As a rule, our process for maintaining a clean and healthy WSUS is to only approve the updates we need for the products we use, and to regularly find and decline superseded updates, and run the server cleanup wizard.
1. I think that's the best procedure from reading here, is that correct?
However, I'm not sure if the Server Cleanup Wizard is supposed to permanently delete declined updates, and remove them completely from WSUS, and if it is supposed to do that, I'm not sure if that's actually happening in our environment.
SUSDB.mbf is 3.4GB for approx 1,400 computers. Total size of the WSUS folder is ~70GB.
I carried out a big clean of our parent WSUS server last week, and as well as declining superseded updates, I also declined updates for Itanium based systems and Embedded Windows, which we no longer use anywhere. This resulted in ~1000 updates being declined. I ran the server cleanup wizard afterwards and after it ran the console gave a 'server node error'.
2. Is result post-cleanup normal or a problem?
Since doing that cleanup, some downstream servers have failed to sync. I'm wondering if it's related to the cleanup.
They are failing with the SQL timeout error. One explanation online is that declined (hidden) updates need to be permanently deleted using a method other than the server cleanup wizard, specifically to delete hidden updates using SQL Server Management Studio.
That's way more complicated than anything I've read previously.
3. Is is necessary to delete hidden updates with SQL Server Manager? Is there another way?