WSUS 2016安裝過程可參考這裡https://forum.gamer.com.tw/Co.php?bsn=60030&sn=2029947
Step 1. 設定WSUS主控台
WSUS主控台設定
1.更新來源和Proxy伺服器
2.自動核准(設完務必要打勾!!!)
3.新做的WSUS先手動同步一次,才不會被自動同步干擾
4.整個同步完再開啟自動同步,自動同步頻率一天1~2次就好。
Step 2. 修改Group Policy
1. CMD執行「gpedit.msc」
「電腦設定」→「系統管理範本」→「Windows元件」→「Windows Update」→「指定近端內部網路Microsoft更新服務的位置」→兩個都要設定
2. CMD執行「gpupdate /force」
Step 3. 修改WSUS port (視情況)
WSUS 2016預設port 8530
舊版WSUS用80 port
我的情況是底下幾百個Client都已設定為連往80 port了,從Server端改比較快
修改方法:從IIS管理員來設定,把WSUS網站bind的port新增一個80、預設網站的port改成81,如此才不會相衝
參考網址:
https://social.technet.microsoft.com/Forums/en-US/473c25ad-3ac3-4cee-8a36-676cb2dd94c4/wsus-2016-use-on-port-80?forum=winserverwsus
註:2016不能沿用2012的改port方式,若下那個指令會影響WSUS運作(據說)
Step 4. 修改regedit
修改regedit
HKEY_LOCAL_NACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
WUServer 跟WUStatusServer 都要改設定
Step 5. 調整IIS設定,WSUS才不會瘋狂當掉
1. 不限制專用記憶體
Internet Information Services (IIS) Manager → Server → Application Pools → Select “WSUSPool” → Actions Advanced → Recycling → change “Private Memory Limit (KB)“. 設定值改為0 (無限制)
2. 強制ISAPI Filters用64bit
Open IIS Manager on the WSUS server.
Browse to the website being used by WSUS. Depending on the WSUS configuration, this will typically be either the Default Web Site or a site named WSUS Administration.
Double-click ISAPI Filters.
Right-click the entry that corresponds to ASP.Net v4.0 (the specific version number may vary) and select Edit.
In the executable path, replace the name of the Framework folder with Framework64 and click OK. Do not change anything else in the file path.
Restart the website, then verify that the WSUS Administration console is able to connect to the WSUS server.
參考網址
(主要) https://www.saotn.org/wsuspool-keeps-crashing-stops/
(來源) https://social.technet.microsoft.com/Forums/ie/en-US/02b7ce17-b138-467f-beff-7d5e47d9fcd9/new-wsus-server-2016-keeps-crashing-wsus-100143932007?forum=winserverwsus
Step 6. 防毒軟體掃瞄設定排除以下資料夾
Add Antivirus exclusions
\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download
參考網址同step5
以上!這些設定完以後,目前還蠻穩定運作,祝大家的WSUS都順利
