Windows Server Update Services (WSUS) Reports Error: Connection Error when trying to Perform Cleanup

Problem

• A previously working WSUS console reports Error: Connection error, when you try and run the WSUS Cleanup wizard, or when you try and decline or delete obselete / superceeded updates
• The message is displayed around 3 minutes from when you started the operation

​​Example:

Products

• WSUS on Windows Server 2012 R2 with or without SCCM being installed on the same instance or Windows

Cause

• The WSUS database engine may run out of memory
• All WSUS operations must complete within a hard coded 3 minute timeout period

Resolutions

Try each resolution in order to resolve the issue.

• Initial Steps
• Resolution 1 - Wsus Application Pool Memory Limit
• Resolution 2 - Re-Index the Database
• Resolution 3 - Attempt to use Powershell to perform a WSUS Cleanup
• Resolution 4 - Manually cleanup the WID database using a SQL Script

Initial Steps

• Consider check-pointing the virtual machine so that you can roll-back changes, if required
• Try the following Powershell command from an Administrative command prompt:

Get-WsusServer | Invoke-WsusServerCleanup –CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates

Or:

Get-WsusServer | Invoke-WsusServerCleanup -CleanupUnneededContentFiles

Resolution 1

Remove the Wsus Application Pool memory limit

• Open IIS
• Go to Application Pools
• Change the Advanced Settings on the WSUS Application Pool, WsusPool
• Change the Private Memory Limit (KB) to 0 - this removes the memory limit
• Stop and then start the WsusPool.
• Restart the WSUS Service service again, from Computer Management > Services.
• Ensure that the virtual machine has sufficient RAM - typically WSUS needs 10-12GB of RAM, or WSUS and SCCM together may need 32GB of RAM

Resolution 2

Re-Index the Database

This fix uses a Microsoft SQL Server Instance to perform scripted maintenance operations on the SUSDB, as a Windows Internal Database (WID) MDF file.

Step 1 - Determine if you are using an SQL Server for your WSUS database, or Windows Internal Database (WID):

• Open Regedit
• Go to HKEY_LOCAL_MACHINE\Software\Microsoft/Update Services\Server\Setup\Installed Role Services
• Confirm the presence of a REG_DWORD Key called UpdateServices-WidDatabase

• If you do not have this registry key, your database is using the SQL database engine.

Windows Internal Database Re-Indexing

• Confirm the presence of the SUSDB WID database in C:\Windows\WID\Data

• Make sure that your SQL Server instance is set to allow Named Pipes connection
• To do this, open Microsoft SQL Server Configuration Manager
• Find SQL Server Network Configuration in the Tree
• Enable Named Pipes on the right hand side
• Restart the SQL Server Services

• Install SQLCMD
  • To do this, install Visual C++ Runtime 2017 x64
  • Install the Microsoft ODBC Driver 17 for SQL Server
  • Download and install SQLCMD Command Line Utilities x64
• Run the Microsoft WSUS Reindexing Script
  • To call the .SQL script, run from an Administrative Command Prompt:

sqlcmd -S np:\\.\pipe\MICROSOFT##WID\tsql\query -i WsusDBMaintenance.sql

• Alternatively, from the attached files, run wid_optimise_db.bat from an Administrative Command Prompt. This uses the Microsoft WSUS Reindexing Script stored in WsusDBMaintenance.SQL

SQL Server WSUS Database Re-Indexing

• Use the WID instructions with the following changes:
• To call the .SQL script, run from an Administrative Command Prompt:

sqlcmd -S np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -i WsusDBMaintenance.sql

• Alternatively, from the attached files, run sql_optimise_db.bat from an Administrative Command Prompt. This uses the Microsoft WSUS Reindexing Script stored in WsusDBMaintenance.SQL

Resolution 3

Attempt to use Powershell to perform a WSUS Cleanup

• Open PowerShell ISE as an Administrator
• Paste and then run the following code (also attached):

Import-Module -Name UpdateServices 
[reflection.assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")` | out-null
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer();
$cleanupScope = new-object Microsoft.UpdateServices.Administration.CleanupScope;
$cleanupScope.DeclineSupersededUpdates = $true      
$cleanupScope.DeclineExpiredUpdates = $true
$cleanupScope.CleanupObsoleteUpdates = $true
$cleanupScope.CompressUpdates = $true
$cleanupScope.CleanupObsoleteComputers = $true
$cleanupScope.CleanupUnneededContentFiles = $true
$cleanupManager = $wsus.GetCleanupManager();
$cleanupManager.PerformCleanup($cleanupScope);

Resolution 4

Manually cleanup the WSUS Database using a SQL Script

For a WID WSUS Database

• You should have already attempted resolution 2 which will have installed the SQL CMD Utilities
• If not, install the SQLCMD utilities including all of the pre-requisites
• Run the wid_clean_db.bat in an Administrative command prompt - this will call the following:

sqlcmd -S np:\\.\pipe\MICROSOFT##WID\tsql\query -i WsusDBCleanup.sql

• This should also delete any files as required on disk, as it uses Wsus commands to delete un-required updates from the database.
• This script deletes up to 250 updates per run. You may need to run it more than once.

For an SQL WSUS Database

• As above, but with the following changes:
• Run the sql_clean_db.bat in an Administrative command prompt - this will call the following:

sqlcmd -S np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -i WsusDBCleanup.sql

If disk space is not automatically reclaimed with these methods

Run the following command from an Administrative Powershell prompt:

Get-WsusServer | Invoke-WsusServerCleanup –CleanupObsoleteUpdates -CleanupUnneededContentFiles -CompressUpdates -DeclineExpiredUpdates -DeclineSupersededUpdates

Or:

Get-WsusServer | Invoke-WsusServerCleanup -CleanupUnneededContentFiles

Credits:

• Microsoft
• KickthatComputer

Applies to:

• WSUS Servers running on Windows Server 2012 R2