Link to home
Start Free TrialLog in
Avatar of CityofKerrville
CityofKerrvilleFlag for United States of America

asked on

WSUS installation fail when connecting to Remote SQL 2005 Server

Hello again EE,

We are in the process of setting up MS Forefront Client Security in a Three Server Topology.

Reporting Database Server called ORACLE
Management, Collection, and Reporting Server called SMITH
Distribution Server called NEO

Prerequisites

Reporting Database Server (ORACLE) - http://technet.microsoft.com/en-us/library/bb404250.aspx

SQL 2005 already installed.  Verified settings in the link posted above

Management, Collection, and Reporting Server  (SMITH) - http://technet.microsoft.com/en-us/library/bb404262.aspx

All instructions followed line-by-line

Distribution Server (NEO) - http://technet.microsoft.com/en-us/library/bb404278.aspx

Install .NET Framework 2.0  DONE!
Install IIS and ASP.NET  DONE!
Install WSUS with SP1
Configure Remote SQL - http://technet.microsoft.com/en-us/library/cc708595.aspx

Everything appears to be going as planned up to this point.  When setting us WSUS on NEO, it find the SQL instance on ORACLE without issue, and completes the installation successfully, or so it appears.

A few seconds after the installation wizard closes the follow popup occurs.

"An error occurred when trying to preform a database operation, and the wizard must be closed.  You may restart the WSUS Server Configuration Wizard from the Options page in the WSUS 3.0 console." See Attachement A

I then launch the WSUS management console, and it is not connected to the server (NEO), so I click on connect to server, type NEO in the server block and use the drop down to select port specified during the installation.  When I click ok I get the following error.

'Cannot connect to 'NEO'. SQL server may not be running on the server.

Please verify that SQL server is running and configured correctly on the server.  Contact your network administrator is the problem persists"
See Attachment B

This error is disturbing because the Three Topology installation instruction make not mention to SQL running on the Distribution Server.  At this point I cannot go any further.

Here are the step I have taken to try and resolve the problem  Unsuccessfully

Verified\modified permissions on the ORACLE to create databases
Registered SPN for the SQL instance - http://support.microsoft.com/kb/909801

Nothing changes.  Aany Ideas?  The only other thing I can think to try is install SQL on NEO also, But that would be three separate SQL installations if we do that and we are trying to keep on DB's centralized.

Here are a couple of items from the event logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Event Type:      Failure Audit
Event Source:      MSSQLSERVER
Event Category:      (4)
Event ID:      18456
Date:            10/24/2008
Time:            11:55:48 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      ORACLE
Description:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: 192.168.101.204]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 48 00 00 0e 00 00 00   .H......
0008: 07 00 00 00 4f 00 52 00   ....O.R.
0010: 41 00 43 00 4c 00 45 00   A.C.L.E.
0018: 00 00 07 00 00 00 6d 00   ......m.
0020: 61 00 73 00 74 00 65 00   a.s.t.e.
0028: 72 00 00 00               r...    

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Event Type:      Warning
Event Source:      Windows Server Update Services
Event Category:      None
Event ID:      7042
Date:            10/24/2008
Time:            11:32:02 AM
User:            N/A
Computer:      NEO
Description:
The WSUS administration console was unable to connect to the WSUS Server Database.
   
Verify that SQL server is running on the WSUS Server. If the problem persists, try restarting SQL.
   

System.Data.SqlClient.SqlException -- Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Source
.Net SqlClient Data Provider

Stack Trace:
   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetTargetGroupById(Guid id)
   at Microsoft.UpdateServices.Internal.BaseApi.ComputerTargetGroup.GetById(Guid id, UpdateServer updateServer)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetComputerTargetGroup(Guid id)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.TestSqlConnection(IUpdateServer server)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.get_AdminApiTools()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.get_ServerState()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.SetNavigationItemEnabledStates()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.InitializeNavigationItems()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.OOBEWizardInitialize()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


neo-wsus-installerror.JPG
neo-wsus.JPG
ASKER CERTIFIED SOLUTION
Avatar of russell124
russell124
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CityofKerrville
CityofKerrville
Flag of United States of America image

ASKER

Are all your servers on the same domain?

YES

What settings did you use when you set your SPN?  Did you use a domain account for the SPN?

If followed the instructions found here - http://support.microsoft.com/kb/909801

I did all of the following

SetSPN A MSSQLSERVER/sqlservername.domainaname:1433 domainadmin
SetSPN A MSSQLSERVER/sqlservername.domainaname:1433 domainuser
SetSPN A MSSQLSERVER/wsusservername.domainaname:1433 domainadmin
SetSPN A MSSQLSERVER/wsusservername.domainaname:1433 domainuser

What type of account is your SQL instance running as?  Did you create a service account on the domain to run sql, or is it running under local system or network service?

It is running on a domain user account and is the same one reference in the spn commands above

Check your DNS settings too, can you resolve the fqdn of your servers from one another?

DNS resolves for both machines
SOLUTION
Avatar of russell124
russell124
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of CityofKerrville
CityofKerrville
Flag of United States of America image

ASKER

C:\Program Files\Resource Kit>setspn -L mgrahamadmin
Registered ServicePrincipalNames for CN=Matt Graham - Admin,OU=IT,OU=Domain_User
s,DC=city,DC=local:
    MSSQLSERVER/oracle
    MSSQLSERVER/oracle.city.local:1433
    MSSQLSERVER/oracle:1433
    MSSQLSERVER/neo:1433

C:\Program Files\Resource Kit>setspn -L sqlservice
Registered ServicePrincipalNames for CN=SQL Service,OU=IT,OU=Domain_Users,DC=cit
y,DC=local:
    MSSQLSERVER/oracle
    MSSQLSERVER/oracle.city.local:1433
    MSSQLSERVER/oracle:1433
    MSSQLSERVER/neo:1433

You may also need to register the sql service account as an spn with the "domain\user" format.

I tried and it would not even accept the command.
SOLUTION
Avatar of russell124
russell124
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial