Solved

WSUS installation fail when connecting to Remote SQL 2005 Server

Posted on 2008-10-24
5
1,876 Views
Last Modified: 2012-05-05
Hello again EE,

We are in the process of setting up MS Forefront Client Security in a Three Server Topology.

Reporting Database Server called ORACLE
Management, Collection, and Reporting Server called SMITH
Distribution Server called NEO

Prerequisites

Reporting Database Server (ORACLE) - http://technet.microsoft.com/en-us/library/bb404250.aspx

SQL 2005 already installed.  Verified settings in the link posted above

Management, Collection, and Reporting Server  (SMITH) - http://technet.microsoft.com/en-us/library/bb404262.aspx

All instructions followed line-by-line

Distribution Server (NEO) - http://technet.microsoft.com/en-us/library/bb404278.aspx

Install .NET Framework 2.0  DONE!
Install IIS and ASP.NET  DONE!
Install WSUS with SP1
Configure Remote SQL - http://technet.microsoft.com/en-us/library/cc708595.aspx

Everything appears to be going as planned up to this point.  When setting us WSUS on NEO, it find the SQL instance on ORACLE without issue, and completes the installation successfully, or so it appears.

A few seconds after the installation wizard closes the follow popup occurs.

"An error occurred when trying to preform a database operation, and the wizard must be closed.  You may restart the WSUS Server Configuration Wizard from the Options page in the WSUS 3.0 console." See Attachement A

I then launch the WSUS management console, and it is not connected to the server (NEO), so I click on connect to server, type NEO in the server block and use the drop down to select port specified during the installation.  When I click ok I get the following error.

'Cannot connect to 'NEO'. SQL server may not be running on the server.

Please verify that SQL server is running and configured correctly on the server.  Contact your network administrator is the problem persists"
See Attachment B

This error is disturbing because the Three Topology installation instruction make not mention to SQL running on the Distribution Server.  At this point I cannot go any further.

Here are the step I have taken to try and resolve the problem  Unsuccessfully

Verified\modified permissions on the ORACLE to create databases
Registered SPN for the SQL instance - http://support.microsoft.com/kb/909801

Nothing changes.  Aany Ideas?  The only other thing I can think to try is install SQL on NEO also, But that would be three separate SQL installations if we do that and we are trying to keep on DB's centralized.

Here are a couple of items from the event logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Event Type:      Failure Audit
Event Source:      MSSQLSERVER
Event Category:      (4)
Event ID:      18456
Date:            10/24/2008
Time:            11:55:48 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      ORACLE
Description:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: 192.168.101.204]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 48 00 00 0e 00 00 00   .H......
0008: 07 00 00 00 4f 00 52 00   ....O.R.
0010: 41 00 43 00 4c 00 45 00   A.C.L.E.
0018: 00 00 07 00 00 00 6d 00   ......m.
0020: 61 00 73 00 74 00 65 00   a.s.t.e.
0028: 72 00 00 00               r...    

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Event Type:      Warning
Event Source:      Windows Server Update Services
Event Category:      None
Event ID:      7042
Date:            10/24/2008
Time:            11:32:02 AM
User:            N/A
Computer:      NEO
Description:
The WSUS administration console was unable to connect to the WSUS Server Database.
   
Verify that SQL server is running on the WSUS Server. If the problem persists, try restarting SQL.
   

System.Data.SqlClient.SqlException -- Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Source
.Net SqlClient Data Provider

Stack Trace:
   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetTargetGroupById(Guid id)
   at Microsoft.UpdateServices.Internal.BaseApi.ComputerTargetGroup.GetById(Guid id, UpdateServer updateServer)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetComputerTargetGroup(Guid id)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.TestSqlConnection(IUpdateServer server)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.get_AdminApiTools()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.get_ServerState()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.SetNavigationItemEnabledStates()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.InitializeNavigationItems()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.OOBEWizardInitialize()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


neo-wsus-installerror.JPG
neo-wsus.JPG
0
Comment
Question by:CityofKerrville
  • 3
  • 2
5 Comments
 
LVL 8

Accepted Solution

by:
russell124 earned 500 total points
ID: 22798893
Are all your servers on the same domain?

What settings did you use when you set your SPN?  Did you use a domain account for the SPN?

What type of account is your SQL instance running as?  Did you create a service account on the domain to run sql, or is it running under local system or network service?

Check your DNS settings too, can you resolve the fqdn of your servers from one another?

http://blogs.msdn.com/sql_protocols/archive/2005/10/12/479871.aspx

http://blogs.msdn.com/sql_protocols/archive/2006/12/02/understanding-kerberos-and-ntlm-authentication-in-sql-server-connections.aspx
0
 

Author Comment

by:CityofKerrville
ID: 22799273
Are all your servers on the same domain?

YES

What settings did you use when you set your SPN?  Did you use a domain account for the SPN?

If followed the instructions found here - http://support.microsoft.com/kb/909801

I did all of the following

SetSPN A MSSQLSERVER/sqlservername.domainaname:1433 domainadmin
SetSPN A MSSQLSERVER/sqlservername.domainaname:1433 domainuser
SetSPN A MSSQLSERVER/wsusservername.domainaname:1433 domainadmin
SetSPN A MSSQLSERVER/wsusservername.domainaname:1433 domainuser

What type of account is your SQL instance running as?  Did you create a service account on the domain to run sql, or is it running under local system or network service?

It is running on a domain user account and is the same one reference in the spn commands above

Check your DNS settings too, can you resolve the fqdn of your servers from one another?

DNS resolves for both machines
0
 
LVL 8

Assisted Solution

by:russell124
russell124 earned 500 total points
ID: 22800067
Have you verified the SPNs with the "setspn -L" command?

The second link posted in the my first post has a couple troubleshooting tips for the SPNs.  Have you tried verifying your SPNs?

For example:

setspn -L sqlservername
setspn -L domainuser
setspn -L domainadmin.

You may also need to register the sql service account as an spn with the "domain\user" format.

setspn -A domainname\domainuser
0
 

Author Comment

by:CityofKerrville
ID: 22800181
C:\Program Files\Resource Kit>setspn -L mgrahamadmin
Registered ServicePrincipalNames for CN=Matt Graham - Admin,OU=IT,OU=Domain_User
s,DC=city,DC=local:
    MSSQLSERVER/oracle
    MSSQLSERVER/oracle.city.local:1433
    MSSQLSERVER/oracle:1433
    MSSQLSERVER/neo:1433

C:\Program Files\Resource Kit>setspn -L sqlservice
Registered ServicePrincipalNames for CN=SQL Service,OU=IT,OU=Domain_Users,DC=cit
y,DC=local:
    MSSQLSERVER/oracle
    MSSQLSERVER/oracle.city.local:1433
    MSSQLSERVER/oracle:1433
    MSSQLSERVER/neo:1433

You may also need to register the sql service account as an spn with the "domain\user" format.

I tried and it would not even accept the command.
0
 
LVL 8

Assisted Solution

by:russell124
russell124 earned 500 total points
ID: 22800346
Sorry, I worded that last post poortly.  The short command:

SetSPN -A domainname\user

Will fail, I meant to say the full command, such as:

SetSPN -A MSSQLSERVER/sqlservername.domainaname:1433 domainname\sqlservice
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A theme is a collection of property settings that allow you to define the look of pages and controls, and then apply the look consistently across pages in an application. Themes can be made up of a set of elements: skins, style sheets, images, and o…
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question