• Welcome to Support Forum: Get Support for Patch My PC Products and Services.
 

Third-party updates installation times

Started by brandonm, November 18, 2020, 07:53:07 AM

Previous topic - Next topic

brandonm

I doubt this is anything specific to Patch My PC, but I've noticed that it seems to take much longer for ConfigMgr clients to install third-party updates than it does to install Microsoft updates on my computers. More specifically, it seems to take longer to start the installation. For example, if I initiate an installation of several Microsoft updates and several Patch My PC updates, the Microsoft updates will begin to install and finish much quicker than third-party (Patch My PC) updates to start and finish. Is this typical? I perform regular database maintenance on the SUSDB, such as deleting obsolete updates and declining updates that I do not need. I know when unused updates build up in the database, it can cause clients to take a long time to scan.

The only thing I can see going on while the client is waiting to start the installation of an update is the WmiPrvSE.exe being highly active. Once the installation starts, it pretty much goes idle. I know the client uses WMI host for much of its work. What is it doing when it goes to install these updates? Is it scanning all updates every time it install a third-party update? If so, why does it not seem to do this for Microsoft updates? I have also looked at scanagent.log and UpdatesHandler.log and there doesn't seem to be a too much going on in there during this time.

Andrew Jimenez (Patch My PC)

This may be related to this issue: https://patchmypc.com/third-party-updates-fail-to-download-in-configmgr-1910-if-download-delta-update-enabled-and-client-is-using-cloud-management-gateway-cmg-0x80d02002 we've seen this happen both on and off CMG, 3rd party patches may still try to download content and timeout which may account for the long delay. They won't necessarily fail, but will take time as they search for the correct content. That is the only thing that comes to mind at this point.

brandonm

Thanks Andrew. I just checked my Client Settings and we do not have the setting "Allow clients to download delta content when available" enabled.

Andrew Jimenez (Patch My PC)

Interesting. The WindowsUpdate.log may shed more light on this as well.

brandonm

Thanks again. I will take a look at WindowsUpdate.log when I get a chance to do some testing.

Cody Mathis (Patch My PC)

Is this issue for all clients? Or are you noticing it on clients over the CMG / IBCM?

There is generally not anything special going on specifically for third party updates. We have seen this delay happen though if you also have the Dell, Lenovo, or HP driver catalogues in place. They have very complicated applicability rules and can greatly increase CPU load / scan time.

brandonm

#6
Thanks Cody. This is good to know. I do have catalogs enabled for Adobe, Dell and HP. I am going to disable Adobe and HP and see if that makes a difference. We no longer need Adobe because of PMP and we are phasing out HP, so don't need that either. I had already disabled SUP sync for those Products some time ago, so I guess there is not point in having Catalogs enabled.

As for the issue, I have not confirmed the extent as we have only recently started using third-party patching a great deal now that we have PMP. I have only seen this on my test computers as well as my workstation. It is not of concern yet as we are slowly rolling out third-party updates available from PMP. But as we add more products, it may cause total patch times to increase. We do have a pretty generous maintenance window for our workstations, so I am not too concerned at tis time.
We are not using any cloud or internet based management yet, but that may be something to consider in the future. We only have on-premise management and have recently started evaluating Co-management.

Cody Mathis (Patch My PC)

If do you remove the Adobe and HP catalog I would recommend you decline the updates for them as well to ensure they are not scanned against by clients anymore.

brandonm

Thanks. I have already declined and purged those from the database back when I stopped syncing them. I am well familiar with the misery of WSUS's terrible database housekeeping lol. I had to work with Microsoft support because SCCM syncs were failing. It took me about a week of running the spGetObsoleteUpdatesToCleanup + spDeleteUpdate stored procedures just to get WSUS functional. Unless something has changed in newer versions, WSUS built-in maintenance doesn't delete obsolete updates from the database; only the files on disk. I have a SQL job that runs those SPs weekly and it has kept performance pretty optimal.

Cody Mathis (Patch My PC)

If you are experiencing this issue I would encourage you to submit a support case so we can look into what might be happening.

https://patchmypc.com/technical-support

brandonm

#10
EDIT: Never mind on this post. Installations still taking longer than expected.

I don't have any definitive evidence, but I may have stumbled upon something that can speed up the installation time. While preparing for a Windows 10 Feature Update deployment and doing some research, I discovered this best practices from Microsoft: https://docs.microsoft.com/en-us/windows/deployment/update/feature-update-maintenance-window#step-4-override-the-default-windows-setup-priority-windows-10-version-1709-and-later

The document indicates that the default configuration for update installation Priority is Low and that you may need to change this to Normal in order for feature updates to install in a timely fashion. The way to do this is create the file: %systemdrive%\Users\Default\AppData\Local\Microsoft\Windows\WSUS\SetupConfig.ini that includes a [SetupConfig] key with property/value: Priority=Normal. I have done this on several computers, including my workstation. Since doing this, it seems like all updates, not just W10 Feature updates, are installing much faster. This includes Patch My PC updates. Could just be my imagination, or maybe not. The location of SetupConfig.ini shows nothing to indicate that it is only for Windows 10 Feature updates. This needs some more validation, so if anyone wants to give it a try, I would like to hear your results.