ConfigMgr Software Update Point: Out-of-Control App Pool

For most of this week, I fought the WSUS Application Pool on my ConfigMgr Software Update Point. This SUP is not on my site’s primary site server, but on it’s own server (for exactly this reason). Over the last 4 to 6 weeks, I have noticed that the CPU has been hovering between 95-100% utilization. This week, it all came crashing down. I could not get the SUP to sync, clients were trying to check in and failing, etc. I noticed that if the CPU stayed at this high level of utilization for a long time, the WSUS App Pool would crash. Here is what I did to correct the CPU utilization issue – maybe it can help you.

Additional IIS Features

First, you want to add a two additional IIS features to your server. If this is a standalone SUP and not on the primary site server, you probably don’t have them. I recommend adding HTTP Logging and Request Monitor. These are not there with a default installation of WSUS.


HTTP Logging gives you standard IIS log information. Though not incredibility helpful with WSUS, the log will at least tell you that clients are connecting to the SUP. Second, Request Monitoring allows you to look at the App Pool requests and how many are waiting in the queue. To view this information, open the IIS administration console and select the node for your server. Next, open the Worker Processes feature.


You should see the WsusPool running, and it’s current CPU and memory usage. If you select this pool, an option in the Actions column appears called “View Current Requests”.


You will then get a list of IP addresses and the their time elapsed in the queue for processing. I don’t have any in the queue at the moment, but here’s the options available:


“Optimizing” IIS

I’m not sure that “optimizing” is the best word here, more like throttling IIS. The entire issue I had was the worker process consuming all CPU on the box. There are certain modifications that you can make to prevent this. To optimize the Application Pool, select Application Pools, then WsusPool, then Advanced Settings.


Here are my Application Pool settings:


Everything I changed about this App Pool is highlighted by the red boxes. The important settings here are the queue length, CPU limit, and limit action. First, I set the queue length to 25,000, because that’s how many clients a SUP can support. You should (theoretically) never have any more requests than that. This will also allow the queue to grow as needed due to limiting the CPU. You can set the “Limit (percent)” option to what fits your environment. There are no other services or applications on this box, so I’m essentially reserving 35% of the CPU for the operating system, or on the small chance I need to launch the IIS or WSUS Console. Finally, the “Limit Action” needs to be set to Throttle. The other settings were set for different reasons, but you’re welcome to use them.

Hopefully this helps if you’re having CPU issues on your SUP.

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.


Picture of Matt Tinney

Matt Tinney

Professional IT executive & business leader having decades of experience with Microsoft technologies delivering modern-day cloud & security solutions.

Contact Us

On Key

More Posts

WME Cybersecurity Briefings No. 018
Cyber Security

WME Security Briefing 15 July 2024

OVHcloud Mitigates Record-Breaking 840 Million PPS DDoS Attack Overview In April 2024, OVHcloud, a top French cloud computing firm, successfully stopped a massive DDoS attack. The attack hit a record-breaking rate of 840 million packets per second

Read More »
E-Commerce Security - Solutions for Online Retailers

E-commerce Security – Solutions for Online Retailers

Today’s hyper-charged e-commerce landscape demands top-notch cybersecurity measures. Cybersecurity for this bustling sector isn’t just about ticking a technical box; it’s the cornerstone of building trust. As businesses and consumers flock to the online space, the

Read More »
WME Cybersecurity Briefings No. 017
Cyber Security

WME Security Briefing 08 July 2024

SnailLoad: A New Stealthy Threat to Web Privacy Overview: Researchers discover a concerning new side-channel attack technique: SnailLoad. It exploits inherent weaknesses in the internet to potentially monitor a user’s web activity without requiring any direct access to

Read More »
WME Cybersecurity Briefings No. 016
Cyber Security

WME Security Briefing 27 June 2024

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor Overview An unknown Golang-based backdoor GoRed is being employed by the cybercrime gang ExCobalt. This group has roots dating back to at least 2016 and possibly originates

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.