs a heeeeeeeeaaaaaaaaaaaaap of RAM and time for it to run to unravel it’s self.

Plus it needs a bunch of reconfiguration of the app pool as listed below

After that you will then be able to see what amount of ram it needs on a day to day basis

Increase temporarily the RAM on the server.

When I say increase give it 2 or 3 times the RAM.

Un-limit the memory used by the AppPool (Private memory limit = 0)

The rest of this is stolen from here

https://blogs.msdn.microsoft.com/the_secure_infrastructure_guy/2015/09/02/windows-server-2012-r2-wsus-issue-clients-cause-the-wsus-app-pool-to-become-unresponsive-with-http-503/

1. On your WSUS Server, launch the IIS Manager

2. Open Application Pools

3. Right click ‘WsusPool’ and select ‘Advanced Settings…’

4. To support the maximum SCCM Software Update Point clients, change ‘Queue Length’ from the default 1,000 to 25,000

5. Change ‘”Service Unavailable” Response Type’ from the default HttpLevel to TcpLevel

6. Change ‘Failure Interval (minutes) from the default 5 to 30

7. Change ‘Maximum Failures’ from the default 5 to 60

8. Click ‘OK’ to save the App Pool changes

9. Recycle the application pool.

10. If the memory is not reduced : Restart the WSUS Administration Website

11. If the memory is not reduced : Restart the World Wide Web Publishing Service

Monitor, but eventually after a few days you should not see the “new normal” for the RAM required for the application pool to run

Then after a week reduce the memory to the new normal

SCCM – KB4457144 not installing Error 0x80070017 0x80240022[Solved]

Posted on November 16, 2018 by BritV8Admin Leave a comment

Another weird one – KB4457144 was deployed to a collection of computers. On those that said it was still required, if you forced Software updates evaluation, it would error in the event log with

Package KB4457144 failed to be changed to the Installed state. Status: 0x80070017

1	Package KB4457144 failed to be changed to the Installed state. Status: 0x80070017

SCCM – KB3114874 not installing [Solved]

Posted on November 13, 2018 by BritV8Admin Leave a comment

A weird one – KB3114874 was deployed to a collection of computers. On those that said it was still required, if you forced Software updates evaluation, it would not show in the windows update log as being installed, or failing to install. Nothing, nada, zip! If you check what updates were installed , it was not listed. If I used my Get-UpdatesAvailableOnServer.ps1 script , it showed me what SCCM thought there was still outstanding.

Computername ArticleID Name                                                                 URL                                     
------------ --------- ----                                                                 ---                                    
Computer1     3114874   Security Update for Microsoft Office 2010 (KB3114874) 32-Bit Edition https://support.microsoft.com/kb/3114874

1

2

3

Computername ArticleID Name URL

------------ --------- ---- ---

Computer1 3114874 Security Update for Microsoft Office 2010 (KB3114874) 32-Bit Edition https://support.microsoft.com/kb/3114874

There was a disconnect between the SCCM Client and Windows Update

So I used my SCCM Client Sledgehammer to reset the SCCM Client and low and behold the KB now installed fine!

SCCM – SCCM Client Health Checklist

Posted on November 9, 2018 by BritV8Admin Leave a comment

The following is a SCCM Client Health Checklist that I run through.

Powershell – Windows Update Client Sledgehammer aka Reset-WUClient

Posted on November 1, 2018 by BritV8Admin Leave a comment

The following code forces a reset/repair of the Windows Update Client on a device. It is based on https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors

Fixes errors in WindowsUpdate.log

0x80070002
0x8024400D
0xc80003f3
0x8024000b
0x8024001E
0x800706B5
hr=8024AFFF

October Servicing Stack Update Changes in Classification

Posted on October 30, 2018 by BritV8Admin Leave a comment

Windows Cumulative Updates require that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). This helps to mitigate potential issues while installing the LCU.

Windows 10 1809 ADK MDT SCCM ADMX RSAT and VSLC Requirements

Posted on October 3, 2018 by BritV8Admin Leave a comment

Answers to what versions of ADK, MDT, SCCM, ADMX, RSAT and VSLC that I need for Windows 10 Version 1809 Continue reading…

SCCM – Windows update log error 0x8024800a correlates to SCCM Client Error 25140, Event ID 10005 [SOLVED]

Posted on September 30, 2018 by BritV8Admin Leave a comment

SCCM – Windows update log error 0x8024800a correlates to SCCM Client Error 25140, Event ID 10005 . Typically when I find updates failing and errors in the WindowsUpdate.Log, I use my Sledgehammer to reset Windows Update.

After that , I start suspecting a SCCM client issue

Security – Pass the Hash – MimiKatz and Credential guard

Posted on August 30, 2018 by BritV8Admin Leave a comment

Good demo on using Credential Guard to mitigate Pass the hash attacks

https://channel9.msdn.com/Blogs/windowsserver/Credential-Guard-and-Remote-Guard-in-Windows-Server-2016

Powershell – SCCM Client Sledgehammer aka Reset-CMClient

Posted on July 27, 2018 by BritV8Admin Leave a comment

The following code forces a reset/repair of the SCCM Client on a device. It is very basic, but it succeeds where Install-CMClient fails even if you force the uninstall before installing Continue reading…

December 2018
M	T	W	T	F	S	S
« Nov
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31