Wednesday, July 27, 2016

ConfigMgr WSUS Cleanup

Even though most of the documentation I have found on this issue states that you should not use the WSUS Administration console to make changes, as this can somehow desynchronize the delicate relationship between WSUS and SCCM, it is also necessary to use the console to run WSUS cleanups.

I would have thought it would have been in the Site Maintenance tasks, or under the tab for the SUP, but it isn't. If you don't do routine cleanups, you run the risk of SUP sync issues. Updates will be missing from SCCM entirely. 

To Perform this process manually, open the WSUS admin console, go to Options, and then go to Server Cleanup Wizard
From here, you can choose to run the entire cleanup. I recommend doing one at a time unless you are using an actual SQL install. In my experience, the WID times out once it gets a bit bigger. 

Your mileage may vary, but you may notice that your cleanup fails with the following error: 
The WSUS administration console was unable to connect to the WSUS Server via the remote API.


Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.


In this case, you could keep running the cleanup until it finishes. Additional progress is made each time you run it, but there is no telling how often you will have to do this, especially if you haven't cleaned it recently. Alternatively, you could just have the script I put together below do it for you. 
This would be the rough equivalent of manually retrying it every time it fails. 
function Recursive-Cleanup(){
    try{
        Invoke-WsusServerCleanup -CleanupObsoleteUpdates -Verbose
        Invoke-WsusServerCleanup -CleanupObsoleteComputers -Verbose
        Invoke-WsusServerCleanup -CleanupUnneededContentFiles -Verbose
        Invoke-WsusServerCleanup -DeclineExpiredUpdates -Verbose
        Invoke-WsusServerCleanup -DeclineSupersededUpdates -Verbose
    }
    catch [System.Data.Common.DbException]{
        $global:TimeoutCount++
        Write-Host -foreground Red "$TimeoutCount `tSQL TIMEOUT Exception. Retrying"   
        Recursive-Cleanup
    }
}

Recursive-Cleanup

 You will need to run this in powershell invoked with administrative rights. Once you verify that this works for you, this can easily be placed as a scheduled task on your server.  
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)