SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr

SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr. I worked with Microsoft support for an SCCM SUP-related issue on one SCCM CB 1706 environment.

The support engineer was helpful, and she helped to set up the best practices for IIS settings required for remote WSUS/SUP.

All the servers referring to this post are running with Server 2012 R2 OS. This post will help you get details about a couple of Best Practices Related to IIS for SCCM SUP WSUS Setup.

Is this post related to WSUS SUP causing high CPU?

SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr
SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr

No, this post is not related to the issue which caused high CPU usage for WSUS servers. Microsoft has already released a fix for the issue explained in the KB 4039396. The KB4039396 addressed the issue with WSUS update metadata processing that can cause some clients to time out with a 0x8024401c error.

Patch My PC

I also have a video tutorial published several months back about the SCCM Software Update process. That post covers the end-to-end patching process and troubleshooting tips. You can check out the post “Video Tutorial to Learn SCCM ConfigMgr CB Software Update Patching Process“.

Best Practice – IIS – WSUS App Pool – Queue Length for SCCM CB SUP?

I have a remote WSUS + SCCM SUP server installed on 2012 R2. When the SUP is hosted on a remote server, then we can have a maximum of 150,000 clients for that SUP. 

A SUP that is remote from the site server can support up to 150,000 clients when the remote computer meets the WSUS requirements to support this number of clients.

So, I was planning to have 30,000 clients under that SUP. Hence, we set the WSUS app pool (Application Pool) queue length as 30,000, as you can see in the following screen capture.

Adaptiva

How to Configure IIS WSUS Application Pool? – SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr

  • Launch Server Manager – Launch IIS Manager
  • IIS Console – Click on Application Pools
  • Right-click ‘WsusPool’ and select ‘Advanced Settings’
  • Change the value of ‘Queue Length’ under the General section from the default 1,000 to 30,000
  • Click OK to save and Reset the IIS
SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr
SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr

What is Queue Length? – The maximum number of requests that HTTP .sys will queue for the application pool. New requests receive a 503 “Service Unavailable” response when the queue is full.

Best Practice – IIS WSUS App Pool – Private memory limit Settings for Remote SUP/WSUS Server

The private memory limit is set in KB. The maximum amount of private memory a worker process can consume before causing the application pool to recycle. A value of 0 means there is no limit. If you have only a WSUS/SUP role on a dedicated server like me, you can set the private memory limit to 0. Otherwise, you should be careful about these settings.

When you all the site system roles on a single server, you should be very careful with the private memory limit setting of the WSUS Application pool. In that case, my recommendation is NOT to set 0 as a private memory limit setting. This setting should be as per the hardware configuration of your SCCM site system server.

How to Open IIS WSUS Application Pool – Advanced Settings?

  • Launch Server Manager – Launch IIS Manager
  • IIS Console – Click on Application Pools
  • Right-click ‘WsusPool’ and select ‘Advanced Settings’
  • Change the value of ‘Private Memory Limit’ under the Recycling section from the default 4000000 to 0 (Updated 11th June 2019 – Check the comment below)
  • Click OK to save and restart the IIS service
SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr
SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr

References

  • WSUS SUP causes high CPU and clients fail updates scan – here
  • What are the best practices for Software Updates/Patching in SCCM – here
  • Windows Server 2012 R2 WSUS Issue: Clients cause the WSUS App Pool to become unresponsive with HTTP 503 – here

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc……………

9 thoughts on “SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr”

  1. Hi Anoop,

    Great article, I refer back to this when setting up new SUPs even though I’ve done it a few times and have a fair idea what I’m doing, just to refresh my memory.

    Just a note, in your screenshots you’ve changed “Service Unavailable” Response Type to TcpLevel, but you haven’t actually mentioned doing it in the text anywhere.

    I know this is a thing that should be done, as I’ve read it elsewhere, perhaps you could add it to the text as well for those that are unsure.

    Reply
  2. Hi, Anoop

    Think your Private Memory Limit is missing a zero. Is that showing 400MB? I’ve just checked your screenshot and that is correct, though.

    Best wishes…

    Reply
  3. Hi Anoop,
    at the moment we have problems to set the queue for a depot. The default of 1000 will give clients a 503 when dowloading a task sequence, and than nothing happens, they retry it 2 or 3 times and than nothing.

    So, we want to set it to 15000, but, the depot iis is auto reconfiguring itself. My question:
    where we have to set the queue length so, that auto reconf does not overwrite the custom config

    Or,
    where can we disable auto reconfiguring?

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.