ConfigMgr Software Update Point: Out-of-Control App Pool

For most of this week, I fought the WSUS Application Pool on my ConfigMgr Software Update Point. This SUP is not on my site’s primary site server, but on it’s own server (for exactly this reason). Over the last 4 to 6 weeks, I have noticed that the CPU has been hovering between 95-100% utilization. This week, it all came crashing down. I could not get the SUP to sync, clients were trying to check in and failing, etc. I noticed that if the CPU stayed at this high level of utilization for a long time, the WSUS App Pool would crash. Here is what I did to correct the CPU utilization issue – maybe it can help you.

Additional IIS Features

First, you want to add a two additional IIS features to your server. If this is a standalone SUP and not on the primary site server, you probably don’t have them. I recommend adding HTTP Logging and Request Monitor. These are not there with a default installation of WSUS.

HTTP Logging gives you standard IIS log information. Though not incredibility helpful with WSUS, the log will at least tell you that clients are connecting to the SUP. Second, Request Monitoring allows you to look at the App Pool requests and how many are waiting in the queue. To view this information, open the IIS administration console and select the node for your server. Next, open the Worker Processes feature.

You should see the WsusPool running, and it’s current CPU and memory usage. If you select this pool, an option in the Actions column appears called “View Current Requests”.

You will then get a list of IP addresses and the their time elapsed in the queue for processing. I don’t have any in the queue at the moment, but here’s the options available:

“Optimizing” IIS

I’m not sure that “optimizing” is the best word here, more like throttling IIS. The entire issue I had was the worker process consuming all CPU on the box. There are certain modifications that you can make to prevent this. To optimize the Application Pool, select Application Pools, then WsusPool, then Advanced Settings.

Here are my Application Pool settings:

Everything I changed about this App Pool is highlighted by the red boxes. The important settings here are the queue length, CPU limit, and limit action. First, I set the queue length to 25,000, because that’s how many clients a SUP can support. You should (theoretically) never have any more requests than that. This will also allow the queue to grow as needed due to limiting the CPU. You can set the “Limit (percent)” option to what fits your environment. There are no other services or applications on this box, so I’m essentially reserving 35% of the CPU for the operating system, or on the small chance I need to launch the IIS or WSUS Console. Finally, the “Limit Action” needs to be set to Throttle. The other settings were set for different reasons, but you’re welcome to use them.

Hopefully this helps if you’re having CPU issues on your SUP.

Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.

Share:

Facebook
Twitter
LinkedIn
Picture of Matt Tinney

Matt Tinney

Professional IT executive & business leader having decades of experience with Microsoft technologies delivering modern-day cloud & security solutions.

Contact Us

=
On Key

More Posts

WME Cybersecurity Briefings No. 032
Cyber Security

WME Security Briefing 30 October 2024

Chinese Nation-State Hackers APT41 Target Gambling Industry for Financial Gain Overview The Gambling and Poker industry experienced a sophisticated cyber attack last month, orchestrated by the notorious Chinese nation-state group APT41 ( AKA Brass Typhoon, Earth Baku, Wicked

Click Here to Read Full Article »
WME Cybersecurity Briefings No. 031
Cyber Security

WME Security Briefing 24 October 2024

Hackers Exploit EDRSilencer to Evade Security Detection Overview Threat actors have been observed abusing the EDRSilencer tool as part of their bypass techniques against endpoint detection and response (EDR) solutions to carry out attacks against targeted organizations successfully.

Click Here to Read Full Article »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=