Unexpected high network bandwidth consumption when clients scan for updates from local WSUS server

Applies to: Windows Server Update Services 3.0 Service Pack 2Windows 7Windows 8.1 More

Symptoms


Microsoft System Center Configuration Manager customers report high network bandwidth usage for environments that employ Windows Server Update Services (WSUS). Some instances of the behavior started on February 13, 2018, and some started on March 13, 2018.

Affected operating systems are Windows 10 (all builds), Windows 8.1, and Windows 7. Customers report remarkably high bandwidth usage on the WSUS TCP port.

Cause


The Microsoft Compatibility Appraiser, which is used for Windows Analytics, is querying Windows Update agent in such a way that the Appraiser causes the Update Agent to discard part of its cache of update metadata. When a scan is next run for updates by Configuration Manager or Automatic Updates, or when the user clicks Check for Updates, the metadata for these updates is downloaded from WSUS again.

Resolution


To fix the issue, install the following updates, as applicable.

Windows version Windows update
Windows 10, version 1803 September 20, 2018—KB4458469 (OS Build 17134.319)
Windows 10, version 1709 September 20, 2018—KB4457136 (OS Build 16299.697)
Windows 10, version 1703 October 18, 2018—KB4462939 (OS Build 15063.1418)
Windows 10, version 1607 September 20, 2018—KB4457127 (OS Build 14393.2517)
Windows 8.1

October 18, 2018—KB4462921 (Preview of Monthly Rollup)

More information


Mitigation

Determine whether clients are using an affected version of the Microsoft Compatibility Appraiser. Check the modified date for the following binaries that are located in C:\Windows\System32, and verify that they are from February 2018 or a later date:

CompatTelRunner.exe
Appraiser.dll

The Windows Appraiser is run through the scheduled task in Task Schedulers > Task Scheduler Library > Microsoft > Windows > Application Experience > Microsoft Compatibility Appraiser.

We have issued an update that limits how often the Appraiser runs the Windows Update query that causes this problem. This should help reduce bandwidth usage, although it may not fully eliminate higher-than-normal usage.

To receive the change, your clients must be able to access both of the following addresses:

settings-win.data.microsoft.com
adl.windows.com

You can determine whether clients received this update by checking the value for the following registry subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Appraiser: LastAttemptedRunDataVersion

The following values indicate that the client has received the update.

Operating system version

Client update value

Windows 10, version 1709

1704 or 1752

Windows 10, version 1703

1799

Windows 10, version 1607

1799

Windows 10, version 1511

1799

Windows 10, version 1507

1799

Windows 8.1

1799

Windows 7

1799


LastAttemptedRunDataVersion is updated when CompatTelRunner.exe is executed. This generally runs daily as part of the Microsoft Compatibility Appraiser scheduled task. However, it can be run manually without arguments:

C:\Windows\System32>CompatTelRunner.exe 

Note This value varies between operating systems.

If clients are blocked from reaching these addresses, you have to unblock them.

Newer versions of CompatTelRunner.exe and Appraiser.dll

The following Windows updates use newer versions of CompatTelRunner.exe and Appraiser.dll that implement less frequent scanning. This avoids the need to unblock the URLs to obtain this update.

July 11, 2018

Windows version

Windows update

Windows 10, version 1709

June 21, 2018—KB4284822 (OS Build 16299.522)

Windows 10, version 1703

June 21, 2018—KB4284830 (OS Build 15063.1182)

Windows 10, version 1607

June 21, 2018—KB4284833 (OS Build 14393.2339)

Windows 8.1 Compatibility update for keeping Windows up-to-date in Windows 8.1
Windows 7 Compatibility update for keeping Windows up-to-date in Windows 7