question

GettnBetter-8602 avatar image
0 Votes"
GettnBetter-8602 asked RitaHu-MSFT commented

WSUS Server Cleanup Delete Unused Update Revisions fails often

I have an issue at all sites with WSUS cleanup. Specifically with Microsoft antivirus definitions and the deleting unused update revisions cleanup. After a period of time, it varies, this cleanup fails. I find myself having to set all updates in the WSUS database to unapproved and set all declined updates to unapproved. Then the cleanup works. After, I have to re-approve all updates. It's rather tedious.

We set only the antivirus and edge updates to auto-approve, this seems necessary to maintain reasonable workstation and server health. I like the Microsoft antivirus at our servers, it seems to work well. I also like the visibility of the update status. I'd actually prefer if these two portions of WSUS were moved to it's own service maybe.

Question is, am I doing something wrong that is causing this cleanup task to consistently fail? It seems to me that something is fundamentally wrong with this cleanup or the auto-declining of virus definitions is getting in the way.

windows-server-update-services
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

4 Answers

AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered GettnBetter-8602 commented

Are you performing the proper WSUS maintenance including but not limited to running the Server Cleanup Wizard (SCW), declining superseded updates, running the SQL Indexing script, etc.?

https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-8-wsus-server-maintenance/

There is more than just running the SCW!

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GettnBetter-8602 avatar image GettnBetter-8602 ·

Yes, I perform SQL index maintenance often and decline superseded updates. It's Server 2019 with only the WSUS role and I've gone through the best practices IIS settings, the SQL database is on it's own disk. The problem occurs when I run the SCW and check the delete unused updates. Once a month I find I have to un-decline all updates, then re-run the SCW with everything checked except removing workstations that have not contacted. This is the only way I can get the delete unused updates part to complete.

0 Votes 0 ·
AJTek-Adam-J-Marshall avatar image
0 Votes"
AJTek-Adam-J-Marshall answered

Curious - are your WSUS groups changing during these times?

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GettnBetter-8602 avatar image
0 Votes"
GettnBetter-8602 answered

I have seen this when I delete a group but none of the sites have created or deleted groups since last October. Computers are moved between groups fairly often.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RitaHu-MSFT avatar image
1 Vote"
RitaHu-MSFT answered RitaHu-MSFT commented

@GettnBetter-8602
Thanks for your posting on Q&A.

Here are several links which may be helpful.
https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/wsus-console-crashes

Please follow the below link to set up the WSUS Cleanup task in Task Scheduler to clean up the superseded ans expired updates.
https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/wsus-maintenance-guide#setting-up-the-wsus-cleanup-task-in-task-scheduler

In addition, please follow the below link to configure the Application Pool:
https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/windows-server-update-services-best-practices
It is useful in most cases.

Hope the above will be helpful.

Best regards,
Rita

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RitaHu-MSFT avatar image RitaHu-MSFT ·

@GettnBetter-8602
May I know the status of the case? Is there any update of the case?

Regards,
Rita

0 Votes 0 ·