This is a simple script to list all the SCCM objects that have duplicate names
Basically , as my dad would say, WSUS has got its knickers in a knot, as by default the application pool is limited to RAM.
It needs a heeeeeeeeaaaaaaaaaaaaap of RAM and time for it to run to unravel it’s self.
Plus it needs a bunch of reconfiguration of the app pool as listed below
After that you will then be able to see what amount of ram it needs on a day to day basis
Increase temporarily the RAM on the server.
When I say increase give it 2 or 3 times the RAM.
Un-limit the memory used by the AppPool (Private memory limit = 0)
The rest of this is stolen from here
|1. On your WSUS Server, launch the IIS Manager
2. Open Application Pools
3. Right click ‘WsusPool’ and select ‘Advanced Settings…’
4. To support the maximum SCCM Software Update Point clients, change ‘Queue Length’ from the default 1,000 to 25,000
5. Change ‘”Service Unavailable” Response Type’ from the default HttpLevel to TcpLevel
|6. Change ‘Failure Interval (minutes) from the default 5 to 30
7. Change ‘Maximum Failures’ from the default 5 to 60
8. Click ‘OK’ to save the App Pool changes
9. Recycle the application pool.
10. If the memory is not reduced : Restart the WSUS Administration Website
11. If the memory is not reduced : Restart the World Wide Web Publishing Service
Monitor, but eventually after a few days you should not see the “new normal” for the RAM required for the application pool to run
Then after a week reduce the memory to the new normal
Another weird one – KB4457144 was deployed to a collection of computers. On those that said it was still required, if you forced Software updates evaluation, it would error in the event log with
Package KB4457144 failed to be changed to the Installed state. Status: 0x80070017
A weird one – KB3114874 was deployed to a collection of computers. On those that said it was still required, if you forced Software updates evaluation, it would not show in the windows update log as being installed, or failing to install. Nothing, nada, zip! If you check what updates were installed , it was not listed. If I used my Get-UpdatesAvailableOnServer.ps1 script , it showed me what SCCM thought there was still outstanding.
Computername ArticleID Name URL
------------ --------- ---- ---
Computer1 3114874 Security Update for Microsoft Office 2010 (KB3114874) 32-Bit Edition https://support.microsoft.com/kb/3114874
There was a disconnect between the SCCM Client and Windows Update
So I used my SCCM Client Sledgehammer to reset the SCCM Client and low and behold the KB now installed fine!
The following is a SCCM Client Health Checklist that I run through.
The following code forces a reset/repair of the Windows Update Client on a device. It is based on https://support.microsoft.com/en-us/help/10164/fix-windows-update-errors
Fixes errors in WindowsUpdate.log
Windows Cumulative Updates require that you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). This helps to mitigate potential issues while installing the LCU.
Answers to what versions of ADK, MDT, SCCM, ADMX, RSAT and VSLC that I need for Windows 10 Version 1809 Continue reading…
SCCM – Windows update log error 0x8024800a correlates to SCCM Client Error 25140, Event ID 10005 . Typically when I find updates failing and errors in the WindowsUpdate.Log, I use my Sledgehammer to reset Windows Update.
After that , I start suspecting a SCCM client issue
Good demo on using Credential Guard to mitigate Pass the hash attacks