I have recently face an issue with SCCM Current branch 1606, where windows update deployment is failing and SCCM server is highly utilizing CPU and Memory. With some research, I was able to find out this is somewhat common in SCCM Current branch with windows 10 clients. Microsoft has released a KB article with a patch but I had to do some more configuration changes to IIS to resolve the issue.

Symptoms

• Initially SCCM software deployments are failing
• High CPU and Memory utilization on IIS Worker process service.
  
  
  
• Errors or warnings on SCCM System status – Component status.
  
  
  
• Windows Event Viewer keep producing WSUS errors.
  
  
  
  
  
  
  
• WSUSpool worker process taking high CPU and Memory, IIS Manager – Worker Processors
  

Cause

This is due to happen when the SCCM server serve Windows 10 1607 clients with update deployments and with related to number of updates. According to the KB article they define the cause as

“These updates have large metadata payloads for the dependent (child) packages because they roll up a large number of binaries. Windows 10, versions 1507 (Windows 10 RTM) and 1511 updates can also cause this, though to a lesser extent. Windows 10, version 1703 is still recent enough that the metadata is not that large yet (but will continue to grow).”

Resolution

Microsoft has released an update depending on your Operating system. There is a good TechNet blog explaining everything (here). But for me installing only that update didn’t fixed the issue. I had to do some changes to the IIS to fix this. These are the complete steps of resolution.

1. Download and install the Update patch
   Windows Server 2016 (KB4039396)
   Windows Server 2012 R2 (KB4039871)
   Windows Server 2012 (KB4039873)
   WSUS 3.0 SP2 (KB4039929)
2. Restart the SCCM server after installing the patch, if the issue not resolve by the patch do the changes from number 3
3. Open IIS Manager – Application pools – WsusPool and select Advance settings
4. Change the Queue length from 1000 to 25000 
   
   
   
5. Change the Service Unavailable Response Type from HttpLevel to TcpLevel
6. Change Failure Interval (minutes) from default 5 to 30
7. Change Maximum Failures from 5 to 60
   
   
   
8. Save the AppPool changes and restart the service of World Wide Web Publishing from services.
9. After changing IIS settings Increase the ASP.NET timeout which described as in the TechNet blog.
10. Make a copy of \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
11. Open \Program Files\Update Services\WebServices\ClientWebService\Web.Config.
12. Find the element “<httpRunTime”. It will look like this (in an unmodified web.config):
    <httpRuntime maxRequestLength="4096" />
    
    
13. Modify httpRunTime by adding an executionTimeout attribute:
    

    <httpRuntime maxRequestLength="4096" executionTimeout="3600" />

14. Save the web.config to a different location and copy the modified one into the directory.
15. From an elevated command prompt, run IISReset to restart IIS.
16. Restart the SCCM server to make sure everything was refreshed properly and wait for some time to utilization to become normal.
17. To confirm everything is working, Open WSUSCtrl.log file and you can see errors are fading away and WSUS server get connected.
    
    
    
18. Run a Software update synchronization
    

Hope this post is useful

Cheers

Asitha De Silva

References

https://blogs.technet.microsoft.com/configurationmgr/2017/08/18/high-cpuhigh-memory-in-wsus-following-update-tuesdays/