How to resolve WSUS mmc console connection errors

Table of Contents

Issue #

You try to launch the WSUS MMC console but you receive the error below. This post provides guidance on how to resolve WSUS mmc console connection errors.

Error message: "An error occured trying to connect the WSUS server. This error can happen for a number of reasons. Check connectivity with the server. Please contact your network administrator if the problem persists.

Solution #

Root cause 1: Windows Services not running #

Check that all automatic Windows Services are up and running on the WSUS server. Occasionally you may find that the Windows Internal Database service and/or the WSUS service are not running. After starting all automatic services, click on the "Reset Server Node" button inside the WSUS console and you should be able to connect to the WSUS service without issues. If you are using SQL Server instead of WID, ensure that all SQL Server related services are up and running and that SQL connections are allowed from the WSUS server to the SQL Server instance.

Root cause 2: WSUS maintenance tasks and best practice configuration #

If the issue is not resolved as per the above root cause or if it keeps occurring persistently, then you need to also take the following steps:

  • On the IIS server where the primary WSUS server is hosted, open the IIS Manager console (inetmgr), right click "WSUSPool" and select "Advanced Settings". Set the values recommended below:
    • 'General' - 'Queue Length' : 25,000.
    • 'Rapid-Fail Protection' - 'Service Unavailable' Response: TcpLevel
    • 'Rapid-Fail Protection' - 'Failure Interval (minutes)' : 30
    • 'Rapid-Fail Protection' - 'Maximum Failures' : 60
    • 'Recucling' - 'Private Memory limit' : x4 times, or set to 0 (unlimited).
    • Queue Length 2000 (up from default of 1000)
    • Idle Time-out (minutes) 0 (down from the default of 20)
    • Ping Enabled False (from default of True)
    • Private Memory Limit (KB) 0 (unlimited, up from the default of 1,843,200 KB)
    • Regular Time Interval (minutes) 0 (to prevent a recycle, and modified from the default of 1740)
  • Enable the WSUS compression type called Xpress encoding. Xpress encoding implements compression on update metadata, and can result in significant bandwidth savings. To check the state of the Xpress encoding config:
    • Check for the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup\IIsDynamicCompression
    • Check the WSUS ApplicationHost.config file (in path C:\Windows\System32\inetsrv\Config) for the following configuration: 
<scheme name="xpress" doStaticCompression="false" doDynamicCompression="true" dll="C:\Program Files\Update Services\WebServices\suscomp.dll" staticCompressionLevel="10" dynamicCompressionLevel="0" />

Save the ApplicationHost.config file and restart the WSUS administration website in IIS Manager.

  • Microsoft recommends to exclude the following WSUS items from antivirus scans to improve performance.
    • \WSUS\WSUSContent
    • \WSUS\UpdateServicesDBFiles
    • \SoftwareDistribution\Datastore
    • \SoftwareDistribution\Download

Namely the following WSUS OS paths should be excluded from antivirus scans:

  • C:\Program Files\Update Services
  • C:\Windows\SoftwareDistribution

Remember that when running a typical deployment of WSUS server using Windows Internal Database (WID), it is critical to optimize the WID database (SUSDB) performance, since a big number of updates could cause serious performance degradation, increase in WSUS server's RAM and crashes in the WSUS MMC console. An example SUSDB is shown below.

To determine where the SUSDB database is hosted, i.e. SQL Server or WID, check the value of the SQLServerName registry entry on the WSUS server located in the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup. If the value contains just the server name or server\instance, SUSDB is running on a SQL Server. If the value includes the string ##SSEE or ##WID in it, SUSDB is running in WID.

To carry out SUSDB optimization tasks, first download the SQL Server Management Studio tool, run the tool as administrator and connect to the SUSDB WID instance by using the following connection string:

\\.\pipe\MICROSOFT##WID\tsql\query

The following custom indexes can significantly improve overall performance of the SUSDB database. 

-- Create custom index in tbLocalizedPropertyForRevision
USE [SUSDB]

CREATE NONCLUSTERED INDEX [nclLocalizedPropertyID] ON [dbo].[tbLocalizedPropertyForRevision]
(
     [LocalizedPropertyID] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]

-- Create custom index in tbRevisionSupersedesUpdate
CREATE NONCLUSTERED INDEX [nclSupercededUpdateID] ON [dbo].[tbRevisionSupersedesUpdate]
(
     [SupersededUpdateID] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, ONLINE = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]

Uninstall and re-install WSUS #

If all else fails, only resort would be to fully unininstall and cleanup the WSUS installation and then run a clean installation again. The following articles provide step-by-step guidance on how to perform a full uninstall and cleanup of an existing WSUS server installation.

  • www.ajtek.ca/wsus/how-to-remove-wsus-completely-and-reinstall-it
  • www.petenetlive.com/kb/article/0001679

Refer to the articles in the Sources section below for more detailed guidance on WSUS maintenance tasks and best practice configuration.

Sources #

https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/windows-server-update-services-best-practices

https://docs.microsoft.com/en-US/troubleshoot/mem/configmgr/wsus-maintenance-guide

performance, performance optimization, sql, Troubleshooting, WID, Windows Server, WSUS
What are your Feelings

Powered by BetterDocs