Solved

WSUS installation fail when connecting to Remote SQL 2005 Server

Posted on 2008-10-24
5
1,854 Views
Last Modified: 2012-05-05
Hello again EE,

We are in the process of setting up MS Forefront Client Security in a Three Server Topology.

Reporting Database Server called ORACLE
Management, Collection, and Reporting Server called SMITH
Distribution Server called NEO

Prerequisites

Reporting Database Server (ORACLE) - http://technet.microsoft.com/en-us/library/bb404250.aspx

SQL 2005 already installed.  Verified settings in the link posted above

Management, Collection, and Reporting Server  (SMITH) - http://technet.microsoft.com/en-us/library/bb404262.aspx

All instructions followed line-by-line

Distribution Server (NEO) - http://technet.microsoft.com/en-us/library/bb404278.aspx

Install .NET Framework 2.0  DONE!
Install IIS and ASP.NET  DONE!
Install WSUS with SP1
Configure Remote SQL - http://technet.microsoft.com/en-us/library/cc708595.aspx

Everything appears to be going as planned up to this point.  When setting us WSUS on NEO, it find the SQL instance on ORACLE without issue, and completes the installation successfully, or so it appears.

A few seconds after the installation wizard closes the follow popup occurs.

"An error occurred when trying to preform a database operation, and the wizard must be closed.  You may restart the WSUS Server Configuration Wizard from the Options page in the WSUS 3.0 console." See Attachement A

I then launch the WSUS management console, and it is not connected to the server (NEO), so I click on connect to server, type NEO in the server block and use the drop down to select port specified during the installation.  When I click ok I get the following error.

'Cannot connect to 'NEO'. SQL server may not be running on the server.

Please verify that SQL server is running and configured correctly on the server.  Contact your network administrator is the problem persists"
See Attachment B

This error is disturbing because the Three Topology installation instruction make not mention to SQL running on the Distribution Server.  At this point I cannot go any further.

Here are the step I have taken to try and resolve the problem  Unsuccessfully

Verified\modified permissions on the ORACLE to create databases
Registered SPN for the SQL instance - http://support.microsoft.com/kb/909801

Nothing changes.  Aany Ideas?  The only other thing I can think to try is install SQL on NEO also, But that would be three separate SQL installations if we do that and we are trying to keep on DB's centralized.

Here are a couple of items from the event logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Event Type:      Failure Audit
Event Source:      MSSQLSERVER
Event Category:      (4)
Event ID:      18456
Date:            10/24/2008
Time:            11:55:48 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      ORACLE
Description:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: 192.168.101.204]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 48 00 00 0e 00 00 00   .H......
0008: 07 00 00 00 4f 00 52 00   ....O.R.
0010: 41 00 43 00 4c 00 45 00   A.C.L.E.
0018: 00 00 07 00 00 00 6d 00   ......m.
0020: 61 00 73 00 74 00 65 00   a.s.t.e.
0028: 72 00 00 00               r...    

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Event Type:      Warning
Event Source:      Windows Server Update Services
Event Category:      None
Event ID:      7042
Date:            10/24/2008
Time:            11:32:02 AM
User:            N/A
Computer:      NEO
Description:
The WSUS administration console was unable to connect to the WSUS Server Database.
   
Verify that SQL server is running on the WSUS Server. If the problem persists, try restarting SQL.
   

System.Data.SqlClient.SqlException -- Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Source
.Net SqlClient Data Provider

Stack Trace:
   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetTargetGroupById(Guid id)
   at Microsoft.UpdateServices.Internal.BaseApi.ComputerTargetGroup.GetById(Guid id, UpdateServer updateServer)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetComputerTargetGroup(Guid id)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.TestSqlConnection(IUpdateServer server)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.get_AdminApiTools()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.get_ServerState()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.SetNavigationItemEnabledStates()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.InitializeNavigationItems()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.OOBEWizardInitialize()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


neo-wsus-installerror.JPG
neo-wsus.JPG
0
Comment
Question by:CityofKerrville
  • 3
  • 2
5 Comments
 
LVL 8

Accepted Solution

by:
russell124 earned 500 total points
Comment Utility
Are all your servers on the same domain?

What settings did you use when you set your SPN?  Did you use a domain account for the SPN?

What type of account is your SQL instance running as?  Did you create a service account on the domain to run sql, or is it running under local system or network service?

Check your DNS settings too, can you resolve the fqdn of your servers from one another?

http://blogs.msdn.com/sql_protocols/archive/2005/10/12/479871.aspx

http://blogs.msdn.com/sql_protocols/archive/2006/12/02/understanding-kerberos-and-ntlm-authentication-in-sql-server-connections.aspx
0
 

Author Comment

by:CityofKerrville
Comment Utility
Are all your servers on the same domain?

YES

What settings did you use when you set your SPN?  Did you use a domain account for the SPN?

If followed the instructions found here - http://support.microsoft.com/kb/909801

I did all of the following

SetSPN A MSSQLSERVER/sqlservername.domainaname:1433 domainadmin
SetSPN A MSSQLSERVER/sqlservername.domainaname:1433 domainuser
SetSPN A MSSQLSERVER/wsusservername.domainaname:1433 domainadmin
SetSPN A MSSQLSERVER/wsusservername.domainaname:1433 domainuser

What type of account is your SQL instance running as?  Did you create a service account on the domain to run sql, or is it running under local system or network service?

It is running on a domain user account and is the same one reference in the spn commands above

Check your DNS settings too, can you resolve the fqdn of your servers from one another?

DNS resolves for both machines
0
 
LVL 8

Assisted Solution

by:russell124
russell124 earned 500 total points
Comment Utility
Have you verified the SPNs with the "setspn -L" command?

The second link posted in the my first post has a couple troubleshooting tips for the SPNs.  Have you tried verifying your SPNs?

For example:

setspn -L sqlservername
setspn -L domainuser
setspn -L domainadmin.

You may also need to register the sql service account as an spn with the "domain\user" format.

setspn -A domainname\domainuser
0
 

Author Comment

by:CityofKerrville
Comment Utility
C:\Program Files\Resource Kit>setspn -L mgrahamadmin
Registered ServicePrincipalNames for CN=Matt Graham - Admin,OU=IT,OU=Domain_User
s,DC=city,DC=local:
    MSSQLSERVER/oracle
    MSSQLSERVER/oracle.city.local:1433
    MSSQLSERVER/oracle:1433
    MSSQLSERVER/neo:1433

C:\Program Files\Resource Kit>setspn -L sqlservice
Registered ServicePrincipalNames for CN=SQL Service,OU=IT,OU=Domain_Users,DC=cit
y,DC=local:
    MSSQLSERVER/oracle
    MSSQLSERVER/oracle.city.local:1433
    MSSQLSERVER/oracle:1433
    MSSQLSERVER/neo:1433

You may also need to register the sql service account as an spn with the "domain\user" format.

I tried and it would not even accept the command.
0
 
LVL 8

Assisted Solution

by:russell124
russell124 earned 500 total points
Comment Utility
Sorry, I worded that last post poortly.  The short command:

SetSPN -A domainname\user

Will fail, I meant to say the full command, such as:

SetSPN -A MSSQLSERVER/sqlservername.domainaname:1433 domainname\sqlservice
0

Featured Post

Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

Join & Write a Comment

by Mark Wills Attending one of Rob Farley's seminars the other day, I heard the phrase "The Accidental DBA" and fell in love with it. It got me thinking about the plight of the newcomer to SQL Server...  So if you are the accidental DBA, or, simp…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now