-->
This article suggests best practices that can help you avoid configurations that experience poor performance because of design or configuration limitations in Windows Server Update Services (WSUS).
SolarWinds TFTP Server is a straightforward tool with a clean interface for transferring files between multiple devices. It is one of the best free TFTP servers with minimalistic design and a simple layout. Because it is a TFTP server, it has little impact on the system. It allows seamless file transfer up to 4 GB without any inconvenience. Generally speaking, the fastest server you're going to ping is going to be the one you're physically closest to. And Steam caps their downloads, you will never reach your max download speed when downloading from their servers. If you're debating cutting your speed down to match what Steam lets you download, that seems a bit unusual.
Original product version: Configuration Manager (current branch), Windows Server Update Services
Original KB number: 4490414
Original KB number: 4490414
Capacity limits
Although WSUS can support 100,000 clients per server (150,000 clients when you use Configuration Manager), we don't recommend approaching this limit. Instead, consider using a configuration of 2-4 servers sharing the same SQL server database.
This is because you have safety in numbers. That is, if one server goes down, although important, it won't immediately spoil your weekend because no client can update, and you have to be updated against the latest 0-day exploit.
The shared database scenario also prevents what we call a scan storm.
A scan storm can occur when many clients change WSUS servers and the servers don't share a database. WSUS tracks activity in the database so that both know what has changed since a client last scanned and will only send metadata that is updated since then.
If clients change to a different WSUS server that uses a different database, the client will have to do a full scan. This can result in large metadata transfers. We have seen transfers of greater than 1 GB per client occur in these scenarios, especially if the WSUS server isn't maintained correctly.
This can generate enough load to cause errors when clients communicate with a WSUS instance. This results in clients retrying repeatedly.
Sharing a database means that if a client switches to another WSUS instance that uses the same DB, the scan penalty isn't incurred. The load increases aren't the large penalty you pay for switching databases.
Configuration Manager client scans put more demand on WSUS than the stand-alone Automatic Updates. Configuration Manager, because it includes compliance checking, requests scans with criteria that will return all updates that are in any status except declined.
When the Automatic Updates Agent scans, or you click Check for Updates in Control Panel, the agent sends criteria to retrieve only those updates Approved for Install. Therefore, the metadata returned will usually be less than when the scan is initiated by Configuration Manager. The Update Agent does cache the data and the next scan requests will return the data from the client cache.
Disable recycling and configure memory limits
Steam Best Download Server
WSUS implements an internal cache that retrieves the update metadata from the database. Retrieving metadata from the database is expensive and very memory intensive and can result in the IIS application pool that hosts WSUS (known as WSUSPool) recycling when it overruns the default private and virtual memory limits.
When the pool recycles, the cache is removed and must be rebuilt. This isn't a large problem when clients are undergoing delta scans. But if you end up in a scan storm scenario, the pool will recycle constantly, and clients will receive errors when you make scan requests, for example HTTP 503 errors.
We recommend that you increase the default Queue Length, and disable both the Virtual and Private Memory Limit by setting them to 0. IIS implements an automatic recycling of the application pool every 29 hours, Ping, and Idle Time-outs, all which should be disabled. These settings are found in IIS Manager > Application Pools > choose WsusPool and then click the Advanced Settings link in the right side pane of IIS manager.
The following is a summary of recommended changes, and a related screenshot. For more information, see Plan for software updates in Configuration Manager.
Setting name | Value |
---|---|
Queue Length | 2000 (up from default of 1000) |
Idle Time-out (minutes) | 0 (down from the default of 20) |
Ping Enabled | False (from default of True) |
Private Memory Limit (KB) | 0 (unlimited, up from the default of 1,843,200 KB) |
Regular Time Interval (minutes) | 0 (to prevent a recycle, and modified from the default of 1740) |
For reference, in an environment that had around 17,000 updates cached, we have seen greater than 24 GB of memory needed as the cache is built until it stabilized (at around 14 GB).
Check whether compression is enabled (if you want to conserve bandwidth)
WSUS uses a compression type calls Xpress encoding. This implements compression on update metadata. This can result in significant bandwidth savings.
Xpress encoding is enabled in IIS ApplicationHost.config with this line under the
<httpCompression>
element and a registry setting:- ApplicationHost.Config<scheme name='xpress' doStaticCompression='false' doDynamicCompression='true' dll='C:Program FilesUpdate ServicesWebServicessuscomp.dll' staticCompressionLevel='10' dynamicCompressionLevel='0' />
- Registry key
HKEY_LOCAL_MACHINESOFTWAREMicrosoftUpdate ServicesServerSetupIIsDynamicCompression
If both aren't present, it can be enabled by running this command and then restarting the WsusPool application pool in IIS.
Xpress encoding will add some CPU overhead, and can be disabled if bandwidth isn't a concern, but CPU usage is. The following command will turn it off.
Configure products and categories
When you configure WSUS, choose only the products and categories that you plan to deploy. You can always synchronize categories and products that you must have later but adding them when you don't plan to deploy them increases metadata size and overhead on the WSUS servers.
Disable Itanium updates and other unnecessary updates
This shouldn't be an issue for much longer, because Windows Server 2008 R2 was the last version to support Itanium. But it bears mentioning.
Customize and use this script in your environment to decline Itanium architecture updates. The script can also decline updates that contain Preview or Beta in the update title.
This leads to the WSUS console being more responsive, but does not affect the client scan.
Decline superseded updates and run maintenance
One of the most important things that you can do to help WSUS run better. Keeping updates around that are superseded longer than needed (for example, after you're no longer deploying them) is the leading cause of WSUS performance problems. It's ok to keep them around if you're still deploying them. Remove them after you're done with them.
For information about declining superseded updates and other WSUS maintenance items, see the Complete guide to Microsoft WSUS and Configuration Manager SUP maintenance article.
WSUS with SSL setup
By default, WSUS isn't configured to use SSL for client communication. The first post-install step should be to configured SSL on WSUS to make sure security between server-client communications.
You have to create a self-signed certificate (not ideal because every client would have to trust this certificate), obtain one from a third-party certificate provider, or from your internal certificate infrastructure.
X android download. Your certificate should have the short server name, FQDN, and SAN names (aliases) that it goes by.
After you have the certificate installed, you have to upgrade the Group Policy (or Client Configuration settings for software updates in Configuration Manager) to use the address and SSL port of the WSUS server. This is typically 8531 or 443.
For example, configure GPO Specify intranet Microsoft update service location to <
https://wsus.contoso.com:8531
>.To get started, see Secure WSUS with the Secure Sockets Layer Protocol.
Configure Antivirus Exclusions
About Cumulative Updates and Monthly Rollups
You may see the terms Monthly Rollups and Cumulative Update used for Windows OS updates. Although we may use them interchangeably, Rollups refer to the set of updates published for Windows 7, Windows 8.1, Windows Server 2008 R2 and Windows Server 2012 R2 that are only partly cumulative.
The following blog posts explain this:
With Windows 10 and Windows Server 2016, the updates were cumulative from the beginning:
Cumulative in this context means, that you install the release version of the OS and only have to apply the latest Cumulative Update in order to be fully patched. For the older operating systems, we don't have such updates yet, although this is the direction we're heading in.
For Windows 7 and Windows 8.1, this means that after you install the latest monthly rollup, additional updates will still be needed. Here is an example for Windows 7 and Windows Server 2008 R2 on what it takes to have an almost fully patched system.
You can find the list of Monthly Rollups for Windows 7 and 8.1 and Cumulative Updates for Windows 10/Server 2016 at these links, or you can find them by searching for Windows X update History, where X is the version.
Windows version | Update |
---|---|
Windows 7 SP1 and Windows Server 2008 R2 SP1 | Windows 7 SP1 and Windows Server 2008 R2 SP1 update history |
Windows 8.1 and Windows Server 2012 R2 | Windows 8.1 and Windows Server 2012 R2 update history |
Windows 10 and Windows Server 2016 | Windows 10 and Windows Server update history |
Windows Server 2019 | Windows 10 and Windows Server 2019 update history |
Another point to consider is that not all updates are published so that they sync automatically to WSUS. For example, C and D week Cumulative Updates are preview updates and won't synchronize to WSUS, but must be manually imported instead. See the Monthly quality updates section of Windows 10 update servicing cadence.
Using PowerShell to connect to a WSUS server
The following is just a code example to get you started with PowerShell and the WSUS API. It can be executed where the WSUS Administration Console is installed.
References
Do you want to create a Localhost web server on Windows 10 but without installing IIS? Then here are some best software to create a local web server environment to test out various web applications such as WordPress.
What is the Localhost server?
LocalHost is a hostname in the computer networking world used to access the various services running on the host using a loopback network interface, the
lo
is a short form of this loopback device. It doesn’t require or always bypass the local network interface to connect the service or to reply when we ping it. This network interface and its working will be the same for all operating systems whether you’re on Windows, Linux, FreeBSD, or macOS. We can always ping the loopback interface to access various services running locally on the system.Furthermore, if we talk about the IPv4 address for the localhost then it is
127.0.0.1
and for IPv6 address :: 1
, this is also universal and refers to your own computer or server.Now, if we have an active webserver on our PC or Laptop, then if we use
localhost or 127.0.0.1
as the web address in the browser without specifying any particular port number then this URL will call the local running web server and shows whatever the content is there in the webroot directory. If the HTTP Error 500 appears when calling localhost, 127.0.0.1 or when using IPv6 :: 1, this indicates a fundamental misconfiguration of the webserver. This local web server also refers to the Localhost server, as its service can be accessed using the loopback interface.However, here we are not to talk about the what is Localhost server instead, the software we can use to create one on Windows 10. 8 or 7 for testing out various web services, applications, websites project, or CMS such as WordPress, Joomla, Drupal, Magento, etc.
Top Software for PHP Localhost web server on Windows 10/8/7
1. Xampp- open source
Xampp is one of the best free software to create a localhost web server with PHP, Apache, and MySQL services. It is an open-source program and cross-platform, which means we cannot only use it on Windows but also on macOS and Linux platforms. If you want to use the Xampp on older Windows platforms such as XP and Windows Server 2003 then download XAMPP 1.8.2-6 because the latest version is not compatible.
To create a localhost web server and deal with the latest web apps efficiently, the Xampp stack packed with the latest versions of Apache, MariaDB, PHP, phpMyAdmin, OpenSSL, XAMPP Control Panel, Webalizer, Mercury Mail Transport System, FileZilla FTP Server, Tomcat (with mod_proxy_ajp as a connector) and Strawberry Perl Portable.
It is purely designed to test to use as a test system, thus, allow quick start of various inbuilt servers with just one click. Also, the user can download varied pre-build modules such as Wordrpess, PrestaShop, Magento, Drupal, and many more to quickly deploy your favorites CMS, Forum, Wiki, Ecommerce to start testing.
However, not XAMPP only, also the other mentioned Localhost web server creator platforms are pure test systems and aim to be quickly ready for usage. Accordingly, not intended to serve as a commercial web server on the Internet, because they do not offer sufficient protection against possible hacker attacks there.
Visit the websiteto download Xampp.
Best Download Server Steam
2. Ampps- Localhost server with Softaculous
Well, in most of the free software available to create a local web server environment, the user has to install even common web applications manually which could be a cumbersome task, especially for beginners and a little bit time-consuming for advanced users. Thus, in such scenarios, Ampps is the best option not to only create a localhost server on Windows 10/8/7 but also to install various open-source CMS, E-commerce store, Wiki, web-based DB management tools, Ad Management, ERP system, Poll Management, and more. Thanks to Softaculous integration which allows users to run various pre-configured scripts to install open-source web-based software in just one click, just like we do in hosting services.
Furthermore, it also gives a quick access tray icon to start and stop Apache and MySQL services. The Nginx is also there, in case someone doesn’t want to use Apache as the webserver.
It is available for Windows, macOS, and Linux operating systems. Thus, a good alternative to Xampp.
3. WampServer localhost webserver
The next popular free Windows 10/8/7 tool, dedicated to setting up the localhost web server, is Wamp Server. Most of us dealing with websites and other web testing on Windows would already know about it. It also offers the LAMP environment in a single package to install and control their services from a quick control panel buttons.
Best Minecraft Servers Download
This Windows web development environment is not available for macOS and Linux. Apart from Apache2, PHP, and a MySQL database, it offers phpMyAdmin to manage database instances easily. Furthermore, if you are looking for Wamp portable server then try out UwAmp.
4. MAMP
If you are already using any of the above-given software then I don’t think you would need this one, however, to make sure all the good software should be in this best localhost server for Windows list, MAMP is here. Basically, it is a lightweight software that is available for both macOS and Windows, however, if you are professional then there is also a pro version for Windows with some extra features and a nice front-end.
For the webserver, it has both Apache and Nginx, to Database management MySQL or MariaDB whereas, in terms of web development languages PHP, Perl and Python come along with MAMP.
Furthermore, with a one-time payment the user can add the MAMP cloud functionality to backup a host and database, this helps the user to easily move data in the safest possible way.
DownloadFree MAMP for Windows
5. UwAMP portable WAMP server
This is really a nice alternative for the above-mentioned top localhost servers for web development if you are looking for portability. Yes, those want to move their web project and web server along in a USB drive, then consider trying out UwAMP. The interface is very easy to handle and to the subject, that means you will have only those options that are necessary such as buttons to start and stop Apache + MySQL service and to access PHP, Apache, MySQL configuration along with phpMyAdmin.
We already have done a tutorial on it where we have shown how to use UwAMP and the process of WordPress installation on it.
6. DesktopServer from ServerPress
If your only aim to set up a localhost web server on Windows PC or laptop is to test WordPress based website, then the DesktopServer program is the best-optimized option. It is developed to run on Windows with an optimized Local Apache, MySQL, and PHP stack to run only Wordpres CMS. It also supports SSL and comes with easy custom configurations to deploy WordPress based website in few seconds.
However, apart from Windows OS, the DesktopServer Localhost web environment software is also available for macOS. Those want to create and manage unlimited WordPress websites along with other premium features they can go for the paid options such as Easy Live site Deployment, Panic Coda and DreamWeaver Live support, Internet Sharing for collaboration, and more.
The best part is even we are installing the WordPress on the localhost server, still, it lets users create and access the demo or testing WordPress instance on the .dev.cc domain. This is a reserved domain and only exists on the local pc where DesktopServer is running to access creates WordPress instance using a fully qualified domain instead of 127.0.0.1 or localhost in the web address bar.
7. easyphp- Devserver & Webserver
EasyPHP developers offer two programs – one is DevSever and other Webserver both can be used to create a localhost web server environment on Windows but slightly for different purposes.
DevServer is mostly meant to target developers or users those want to set up a local server to mimic the production server like capabilities on PC or Laptop for testing a various web application and performing web development. Furthermore, it is also portable thus the developers can carry it in the USB Drive to easily work on different projects.
WebServer from Easyphp is meant to provide a hosting service kind of server on a personal pc or laptop for users who not only want to have some website on Windows Localhost web server using LAMP but also have a plan to share the same over the internet and let other to access the same. This lets your personal PC act as a web hosting service to make your website/application/demo accessible via the internet. The server is fully configurable, modular, and easy to update and extend.
Verdict on Best Windows localhost web Server tools
There are some more tools available to build the local web environment but the functionalities they provide are already there in the above tools thus that’s why I want the list short and to the point. Moreover, if any of you don’t want to use LAMP, then Windows 10/8/7 inbuilt IIS -Internet Information Services are always there to activate and use. If you want to know how then see: How to install IIS web server on Windows 10 Step by Step
Other Articles: