In this post you learn how you can optimize the availability of your Windows Server Update Services (WSUS) instance. After optimization, client computers won't error out with error code 0x80244021 when checking for Windows Updates. Also the WSUS application pool stops crashing when you've optimized WSUSPool configuration in IIS and the WSUS management console won't hang anymore. So let's optimize WSUS performance and improve Windows Server Update Services (WSUS) availability to stop the WSUS application from crashing.
When you start to investigate as to why Windows Server Update Services crashes, you'll notice the following error message being logged in the HTTPErr log files:
2017-05-08 05:03:53 203.0.113.144 56433 203.0.113.4 80 HTTP/1.1 POST /SimpleAuthWebService/SimpleAuth.asmx 503 707060612 AppOffline WsusPool
In the Eventlog you might find errors indicating that the WSUS administration console is unable to connect to WSUS Server via remote API:
The WSUS administration console was unable to connect to the WSUS Server via the remote API.
Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
Sometimes clients checking for Windows Updates would quickly error out with a code 0x80244021, which indicates the inability to reach WSUS. Let's stop the WSUS application from crashing.
How to improve Windows Server Update Services (WSUS) availability
WSUS implements an internal cache that retrieves the update metadata from the database. This operation is expensive and very memory intensive. It can cause the IIS application pool that hosts WSUS (known as WSUSPool) to recycle when WSUSPool overruns the default private and virtual memory limits. To improve WSUS availability, you need to increase IIS Private Memory Limit. The default limit is set to 1843200KB. And when an IIS worker process uses more than 2GB, WSUS crashes and the problem occurs.
Increase Private Memory Limit (KB) to a higher number that fits your server specifications or simply 0, which means no limit, instead of the hard-coded 1843200. Follow this path to find the setting:
Internet Information Services (IIS) Manager → Server → Application Pools → Select "WSUSPool" → Actions Advanced → Recycling → change "Private Memory Limit (KB)".
This'll improve WSUS availability.
A second approach may be to set Enable 32-Bit Applications to False in the Application Pools Advanced Settings. This'll disable the 32-bit mode for WSUSPool, and forces it to run 64-bit. Be sure to have an ISAPI Filter set for 64-bit Framework as well!
- Open IIS Manager on the WSUS server.
- Browse to the website being used by WSUS. Depending on the WSUS configuration, this will typically be either the Default Web Site or a site named WSUS Administration.
- Double-click ISAPI Filters.
- Verify there is an entry that corresponds to ASP.Net v4.0 (the specific version number may vary) and has an Executable path set with Framework64.
In PowerShell you can use the following:
(Get-WebConfiguration "/system.applicationHost/applicationPools/add[@name='WsusPool']").enable32BitAppOnWin64
And
Get-WebConfigurationProperty -PSPath "IIS:\Sites\WSUS Administration" `
-Filter /system.webServer/isapiFilters `
-Name Collection[path="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_filter.dll"]
Set WsusPool "Private Memory Limit" value using PowerShell
Of course you can use PowerShell to set WsusPool's Private Memory Limit to 0. Just use the following webadministration module example:
Set-WebConfiguration "/system.applicationHost/applicationPools/add[@name='WsusPool']/recycling/periodicRestart/@privateMemory" `
-Value 0
WSUS Maintenance and Server Cleanup Wizard
Learn how to clean up WSUS, how to re-index the WSUS 3.0 database, and how to get the WSUS version in PowerShell (thanks to Johan de Haan @ Serverfault):
[void][reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::getUpdateServer("wsus-server",$False)
$wsus.Version
You can use server cleanup to free up old computers, updates and update files from your server. I recommend to perform this action regularly. Go to Options -> Server Cleanup Wizard, and follow the steps.
I just performed a cleanup prior to making these images...
learn how to fix the issue when WSUS is downloading patches extremely slow. Force BITS to ForegroundPriority in WSUS configuration.
Conclusion and giveaway
In this post you learned how to improve Windows Server Update Services (WSUS) availability. Because sometimes you find your WSUS server keeps crashing over and over again, WSUS is unavailable and/or the WSUS management console hangs.
When you start to investigate as to why Windows Server Update Services crashes, you notice the error messages being logged in the HTTPErr log files. In the Eventlog you might find errors indicating that the WSUS administration console is unable to connect to WSUS Server via remote API. Sometimes clients checking for Windows Updates would quickly error out with a code 0x80244021, which indicates the inability to reach WSUS. Following this post, you fixed error code 0x80244021 in Windows Server Update Services.
You also learned that in order to improve WSUS availability, you need to increase IIS Private Memory Limit. The default limit is set to 1843200KB. When an IIS worker process uses more than 2GB, WSUS crashes and the problem occurs.