back to article Is Windows 10 ignoring sysadmins' network QoS settings?

An Australian sysadmin frustrated with his business' sudden loss of performance has sparked a conversation about whether Windows 10 is behaving badly on network connections. To jump well into the discussion thread that points the finger at Microsoft: “We have had reports now from several people, not all our clients, reporting …


  1. streaky

    "What do our sysadmin readers think?"

    WSUS. That's what I think.

    But yeah, trash. Lets not even discuss the win 10 store connections for completely unrelated apps that never even came from the store.

    1. Anonymous Coward
      Anonymous Coward

      Re: "What do our sysadmin readers think?"

      $ ssh root@server

      Welcome to Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-74-generic x86_64)

      * Documentation:

      Last login: Thu Jun 9 09:00:20 2016 from

      root@server:~# apt-get install wsus

      Reading package lists... Done

      Building dependency tree

      Reading state information... Done

      E: Unable to locate package wsus

      1. streaky

        Re: "What do our sysadmin readers think?"

        Funny you should mention that I've been working on for a while what I think is the first third party implementation of a SUS server (it's a well-documented open standard - no really) and it happens to be Open Source and also, y'know, run on Linux (for updating windows hosts) :)

        1. Anonymous Coward
          Anonymous Coward

          Re: "What do our sysadmin readers think?"

          I recall researching the problem a few months back and drawing blanks. There was some commercial solution, but nothing distributed in the standard repositories.

          Normally "WSUS" refers to the Microsoft implementation, which is only shipped with Windows Server. A very expensive piece of software to perform what is essentially just a caching proxy server role.

  2. gerdesj Silver badge

    Ho hum time for another VLAN

    Today I created a VLAN, at work, called SEWER purely for a set of devices too dodgy to go on the THINGS VLAN. THINGS was for IoT stuff like tellys, cameras and the like and brave real systems with a carefully crafted firewall and rather more HIDS and monitoring than the usual. SEWER devices are just a bit odd(er) to be honest.

    It seems I will now need a CESSPOOL VLAN for Windows 10 PCs with even more stringent checks.

  3. veti Silver badge


    It's not quite clear whether people are talking about updates to an existing copy of Windows 10, or the rammed-down-the-throat upgrades being applied to existing Windows 7 and 8.1 systems. From the involvement of Akamai, I can't imagine these are regular updates. Surely not even Microsoft would be insane enough to outsource those.

    If Microsoft has engaged Akamai somehow to push their thrice-cursed upgrades, then that might also go some way to explain the tactics that have been deployed. (Particularly if Akamai is paid by the download.)

    1. Adam 52 Silver badge

      Re: Microsoft/Akamai?

      Still amusing that Azure CDN clearly wasn't up to the job.

    2. Bob Vistakin

      Re: Microsoft/Akamai?

      "thrice-cursed upgrades"

      Have an upvote.

    3. Anonymous Coward
      Anonymous Coward

      Re: Microsoft/Akamai?

      Microsoft used to - not sure if they still do - sell their software via Digital River. It was a steaming pile of rubbish, little support, failed to allow you to enter basic details, etc.

      If they couldn't even do ecommerce (when everyone lese seemed to have managed it) I'm not surprised if they have to outsource their CDN.

    4. Zoopy

      Re: Microsoft/Akamai?

      Assuming Microsoft cryptographically signs their updates, why would it matter if they used Akamai or any other CDN to distribute the actual files?

  4. aberglas

    My home network unusable

    Installed windows 10 + office, and there are dozens of gigabytes of downloads. New C drive went from 12 gig after install to 50 gig now and growing.

    On a 2 megabit ADSL, and it clobbers everything.

    There are rumours that gsedit can throttle the BITS, but did not work for me.

    Also llnw downloads, is MS using them too? All hidden behind the svchost.

    Anyway, Gargoyle to the rescue, throttles the IP, seems to work despite this article. ALthough Gargoyle itself has been crashing recently.

    1. gerdesj Silver badge

      Re: My home network unusable

      "On a 2 megabit ADSL, and it clobbers everything."

      Pity the poor buggers on the end of a satellite phone or dial up. The sort of people who have to turn off HTML in their email ...

      There are plenty of them across the world, say in huge swathes across Africa, large parts of Asia, masses in South America etc etc and I'm sure they are loving the free upgrade.

    2. DryBones

      Re: My home network unusable

      That'd be Windows 10 trying to serve updates to the rest of the world from your computer, I think. Turn that option off under Advanced Options in Updates.

      1. Roland6 Silver badge

        Re: My home network unusable

        Set your network connection(s) to 'metered'.

        WiFi is obvious in the settings, for fixed LAN see:

      2. cdmdotnet

        Re: My home network unusable

        One additional thing I've not tested but heard might be a work-around is marking the network connection as a metered connection. Apparently this stops the connection being used (even it it's wired or wireless) for collecting updates in the background. I have no idea what other consequences this has, and it might not help out much at all, but hey. worth a try and sharing if it works or not.

  5. gerdesj Silver badge

    Re-read and remember

    If I recall correctly, Win10 sans WSUS will act like a bit like a Bittorrent client and advertise itself and start sharing. The article mentions that the sysadmin has an alternative patching mechanism and hence this may have kicked in ... along with a nasty looking bug.

    This is purely speculation on my part but hey, I'm a commentard.

    I suggest that MS restrict themselves to doling out their malware themselves or via Akamai and Co. They charge their customers for their OS. No other OS vendor has tried to hijack their customers connection like this, that I'm aware of. Most Linux/*BSD distros don't even get to charge at all and none of them have even contemplated this nonsense. Apple get's the moral high ground here as well *haaaaawk* ... *spt-ing*.

    1. a_yank_lurker Silver badge

      Re: Re-read and remember

      @ gerdesj, I remember reading something about W10 acting like torrent client for updates awhile back and the report was apparently straight from Slurp. If my memory is correct, using users machines as part of a torrent stream strikes me as below dodgy since most people do actually have monthly data cap even if it is quite large.

      1. Anonymous Coward
        Anonymous Coward

        Re: Re-read and remember

        There is a peer to peer.

        Any half competent sys-admin knows

        a) how to disable the peer to peer going out to the internet

        b) How to disable it completly

        c) how to stop auto-updates.

        Even if you do have auto-updates running, change the bloody schedules!

        1. Kiwi

          Re: Re-read and remember

          Any half competent sys-admin knows

          Most Windows users aren't competent system admins or even competent computer users (why would they be using Windows if they were? :) ) - most are home users who may be extremely competent in other fields but not computers.

          a) how to disable the peer to peer going out to the internet

          Most Windows users would not have a clue about that.

          b) How to disable it completly

          Most Windows users would not have a clue about that.

          c) how to stop auto-updates.

          Most Windows users would not have a clue about that.

          Even if you do have auto-updates running, change the bloody schedules!

          Most Windows users would not have a clue about how to do that!

      2. TonyJ Silver badge

        Re: Re-read and remember

        "...most people do actually have monthly data cap even if it is quite large.."

        Not justifying this in any way (and I had the whole torrent-style of sharing/downloading updates turned off from the get-go, but most people's caps are for download only.

        Now I can see why this would be a decent idea for machines on the same LAN segment that are behind a slow link, but come on MS...that's one of the things WSUS is for

        1. SImon Hobson Silver badge

          Re: Re-read and remember

          > but most people's caps are for download only.

          I doubt that.

          While I'm now on an "unmetered" tariff and VDSL (FTTC in the UK), my previous ADSL tariff with the same ISP metered traffic both ways. I'm fairly certain that this is not uncommon.

          But anyway, people have mentioned slow connections - but even "modestly fast" connections (like the 6Mbps ADSL I used to have) often have much slower uplinks (442kbps before overheads for ADSL is typical in the UK). Hence acting as a torrent peer is going to royally screw your uplink, and therefore your latency, and therefore make anything interactive turn into "an unpleasant experience".

  6. Steve Davies 3 Silver badge

    And still people want to use this POS?

    After all their previous issues with networking going back to Windows 3.0/3.1 I am actually saddened that MS puts out software that behaves like this.

    It is almost as if the droids in Redmond are deliberately ignoring the fact that most of the world is not on 100Mbit Connections (not ASDL either).

    So come you MS fanbois, defend this?

    My decision to never use W10 that I made lst October seems to be even wiser every day.

    IMHO, it is a POS and not fit to wipe yor arse when doing No 2's.

    Sadly, MS won't do anything to fix the problems. They are in 'la-la-la-la-la-can't here you land' at the moment.

    Such a shame. They could have made a really good OS instead... they failed, miserably (IMHO)

    1. chivo243 Silver badge

      Re: And still people want to use this POS?

      @Steve Davies 3

      I've not touched a Win10 install. The handful of visiting vendor tech's that are using them like the OS itself. However, the slurp factor, and all of the underhanded crap that is also part of the Win10 experience has put us off to put it mildly and politely.

      I think you have nailed it, the C and D levels at MS are living in la la la la land, fingers in ears, collecting a big salary on a regular basis. As long as their fat salaries are being paid I'm sure they're living large in another reality.

      Unlike us, see icon: -------------------------------------------------------------------------------^

    2. Peter G Green

      Re: And still people want to use this POS?

      While there are a couple of caveats with using Windows 10, overall, once you've stopped the persistent reporting back to MS (try this AntiBeacon tool:, uninstalled all the apps you'll never use (Sway, Sport, Candy bl**dy crush) and sorted your privacy settings, it's actually pretty good to use.

      OK, I'd still prefer a more stripped down version of Windows (ala XP) but you have to move with the times and Windows 10 is a return to form after the disaster that was Windows 8.

      I don't feel it deserves the rant you've posted.

      1. Aoyagi Aichou

        @Peter G Green

        The update policies, which include driver updates through Windows Update, alone deserve that kind of a rant. As does the amount of work one has to do to make the OS not "pretty good to use" as you claim, but "about as good as Windows 7 to use".

        1. Peter G Green

          Re: @Peter G Green

          I didn't say it was perfect. With the way I set up Windows 10 (which is "Minimal" and that should actually be an install option), I actually prefer it to Windows 7. I still prefer Windows XP where everything just worked and feel that both Windows 7 and Windows 10 could learn lessons in usability from Windows XP, but I think Windows 10 is a fine OS.

          <Divergence> For any old-timers who use SUBST on local drives for development purposes, has anyone found a Windows 10 method of getting SUBST to work in both "Normal" mode and "Elevated" mode at startup? This is one of the other caveats of Windows 10 use :-) </Divergence>

      2. Roland6 Silver badge

        Re: And still people want to use this POS?

        once you've stopped the persistent reporting back to MS ..., uninstalled all the apps you'll never use ... and sorted your privacy settings, it's actually pretty good to use.

        Now do that on the other systems in your house and then the parents and other family systems you are supporting... and repeat every so often as MS has a habit of messing things up with it's periodic major updates...

        Perhaps instead of Classic Shell and Start8/10 we need an XP Shell/StartXP which automatically do all of the stripping out of Win10 and make it as well behavied as XP/7...

  7. TReko

    Office 2016

    It's not just Windows 10 updates that ignore TCP standard holdoffs, Office 2016 updates will do it too.

    These can easily bring a network to a standstill, unfortunately.

    1. Anonymous Coward
      Anonymous Coward

      Re: Office 2016

      Is it actually Windows 10/Office or is it Akamai?

      I know for fact they've made major changes to the TCP congestion backoff on their kit. Buried in their site somewhere they even advertise it as a benefit, which is great until congestion occurs because you _are_ on a crappy link

      1. Chromatix

        Re: Office 2016

        It's got to be Akamai. That sort of fundamental breakage of TCP congestion control can't happen client-side, not if it wants the lost packets to be retransmitted so it actually gets them.

        I've seen servers that ignore ECN marking recently, but they at least still respond to the packet drops which inevitably happen when the queue overflows. They're misbehaving, but in a sort-of manageable way.

        This, though - this is *evil*. It's undoing the mid-1980s work which got the Internet running again after the Great Congestion Collapse Event. It needs to be stopped - NOW.

  8. Sebastian A

    You're no longer a customer, you're a product.

    And product has to shut up and sit on the shelf for the actual customer, namely advertisers.

  9. Oengus

    W10 testing regimen

    It is almost as if the droids in Redmond are deliberately ignoring the fact that most of the world is not on 100Mbit Connections (not ASDL either).

    You mean that everyone doesn't have 100MBit connections? Well I'll be damned. Everyone I know has at least 100Mbits available to them. </sarcasm>

    Whatever is responsible was probably tested (assuming someone did some testing) on an isolated single user environment inside the corporate headquarters then pushed out to the Basic/Home users to do the real testing. Isn't it M$'s policy to have the W10 basic users test the patches before rolling them out to the Pro/Enterprise community?

    1. Sebastian A

      Re: W10 testing regimen

      Pffft, every PC I deal with has 100Mbit if not a gigabit.

      To the switch.

      After that, 8 MBit is common.

  10. J__M__M

    a quiz

    Right now I have 6 vm's running on this machine... guess which one just can't seem to shut up until I remove the default gateway or otherwise kill it's internet access?

    1. Win 7

    2. Win 7

    3. Win XP

    4. Server 2008

    5. Server 2012R2 Core

    6. Win 10

    1. Hans 1

      Re: a quiz

      1 and 2 are the same answers, is that a give-away ? Noo, that would be too easy, 3 has been out for decades, probably misses a few security updates since it EOL'd and is infested with malware? Hm, the servers ? Nooooo, ok, hmmm, OHHHHHHHHH, BINGO!!!!!!!! THERE, Windows 10, Ok, MUST BE 6.

      Do I win anything, today?

      1. DryBones

        Re: a quiz

        Yes! You have won the coveted No Prize.

  11. Anonymous Coward

    There's a storm coming.

    (Wasn't expecting it to be a packet storm.. but its obvious now)

  12. bombastic bob Silver badge

    I noticed this a year ago during the 'insider' program

    I noticed this same thing a year ago during the 'insider' program. I complained about it. A *LOT*. I have limited bandwidth available, and Microsoft was _STEALING_ it whenever they *FELT* like it, which might be while I'm listening to streaming radio or something. It was part of my argument *AGAINST* the "not being able to control WHEN windows updates 'happen'".

    THAT obviously landed on DEAF ears. Micro-shaft does not care what customers want. Micro-shaft is doing everything in Win-10-nic for their OWN benefit, SCREW everyone else.

    1. James 51

      Re: I noticed this a year ago during the 'insider' program

      Until I read the name I thought this was amanfrommars1 who had taken some dried frog pills.

  13. Anonymous Coward
    Anonymous Coward

    Be quiet citizen

    Advertising is good.

    Big business is good.

    If you don't share then you don't care.

    You will comply.

    1. Myvekk

      Re: Be quiet citizen

      They Live!


      I have come here to chew bubble gum and kick ass! And I'm all out of bubble gum."


  14. Anonymous Coward
    Anonymous Coward

    M$ using torrent is fine

    After all, I get ALL of my MicroShit products via torrents!!!!

    Anon for obvious reasons

  15. chopsywa

    I posted the original article on Whirlpool. What makes it particularly nasty is that it is all done on port 80. Presumably Microsoft want their updates to work even when users are behind diligent sysadmins' firewalls. This is doubly nasty. You can't block port 80 or you block browsing. You can't block Akamai, or you block legitimate and well behaved services. I am hoping I can find a header identifier in the traffic that I can use to block the Windows 10 / Office 2016 updates at layer 7 for now.

    I just hope people who can fix this at the source are taking notice and do something about it. They are breaking the Internet....literally.

    1. Dr Spork

      Welcome to The Reg

    2. Missing Semicolon Silver badge

      @ chopsywa

      Thanks for dropping by!

      What immediately occurred to me is that the bad behaviour you have seen is coming from the TCP/IP stack in Windows, not just the Microsoft upate processes. Does that mean that any outgoing connection from a Win10 box will result in the same packet storm if you choose to throttle it?

      1. chopsywa

        Re: @ chopsywa

        I haven't seen any other traffic causing an issue. It is specifically the update process and it is the inbound traffic that runs amok. I thought it might be a flood of syn acks as I had seen a huge surge in connections (several thousand in several seconds) that then died down. However, the packet trace I took whilst the problem was occurring seem to indicate that the connections are fully open and the sending server (Akamai) is just hammering the external interface even though the router is dropping packets to try to throttle the connections back.

    3. reecem27

      "You can't block Akamai, or you block legitimate and well behaved services"

      What other well-behaved Akamai served resources do you use?

      Can you run a 'fixed' hosts file on your AD DNS server that forces all *.akamai.* to lookup as

      Or create a GPO script with a schedule that stops and disables the windows update service

      with "net stop wuauserv" and "sc config wuauserv start= disabled". Then do the reverse when you wish to allow the PC's to update?

      1. chopsywa

        Re: "You can't block Akamai, or you block legitimate and well behaved services"

        It is a shared tenants' connection, so we can't simply block Akamai.

  16. Medixstiff

    Speaking of Windoze 10.

    I found one staff members PC this morning with the "Get Windows 10" notification in the tray.

    He's not an Admin.

    It's on a Domain with WSUS updates (which M$ says won't get Windows 10)

    Yet I had to uninstall these updates:

    wusa /uninstall /kb:2952664 /norestart

    wusa /uninstall /kb:3035583 /norestart

    wusa /uninstall /kb:3068708 /norestart

    wusa /uninstall /kb:3080149 /norestart

    So now I'm wondering if it's something like the annoying Windows 10 pop-ups that MSN Australia has been pushing out, somehow pushing out the updates if the user clicks on the ad. accidentally?

    1. Roland6 Silver badge

      Re: Speaking of Windoze 10.

      May have installed via the IE update and the user dismissed the IE GWX pop-up 'incorrectly'...


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021