1. Making sure that WUA 3.0 is installed. In every case the client already
has the latest version of windows update agent.
2. Install kb927891. This was released to all our workstations the middle of
last year.
3. Cleaned up the catroot folder. Some people on the internet have found
success by running a batch file that cleans up all the aspects of the catroot
folder. I tried this and it temporarily fixed the problem. However, after
rebooting the problem came back.
Any suggestions would be greatly appreciated because the upgrade has
essentially broken out patch management solution. Please help.
Are you running Symantec Anti Virus on desktops?
What are GPO policies set to?
In fact the issue has existed for over a year now.
Start here (from Jan 2007):
http://blogs.technet.com/wsus/archive/2007/01/17/update-on-wua-srvhost-exe-high-cpu-consumption-and-memory-consumption-issue.aspx
--
Lawrence Garvin, M.S., MCBMSP, MCTS, MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/
I know it's a windows process, I'm pretty sure of it, Microsoft does
regression testing and for the sake of $250 or whatever it costs, it might be
worthwhile getting them on the horn for support ticket.
The issue sounds very wide spread.
I've seen an issue with symantec v9 that caused high cpu, however it may of
been rtvscan.exe. I'm not sure.
With respect to the GPO, the wuadm admin template. There is settings in
there to control when to install patches.
I was thinking that maybe you set it to install patches immediatly or
something.
So perhaps changing it to delay the install to later on in the day may prove
your theory that a patch is what is getting installed and causing svchost
100%.
Just some ideas. If your on a vista box, the event viewer shows a lot more
detailed information about WSUS client LOGGING.
Sorry maybe I didn't real your whole post right.
KB
>> This past Friday we upgraded our WSUS 2.0 environment to WSUS 3.0 SP1.
>> Since
>> the upgrade, we have experienced hundreds of systems becoming virutally
>> unusable due to a memory leak with svchost. The temporary fix is to
>> disable
>> automatic updates. We had to do this across 7000 workstations because
>> hundreds of systems are affec
>
> In fact the issue has existed for over a year now.
>
> Start here (from Jan 2007):
> http://blogs.technet.com/wsus/archive/2007/01/17/update-on-wua-srvhost-exe-high-cpu-consumption-and-memory-consumption-issue.aspx
But they've already applied the updates that should have corrected that issue.
IIRC, someone else has reported the same problem reappearing with WSUS 3.0 SP1;
perhaps there's been a regression?
Harry.
"Harry Johnston [MVP]" <ha...@scms.waikato.ac.nz> wrote in message
news:eZphoklf...@TK2MSFTNGP02.phx.gbl...
> Lawrence Garvin [MVP] wrote:
>
>>> This past Friday we upgraded our WSUS 2.0 environment to WSUS 3.0 SP1.
>>> Since
>>> the upgrade, we have experienced hundreds of systems becoming virutally
>>> unusable due to a memory leak with svchost. The temporary fix is to
>>> disable
>>> automatic updates. We had to do this across 7000 workstations because
>>> hundreds of systems are affec
>>
>> In fact the issue has existed for over a year now.
>>
>> Start here (from Jan 2007):
>> http://blogs.technet.com/wsus/archive/2007/01/17/update-on-wua-srvhost-exe-high-cpu-consumption-and-memory-consumption-issue.aspx
>
> But they've already applied the updates that should have corrected that
> issue.
Not if they just upgraded from WSUS 2.0 (RTM???) to WSUS 3.0 on Friday, and
the WUA hasn't been upgraded yet.
> IIRC, someone else has reported the same problem reappearing with WSUS 3.0
> SP1; perhaps there's been a regression?
That would be most unfortunate, but it's not impossible that something in
the SP1 version of the WUA v7.x client got duplicated from the SP1 version
of the WUA v5.8 client that had the same 'bug'.
--
Lawrence Garvin, M.S., MCBMSP, MCTS, MCP
Senior Data Architect, APQC, Houston, Texas
Microsoft MVP - Software Distribution (2005-2008)
MS WSUS Website: http://www.microsoft.com/wsus
My Websites: http://www.onsitechsolutions.com;
http://wsusinfo.onsitechsolutions.com
My MVP Profile: http://mvp.support.microsoft.com/profile/Lawrence.Garvin
>>> Start here (from Jan 2007):
>>> http://blogs.technet.com/wsus/archive/2007/01/17/update-on-wua-srvhost-exe-high-cpu-consumption-and-memory-consumption-issue.aspx
>>
>> But they've already applied the updates that should have corrected
>> that issue.
>
> Not if they just upgraded from WSUS 2.0 (RTM???) to WSUS 3.0 on Friday,
> and the WUA hasn't been upgraded yet.
The 3.0 version of the WUA came out for WSUS 2.0 some time ago - optional,
granted, but the OP said it had been installed.
Harry.
Adam, if you believe you have a number of these clients demonstrating this
behavior with v7.1 of the WUA, then I would open a (FREE) ticket with PSS.
> We have heard from Microsoft that a relapse of
> this problem has occurred this February and there is currently not a fix
> for
> it
I've heard nothing that any such issue exists either, nor have I seen any
such behavior in any of the WSUS 3 SP1 testing that I did.
> We were told that it is related to a bug with Windows Malicious Tool and
> that we needed to decline every superceded version of the update.
Interesting... =WHICH= version of the MSRT is supposed to be the culprit.
I've heard nothing about any issues with any releases of the MSRT either.
> Our patch management solution
> is still completely down as a result of this and has let to multiple
> people
> at my company working 15+ hours a day trying to correct this problem. We
> are
> desperate for a solution so if any body has any ideas please share.
Obviously this is not good for your organization, but I've not seen any
other occurrences of this behavior, which makes it hard to believe it's
anything related to WSUS software or updates.
My best suggestion is the one above: Open a =security update= ticket (which
will be a no charge ticket) with Product Support Services. Obviously with
the svchost.exe failing as it is, it's impossible for you to apply required
security updates.
--
Lawrence Garvin, M.S., MCBMSP, MCTS(x4), MCP
> Same issue started in our domain on the 13th of March. Only affecting
> 50-60
> systems and the only imilarities between these systems is they all have
> Office 2003. We have forced 5 Office updates from the WSUS server which
> seems to have resolved the issue for now, but anticipate the issue to come
> back. Any more info for the group would be great.
I would suggest researching the entire sordid history of the WSUS SVCHOST
issues from last year via Google Groups.
As I recall Office 2003 was in the original mix, and you may have simply
re-opened that ancient can of worms, which was then fixed by applying the
requisite updates to Office 2003.
> I have the same issue, just started on the 27th.
> If the problem is caused by a combination of WSUS and Office, would
> holding
> back on the office updates and just using WSUS for security patches serve
> as
> a temporary workaround until MS come up with a fix? or is that just bad
> logic!
> (I can't try it myself at the moment)
If you can reproduce this issue on a FULLY patched client running the latest
WUA on WSUS SP1, then this is a *NEW* issue, and you should report it to
Product Support Services immediately.
If the client is not yet FULLY patched -- then you should first apply ALL
Office updates, and All Crit/Sec updates, reboot, and then test again.
> Thanks for the reply
> If I need to manually update all 1500 client computers with patches in
> order to run WSUS, why do I need WSUS? ;-)
Who said anything about having to manually update all 1500 client computers?
You asked this question:
>> > If the problem is caused by a combination of WSUS and Office, would
>> > holding
>> > back on the office updates and just using WSUS for security patches
>> > serve
>> > as
>> > a temporary workaround until MS come up with a fix? or is that just bad
>> > logic!
In a more direct way I'm telling you this is bad logic.
It's also relevant that this *known* issue is an ancient issue, and the only
*known* reason why anybody would be experiencing it today is because a
machine is missing one or more critical updates that fix this problem. (...
or... it's a new problem never before seen).
My recommendation is:
>> If the client is not yet FULLY patched -- then you should first apply ALL
>> Office updates, and All Crit/Sec updates, reboot, and then test again.
I didn't say clients (plural), I said =client= (singular).. the machine you
are using to diagnose and resolve this particular issue.
If, after doing that, you /still/ have the problem, then the problem is a
*NEW* problem, and nothing I provide you is going to help.
If this is a *NEW* problem, then you need to report it to Product Support
Services.
However, if you call PSS with an UNpatched system, they're going to tell you
what I just did... patch the machine, then call back.
> This past Friday we upgraded our WSUS 2.0 environment to WSUS 3.0 SP1.
Per a thread just updated in the Win2008/WSUS forums...
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3241867&SiteID=17
This appears to be traced (at least in one instance) to a defective CA
AntiVirus engine update.
--
Lawrence Garvin, M.S., MCITP, MCBMSP, MCTS(x4), MCP
Dear ,
We experiencing the same problem.
We use one "primary" WSUS 3.0 (not SP1) server and several downstream
server.
The primary was a fresh install.
For some downstream it was an upgrade from WSUS2.
We remark that the SVCHOST issue appear only on sites where we updated
the WSUS version.
To solve it (I hope definitively) we :
- run cleanup tool on downstream server
- Update WUA on faulty computer (mainly laptop)
- Download last update from MS site and install them manually.
For now, all seems back to normal.
I just want to be sure that the problem will not reappear for the next
patch release.
any comments are welcome and I would to know what is the cause of the
issue (may be the less number of languages on the downstream server
after the update?)
Best Regards,
Jerome