In this post we will explore the WSUS maintenance options in Configuration Manager. There are 3 new WSUS maintenance options and they automate the cleanup procedures after each SUP synchronization.
With every new version of Configuration Manager current branch, Microsoft has added some tweaks and improvements to WSUS. I am referring to the WSUS cleanup tasks from the Configuration Manager console from the Software Update Point Component properties.
A lot of organizations today use Configuration Manager and WSUS to deploy software updates to endpoints. The WSUS and Configuration Manager duo is perfect if you want to deploy Windows Updates. Not just that Configuration Manager can also deploy third-party updates which is an added advantage.
However one of the headaches with updates deployment is maintaining the healthy software updates points in the setup. With so many operating systems and large number of updates, you want WSUS to be healthy and clean. This includes the big task of removing obsolete updates from the WSUS databases, declining expired updates etc.
Table of Contents
What are WSUS Maintenance Options in Configuration Manager ?.
Starting with Configuration Manager 1906 and above, you will find 3 new WSUS maintenance tasks. Enabling these options will perform the cleanup procedures after each synchronization. You can enable the WSUS Maintenance options in Configuration Manager on the software update point configuration.
These maintenance tasks would effectively handle all cleanup operations, except backup and re-indexing of WSUS database. The WSUS maintenance tasks in Configuration Manager helps you to maintain healthy software update points.
On the Software Update Point properties, the WSUS Maintenance tab now contains 3 new WSUS maintenance options.
- Decline expired updates in WSUS according to supersedence rules.
- Add non-clustered indexes to the WSUS database to improve WSUS cleanup performance.
- Remove obsolete updates from the WSUS database.
If you haven’t enabled them yet, you can do so however let’s understand what each of these WSUS maintenance options in Configuration Manager do. Note that the WSUS maintenance occurs after every SUP synchronization.
Decline Expired Updates in WSUS according to supersedence rules
Declining expired updates in WSUS improves performance by removing those updates from the catalogs sent to clients. This option existed on standalone WSUS as well. The WSUS server cleanup wizard had an option to remove expired updates.
Declining expired updates that Configuration Manager marks as superseded further minimizes the catalogs and improves performance.
On the Software Update point properties, you can decline expired updates using the below steps.
- In the Configuration Manager console, navigate to Administration > Overview > Site Configuration > Sites.
- Select the site at the top of your Configuration Manager hierarchy.
- Click Configure Site Components in the Settings group. Then click Software Update Point to open Software Update Point Component Properties.
- In the WSUS Maintenance tab, select Decline expired updates in WSUS according to supersedence rules. Click Apply and OK.
Add Non-clustered indexes to the WSUS database
This WSUS maintenance option improves WSUS cleanup performance. Configuration Manager can add non-clustered indexes to the WSUS databases which actually improves the WSUS performance.
I am quoting this from web, the Cluster index is a type of index that sorts the data rows in the table on their key values whereas the Non-clustered index stores the data at one location and indices at another location.
Perform the below steps to enable Add Non-clustered indexes to the WSUS database.
- In the Configuration Manager console, navigate to Administration > Overview > Site Configuration > Sites.
- Select the site at the top of your Configuration Manager hierarchy. Click Software Update Point to open Software Update Point Component Properties.
- In the WSUS Maintenance tab, select Add Non-clustered indexes to the WSUS database. Click Apply and OK.
On each SUSDB used by Configuration Manager, indexes are added to the following tables.
- tbLocalizedPropertyForRevision
- tbRevisionSupersedesUpdate
Remove Obsolete updates from the WSUS database
Among all the WSUS maintenance options in Configuration Manager, removal of obsolete updates is my favorite. Obsolete updates are unused updates and update revisions in the WSUS database. If an update is no longer in Microsoft Update Catalog and isn’t required, the update is considered obsolete. You don’t want your WSUS database to include obsolete updates.
Perform the below steps to remove obsolete updates from the WSUS database.
- In the Configuration Manager console, navigate to Administration > Overview > Site Configuration > Sites.
- Select the site at the top of your Configuration Manager hierarchy. Click Software Update Point to open Software Update Point Component Properties.
- Click the WSUS Maintenance tab. From the list of WSUS maintenance options, select Remove Obsolete updates from the WSUS database. Click Apply and OK.
Note – The obsolete update removal will be allowed to run for a maximum of 30 minutes before being stopped. It will start up again after the next synchronization occurs
As mentioned earlier, the WSUS maintenance options in Configuration Manager run after every SUP synchronization. So if you have enabled any of these WSUS maintenance options, either run the SUP synchronization manually or wait for SUP to run based on the schedule.
I hope by now you got an idea about the WSUS maintenance options in Configuration Manager. Enable them and keep your software update points healthy.
