In this short post we will take a quick look at how to enable WSUS cleanup in ConfigMgr and a bit about WSUS maintenance task available. We will also use the management insights to check if WSUS cleanup is enabled or not.
Microsoft recommends that you enable WSUS Maintenance options in the Software Update Point configuration. These options are designed to keep your WSUS keep and tidy. When you enable WSUS maintenance options at the top-level site, you automate the cleanup procedures after each SUP synchronization. In short you keep your Software Update Point healthy by enabling WSUS cleanup options.
You can enable WSUS cleanup in ConfigMgr only when you have installed and configured the Software Update Point role. Take a look at complete guide to install and configure Software Update Point role in SCCM. If you are not using SCCM to manage and deploy updates, then you have to manually run the WSUS Server Cleanup wizard to remove unnecessary updates from the WSUS server.
Steps to Enable WSUS Cleanup in ConfigMgr
The steps to enable WSUS cleanup in ConfigMgr are as follows.
- First launch the ConfigMgr console.
- Navigate to Administration > Overview > Site Configuration > Sites.
- Select the site at the top of your Configuration Manager hierarchy. Click Software Update Point and open Software Update Point Component Properties.
- Click the WSUS Maintenance tab and enable WSUS clean up options (select all 3 options).
- Click Apply and OK.
There are currently three WSUS maintenance tasks available in ConfigMgr. You just need to enable them and Configuration Manager handles the cleanup after each synchronization.
- Decline Expired Updates in WSUS according to supersedence rules
- Add Non-clustered indexes to the WSUS database
- Remove Obsolete updates from the WSUS database
If you need more information on WSUS maintenance tasks, here is a dedicated post on 3 Useful WSUS Maintenance Options in Configuration Manager. It also explains what each of these WSUS maintenance task does.
In the next step we will run a built in management insights rule called Enable WSUS cleanup which basically checks if the WSUS cleanup options are enabled or not. The WSUS cleanup management insight is categorized under Proactive Maintenance. This rule is enabled by default when you install ConfigMgr and is also evaluated periodically.
WSUS Cleanup Management Insights
When you enable the WSUS cleanup in ConfigMgr, you can actually verify if the WSUS cleanup options are enabled by running the Enable WSUS Cleanup management insights.
- Launch the SCCM console.
- Go to Administration\Overview\Management Insights\All Insights.
- From the list of Management Insights, select Proactive Maintenance.
- Look for Enable WSUS Cleanup. Right click and select Evaluate / Re-Evaluate.
So when you re-evaluate this rule, it checks if the WSUS maintenance options are enabled on the WSUS maintenance tab of Software Update Point properties. If the WSUS maintenance options are enabled, it simply shows as Completed. If the WSUS cleanup options are not enabled, then you see status as Action needed.
Under the WSUS Cleanup rule details, what you can do is click Review Actions and it directly takes you to Administration\Overview\Site Configuration\Sites. From there you can select the Software Update Point and enable the WSUS cleanup options or WSUS maintenance options.
Next I am going to enable all the WSUS maintenance options and re-evaluate the WSUS cleanup rule again. Wait for few seconds while the evaluation happens in the background. Refresh the console and now we see the the enable WSUS cleanup in ConfigMgr console shows as Completed. This means you have successfully enabled the WSUS cleanup options on your software update point.