SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr. I worked with Microsoft support for an SCCM SUP-related issue on one SCCM CB 1706 environment.
The support engineer was helpful and helped set up the best practices for IIS settings required for remote WSUS/SUP.
All the servers referred to in this post are running with Server 2012 R2 OS. This post will provide details about a couple of Best Practices Related to IIS for SCCM SUP WSUS Setup.
No, this post is unrelated to the issue that caused high CPU usage for WSUS servers. Microsoft has already released a fix for the problem explained in the KB 4039396. The KB4039396 addressed the WSUS update metadata processing issue that can cause some clients to time out with a 0x8024401c error.
Table of Contents
- Free SCCM Training 37 Hours of Latest Technical Content Lab Setup
- List of SCCM MP IIS Virtual Directories | ConfigMgr | MEMCM
- Install WSUS for ConfigMgr Software Update Point Role | SUP | SCCM
- IIS Troubleshooting Tips for SCCM Admins|MP DP IIS Error Codes
What is Queue Length?
The maximum number of requests that HTTP .sys will queue for the application pool. When the queue is full, new requests receive a 503 “Service Unavailable” response.
SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager
I also published a video tutorial several months ago about the SCCM Software Update process. That post covers the end-to-end patching process and troubleshooting tips. You can check out the post “Video Tutorial to Learn SCCM ConfigMgr CB Software Update Patching Process.”
Best Practice – IIS – WSUS App Pool – Queue Length for SCCM CB SUP?
I have a remote WSUS + SCCM SUP server installed on 2012 R2. When the SUP is hosted on a remote server, we can have 150,000 clients for that SUP. A remote SUPe from the site server can support up to 150,000 clients when the remote computer meets the WSUS requirements to support this number of clients.
- I was planning to have 30,000 clients under that SUP, so we set the WSUS app pool (Application Pool) queue length to 30,000, as you can see in the following screen capture.
- How to Configure IIS WSUS Application Pool? – SCCM Best Practices Related to IIS for SCCM SUP WSUS Setup Configuration Manager ConfigMgr.
| How to Configure IIS WSUS Application Pool? |
|---|
| Launch Server Manager – Launch IIS Manager |
| IIS Console – Click on Application Pools |
| Change the value of ‘Queue Length‘ under the General section from the default 1,000 to 30,000 |
| Click OK to save and Reset the IIS |
Best Practice – IIS WSUS App Pool – Private Memory Limit Settings for Remote SUP/WSUS Server
The private memory limit is set in KB. The maximum amount of private memory a worker process can consume before causing the application pool to recycle. A value of 0 means there is no limit. If you have only a WSUS/SUP role on a dedicated server like me, you can set the private memory limit to 0. Otherwise, it would be best if you were careful about these settings.
How Do I Open the IIS WSUS Application Pool – Advanced Settings?
When you have all the site system roles on a single server, you should be very careful with the private memory limit setting of the WSUS Application pool. In that case, I recommend not to set 0 as a private memory limit setting. This setting should be as per the hardware configuration of your SCCM site system server.
- Launch Server Manager – Launch IIS Manager
- IIS Console – Click on Application Pools
- Right-click ‘WsusPool‘ and select ‘Advanced Settings’
- Change the value of ‘Private Memory Limit‘ under the Recycling section from the default 4000000 to 0 (Updated 11th June 2019 – Check the comment below)
- Click OK to save and restart the IIS service
References
- WSUS SUP causes high CPU and clients fail updates scan – here
- What are the best practices for Software Updates/Patching in SCCM – here
- Windows Server 2012 R2 WSUS Issue: Clients cause the WSUS App Pool to become unresponsive with HTTP 503 – here
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.
Author
Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.
Hi Anoop,
Great article, I refer back to this when setting up new SUPs even though I’ve done it a few times and have a fair idea what I’m doing, just to refresh my memory.
Just a note, in your screenshots you’ve changed “Service Unavailable” Response Type to TcpLevel, but you haven’t actually mentioned doing it in the text anywhere.
I know this is a thing that should be done, as I’ve read it elsewhere, perhaps you could add it to the text as well for those that are unsure.
Thank you Philip!
Hi, Anoop
Think your Private Memory Limit is missing a zero. Is that showing 400MB? I’ve just checked your screenshot and that is correct, though.
Best wishes…
Thank you much James. Updated now 🙂
do we need to change response type to tcplevel or not??
Me funciono. Muchas Gracias por el aporte.
de nada
Hi Anoop,
at the moment we have problems to set the queue for a depot. The default of 1000 will give clients a 503 when dowloading a task sequence, and than nothing happens, they retry it 2 or 3 times and than nothing.
So, we want to set it to 15000, but, the depot iis is auto reconfiguring itself. My question:
where we have to set the queue length so, that auto reconf does not overwrite the custom config
Or,
where can we disable auto reconfiguring?
Thank You,
Private Memory to 0 fixed my broken SUP