ConfigMgr Software Update Point: Out-of-Control App Pool

For most of this week, I fought the WSUS Application Pool on my ConfigMgr Software Update Point. This SUP is not on my site’s primary site server, but on it’s own server (for exactly this reason). Over the last 4 to 6 weeks, I have noticed that the CPU has been hovering between 95-100% utilization. This week, it all came crashing down. I could not get the SUP to sync, clients were trying to check in and failing, etc. I noticed that if the CPU stayed at this high level of utilization for a long time, the WSUS App Pool would crash. Here is what I did to correct the CPU utilization issue – maybe it can help you.

Additional IIS Features

First, you want to add a two additional IIS features to your server. If this is a standalone SUP and not on the primary site server, you probably don’t have them. I recommend adding HTTP Logging and Request Monitor. These are not there with a default installation of WSUS.

Capture

HTTP Logging gives you standard IIS log information. Though not incredibility helpful with WSUS, the log will at least tell you that clients are connecting to the SUP. Second, Request Monitoring allows you to look at the App Pool requests and how many are waiting in the queue. To view this information, open the IIS administration console and select the node for your server. Next, open the Worker Processes feature.

Capture

You should see the WsusPool running, and it’s current CPU and memory usage. If you select this pool, an option in the Actions column appears called “View Current Requests”.

Capture

You will then get a list of IP addresses and the their time elapsed in the queue for processing. I don’t have any in the queue at the moment, but here’s the options available:

Capture

“Optimizing” IIS

I’m not sure that “optimizing” is the best word here, more like throttling IIS. The entire issue I had was the worker process consuming all CPU on the box. There are certain modifications that you can make to prevent this. To optimize the Application Pool, select Application Pools, then WsusPool, then Advanced Settings.

Capture

Here are my Application Pool settings:

Capture

Everything I changed about this App Pool is highlighted by the red boxes. The important settings here are the queue length, CPU limit, and limit action. First, I set the queue length to 25,000, because that’s how many clients a SUP can support. You should (theoretically) never have any more requests than that. This will also allow the queue to grow as needed due to limiting the CPU. You can set the “Limit (percent)” option to what fits your environment. There are no other services or applications on this box, so I’m essentially reserving 35% of the CPU for the operating system, or on the small chance I need to launch the IIS or WSUS Console. Finally, the “Limit Action” needs to be set to Throttle. The other settings were set for different reasons, but you’re welcome to use them.

Hopefully this helps if you’re having CPU issues on your SUP.

Disclaimer
All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.

Share:

Facebook
Twitter
LinkedIn

Contact Us

=
On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=