Recently at a site we had machines starting using high CPU of the SVCHost process, this process is used by lots of services to access the network , however, as soon as stopping the Windows Update Service CPU came back down to normal<\/p>
I had seen this before at another site and the issue was due to not enough CPU ( only one was flatlining the CPU )\u00a0 , however increasing the CPU and memory still did not fix this<\/p>
Then after some recent updates, the servers would no Windows Update anymore , they would just sit on “Checking for Windows Updates”. I couldn’t install updates Via powershell\u00a0<\/p>
A server running Windows Server 2012 R2 on the same network updated fine!<\/p>
I tried the normal fix of Wiping these :\u00a0<\/p>
C:\\Windows\\SoftwareDistribution<\/strong><\/p> HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate<\/strong><\/p> HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate<\/strong><\/p> However to no avail.<\/p> <\/p> I checked the Windows Update Log : C:\\Windows\\WindowsUpdate.log<\/p> 2019-04-23 14:09:51:839 5080 ab8 CltUI FATAL: CNetworkCostChangeHandler::RegisterForCostChangeNotifications: CoCreateInstance failed with error 80004002 <\/p> I then found an article to Remove the Desktop Experience Feature ( which had been installed to Disk Cleanup the servers )\u00a0<\/p> C:\\Windows\\SoftwareDistribution<\/strong><\/p> HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate<\/strong><\/p> HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WindowsUpdate<\/strong><\/p> <\/p> Check also for Dual Scanning<\/p> <\/p> In an elevated powershell prompt:<\/p> \u00a0<\/p> \u00a0<\/p> **Computer Configuration > Policies > Administrative Templates > System > Device Installation<\/i><\/b><\/p> Specify the search server for device driver source locations<\/b><\/p> Set to “Enabled” Specify the search server for device driver updates<\/strong><\/p> Set to “Enabled” Computer Configuration > Policies > Administrative Templates > System > Internet Communication Management > Internet Communication Settings<\/i><\/strong><\/i><\/p> Turn off access to all Windows Update features<\/strong>\u00a0(In Microsoftspeak that means their online server, not ‘make so it can’t get updates’)<\/p> Set to “Enabled”<\/p> Turn off access to the Store<\/strong><\/p> Set to “Enabled”<\/p> Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update<\/i><\/strong><\/i><\/p> Do not allow update deferral policies to cause scans against Windows Update<\/strong><\/p> Set to “Enabled”<\/p> No auto-restart with logged on users for scheduled automatic updates installations<\/strong><\/p> Set to “Enabled”<\/p> Specify intranet Microsoft update service location (note that the alternate download server is also set to our own WSUS server<\/i>)<\/strong><\/p> Set to “Enabled” \u00a0<\/p> <\/p>","protected":false},"excerpt":{"rendered":" Recently at a site we had machines starting using high CPU of the SVCHost process, this process is used by lots of services to access the network […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[2932,2933,2930,2934,525,2931,1131,2492,2191,924],"class_list":["post-4056","post","type-post","status-publish","format-standard","hentry","category-random","tag-checking-for-updates","tag-error-80004002","tag-highcpu","tag-registernetworkcostchangenotification","tag-server-2012","tag-svchost","tag-update","tag-windows","tag-windows-update","tag-windowsupdate-log"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=4056"}],"version-history":[{"count":2,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4056\/revisions"}],"predecessor-version":[{"id":5440,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4056\/revisions\/5440"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=4056"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=4056"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=4056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
2019-04-23 14:09:51:839 5080 ab8 CltUI WARNING: RegisterNetworkCostChangeNotification: Error 80004002<\/p>
After this I did this again and could windows update again<\/p>
This will produce a log file on the desktop giving verbose detail on all of the windows update tasks performed recently.
<\/i><\/li>
This will output all configured update sources, along with the default.
If dual scanning is active, and the workstation is not checking in with WSUS, you might see Windows Update as the default, and WSUS as not default.
<\/i><\/li>
This will trigger the computer to check in with the WSUS server \u2013 BUT if there are no new reports to add, it won\u2019t send anything. If that is the case, then:
<\/i><\/li>
This will force a status to be returned at next check in<\/i><\/li><\/ul>
Extra GPO settings to prevent Dual Scanning from hijacking the GPO and making the workstations go rogue \u2013 take note of setting the alternate download server to your WSUS server:<\/p>
Select search order: “Do not search Windows Update”<\/p>
Select Update Server: “Search Managed Server”<\/p>
Set the intranet update service for detecting updates: [http:\/\/[YOUR%20SERVER]:8530]http:\/\/[YOUR SERVER]:8530
Set the intranet statistics server:[http:\/\/[YOUR%20SERVER]:8530]http:\/\/[YOUR SERVER]:8530
Set the alternate download server: [http:\/\/[YOUR%20SERVER]:8530]http:\/\/[YOUR SERVER]:8530
Uncheck the box Download files with no Url in the metadata if alternate download server is set<\/p>