ConfigMgr Software Update Point: Out-of-Control App Pool

For most of this week, I fought the WSUS Application Pool on my ConfigMgr Software Update Point. This SUP is not on my site’s primary site server, but on it’s own server (for exactly this reason). Over the last 4 to 6 weeks, I have noticed that the CPU has been hovering between 95-100% utilization. This week, it all came crashing down. I could not get the SUP to sync, clients were trying to check in and failing, etc. I noticed that if the CPU stayed at this high level of utilization for a long time, the WSUS App Pool would crash. Here is what I did to correct the CPU utilization issue – maybe it can help you.

Additional IIS Features

First, you want to add a two additional IIS features to your server. If this is a standalone SUP and not on the primary site server, you probably don’t have them. I recommend adding HTTP Logging and Request Monitor. These are not there with a default installation of WSUS.


HTTP Logging gives you standard IIS log information. Though not incredibility helpful with WSUS, the log will at least tell you that clients are connecting to the SUP. Second, Request Monitoring allows you to look at the App Pool requests and how many are waiting in the queue. To view this information, open the IIS administration console and select the node for your server. Next, open the Worker Processes feature.


You should see the WsusPool running, and it’s current CPU and memory usage. If you select this pool, an option in the Actions column appears called “View Current Requests”.


You will then get a list of IP addresses and the their time elapsed in the queue for processing. I don’t have any in the queue at the moment, but here’s the options available:


“Optimizing” IIS

I’m not sure that “optimizing” is the best word here, more like throttling IIS. The entire issue I had was the worker process consuming all CPU on the box. There are certain modifications that you can make to prevent this. To optimize the Application Pool, select Application Pools, then WsusPool, then Advanced Settings.


Here are my Application Pool settings:


Everything I changed about this App Pool is highlighted by the red boxes. The important settings here are the queue length, CPU limit, and limit action. First, I set the queue length to 25,000, because that’s how many clients a SUP can support. You should (theoretically) never have any more requests than that. This will also allow the queue to grow as needed due to limiting the CPU. You can set the “Limit (percent)” option to what fits your environment. There are no other services or applications on this box, so I’m essentially reserving 35% of the CPU for the operating system, or on the small chance I need to launch the IIS or WSUS Console. Finally, the “Limit Action” needs to be set to Throttle. The other settings were set for different reasons, but you’re welcome to use them.

Hopefully this helps if you’re having CPU issues on your SUP.

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.



Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.