Unexpected high network bandwidth consumption when clients scan for updates from local WSUS server
This article helps you fix an issue in which unexpectedly high network bandwidth consumption occurs when clients scan for updates from the local Windows Server Update Services (WSUS) server.
Original product version: Windows 8.1, Windows 10
Original KB number: 4163525
Microsoft System Center Configuration Manager customers report high network bandwidth usage for environments that employ WSUS. Some instances of the behavior started on February 13, 2018, and some started on March 13, 2018.
Affected operating systems are Windows 10 (all builds), and Windows 8.1. Customers report remarkably high-bandwidth usage on the WSUS TCP port.
The Microsoft Compatibility Appraiser, which is used for Windows Analytics, is querying Windows Update agent in such a way that the Appraiser causes the Update Agent to discard part of its cache of update metadata. When a scan is next run for updates by Configuration Manager or Automatic Updates, or when the user selects Check for Updates, the metadata for these updates is downloaded from WSUS again.
To fix the issue, install the following updates, as applicable.
|Windows version||Windows update|
|Windows 10, version 1803||September 20, 2018-KB4458469 (OS Build 17134.319)|
|Windows 10, version 1709||September 20, 2018-KB4457136 (OS Build 16299.697)|
|Windows 10, version 1703||October 18, 2018-KB4462939 (OS Build 15063.1418)|
|Windows 10, version 1607||September 20, 2018-KB4457127 (OS Build 14393.2517)|
|Windows 8.1||October 18, 2018-KB4462921 (Preview of Monthly Rollup)|
Determine whether clients are using an affected version of the Microsoft Compatibility Appraiser. Check the modified date for the following binaries that are located in
C:\Windows\System32, and verify that they are from February 2018 or a later date:
The Windows Appraiser is run through the scheduled task in Task Schedulers > Task Scheduler Library > Microsoft > Windows > Application Experience > Microsoft Compatibility Appraiser.
We have issued an update that limits how often the Appraiser runs the Windows Update query that causes this problem. This should help reduce bandwidth usage, although it may not fully eliminate higher-than-normal usage.
To receive the change, your clients must be able to access both of the following addresses:
You can determine whether clients received this update by checking the value for the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser: LastAttemptedRunDataVersion
The following values indicate that the client has received the update.
|Operating system version||Client update value|
|Windows 10, version 1709||1704 or 1752|
|Windows 10, version 1703||1799|
|Windows 10, version 1607||1799|
|Windows 10, version 1511||1799|
|Windows 10, version 1507||1799|
LastAttemptedRunDataVersion is updated when CompatTelRunner.exe is executed. This generally runs daily as part of the Microsoft Compatibility Appraiser scheduled task. However, it can be run manually without arguments:
This value varies between operating systems.
If clients are blocked from reaching these addresses, you have to unblock them.
Newer versions of CompatTelRunner.exe and Appraiser.dll
The following Windows updates use newer versions of CompatTelRunner.exe and Appraiser.dll that implement less frequent scanning. This avoids the need to unblock the URLs to obtain this update.
July 11, 2018
|Windows version||Windows update|
|Windows 10, version 1709||June 21, 2018-KB4284822 (OS Build 16299.522)|
|Windows 10, version 1703||June 21, 2018-KB4284830 (OS Build 15063.1182)|
|Windows 10, version 1607||June 21, 2018-KB4284833 (OS Build 14393.2339)|
|Windows 8.1||Compatibility update for keeping Windows up-to-date in Windows 8.1|