This is the Windows Server Update Services support team blog. We cover all things relating to WSUS and Windows Update.
Hello, my name is Joe Tindale and I am a Support Escalation Engineer with the WSUS team.
As some of you may know we recently released some driver updates that resulted in an extra ~12,000 updates flowing to your WSUS servers. At the root of this problem our drivers are published in a one-to-one fashion, meaning a single driver may apply to 100 unique hardware ID’s however we must publish that driver update 100 times, one for each unique hardware ID. The good news is we are currently working on the infrastructure so that we can release the drivers in a one-to-many fashion. The bad news is this fix won’t be addressed until a later version. (http://blogs.technet.com/wsus/archive/2008/07/17/so-many-drivers.aspx)
With all those updates on a server it can negatively impact performance. Each time a client connects to WSUS for a detection cycle all the deployable updates need to be presented to the client. An extra ~12,000 updates being presented to each client creates quite a load on the server. Also, whenever you open the WSUS console and try to view large unfiltered amounts of updates, such as “Any Except Declined” the query may timeout before the page is rendered. All because of the load those extra driver updates create.
To get around this I wrote a tool that would go in and decline ALL driver updates thus helping the two performance issues I mentioned above. Simply copy the tool to some directory on the WSUS server and run it from a command line. In addition to doing this I recommend you deselect the “Drivers” classification from the Products and Classifications applet of the options page (unless you really need to deploy driver updates).
Keep in mind that this is not an official Microsoft tool and thus Microsoft makes no warranties or guarantee's, nor does Microsoft support the use of this tool in any way. Use it at your own risk.
Get the WSUS Driver Declining Tool here.
Joe Tindale | Support Escalation Engineer
Thanks Joe, that just culled all those driver updates.
148 Microsoft Team blogs searched, 76 blogs have new articles in the past 7 days. 169 new articles found
GetUpdates failed. Reason: The operation has timed out
If you get that when running the script, what then?
I've only seen that happen when SQL was remote and there's not much else you can do when that does happen. We are working on some alternate workarounds now and hope to have those out in the near future.
Hello, Joe Tindale here from the WSUS team to give you some tips on those timeout errors you may see
I have the same problem on a couple of our WSUS servers. We no longer want to download drivers to these WSUS servers. We are using 3.0, SP1. It is easy to decline them all, but how can I permanently remove the drivers, and all references to them from the WSUS database?
I see theres still no way of dropping all the driver updates from the database... any news on this issue that was never solved? I have WSUS 3 on an SBS 2003 machine with 10 clients and have 18000 declined database entries for them which makes it somewhat sluggish wading through them.
Who can believe that we are STILL experiencing this problem in 2013, ***5 YEARS*** after the issue was noticed???
Looking at www.flexecom.com/wsus-replica-server-fails-to-synchronize and other similar articles which discuss editing the database directly (****totally unsupported, but since has the product ever been supported anyway?***), I'm starting to conclude that one factor here is teh type of database used.
I'm drawing that from blog postings of people saying they don't experience this when usign a full SQL Server for their database.
This is a security & compliance disaster, and I don't think that's exaggerating. As a penetration tester, I have now come across several environments where MS patching is totally broken as a result of this issue.
You're very bus people, with a great deal to do, MS: I have no doubt at all of that.
But you really need to address this.