Solved

WSUS installation fail when connecting to Remote SQL 2005 Server

Posted on 2008-10-24
5
1,862 Views
Last Modified: 2012-05-05
Hello again EE,

We are in the process of setting up MS Forefront Client Security in a Three Server Topology.

Reporting Database Server called ORACLE
Management, Collection, and Reporting Server called SMITH
Distribution Server called NEO

Prerequisites

Reporting Database Server (ORACLE) - http://technet.microsoft.com/en-us/library/bb404250.aspx

SQL 2005 already installed.  Verified settings in the link posted above

Management, Collection, and Reporting Server  (SMITH) - http://technet.microsoft.com/en-us/library/bb404262.aspx

All instructions followed line-by-line

Distribution Server (NEO) - http://technet.microsoft.com/en-us/library/bb404278.aspx

Install .NET Framework 2.0  DONE!
Install IIS and ASP.NET  DONE!
Install WSUS with SP1
Configure Remote SQL - http://technet.microsoft.com/en-us/library/cc708595.aspx

Everything appears to be going as planned up to this point.  When setting us WSUS on NEO, it find the SQL instance on ORACLE without issue, and completes the installation successfully, or so it appears.

A few seconds after the installation wizard closes the follow popup occurs.

"An error occurred when trying to preform a database operation, and the wizard must be closed.  You may restart the WSUS Server Configuration Wizard from the Options page in the WSUS 3.0 console." See Attachement A

I then launch the WSUS management console, and it is not connected to the server (NEO), so I click on connect to server, type NEO in the server block and use the drop down to select port specified during the installation.  When I click ok I get the following error.

'Cannot connect to 'NEO'. SQL server may not be running on the server.

Please verify that SQL server is running and configured correctly on the server.  Contact your network administrator is the problem persists"
See Attachment B

This error is disturbing because the Three Topology installation instruction make not mention to SQL running on the Distribution Server.  At this point I cannot go any further.

Here are the step I have taken to try and resolve the problem  Unsuccessfully

Verified\modified permissions on the ORACLE to create databases
Registered SPN for the SQL instance - http://support.microsoft.com/kb/909801

Nothing changes.  Aany Ideas?  The only other thing I can think to try is install SQL on NEO also, But that would be three separate SQL installations if we do that and we are trying to keep on DB's centralized.

Here are a couple of items from the event logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Event Type:      Failure Audit
Event Source:      MSSQLSERVER
Event Category:      (4)
Event ID:      18456
Date:            10/24/2008
Time:            11:55:48 AM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      ORACLE
Description:
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. [CLIENT: 192.168.101.204]

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 18 48 00 00 0e 00 00 00   .H......
0008: 07 00 00 00 4f 00 52 00   ....O.R.
0010: 41 00 43 00 4c 00 45 00   A.C.L.E.
0018: 00 00 07 00 00 00 6d 00   ......m.
0020: 61 00 73 00 74 00 65 00   a.s.t.e.
0028: 72 00 00 00               r...    

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Event Type:      Warning
Event Source:      Windows Server Update Services
Event Category:      None
Event ID:      7042
Date:            10/24/2008
Time:            11:32:02 AM
User:            N/A
Computer:      NEO
Description:
The WSUS administration console was unable to connect to the WSUS Server Database.
   
Verify that SQL server is running on the WSUS Server. If the problem persists, try restarting SQL.
   

System.Data.SqlClient.SqlException -- Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

Source
.Net SqlClient Data Provider

Stack Trace:
   at Microsoft.UpdateServices.Internal.BaseApi.SoapExceptionProcessor.DeserializeAndThrow(SoapException soapException)
   at Microsoft.UpdateServices.Internal.DatabaseAccess.AdminDataAccessProxy.ExecuteSPGetTargetGroupById(Guid id)
   at Microsoft.UpdateServices.Internal.BaseApi.ComputerTargetGroup.GetById(Guid id, UpdateServer updateServer)
   at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetComputerTargetGroup(Guid id)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.TestSqlConnection(IUpdateServer server)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.get_AdminApiTools()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.get_ServerState()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.SetNavigationItemEnabledStates()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.InitializeNavigationItems()
   at Microsoft.UpdateServices.UI.SnapIn.Wizards.OOBE.OOBEWizard.OOBEWizardInitialize()

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


neo-wsus-installerror.JPG
neo-wsus.JPG
0
Comment
Question by:CityofKerrville
  • 3
  • 2
5 Comments
 
LVL 8

Accepted Solution

by:
russell124 earned 500 total points
ID: 22798893
Are all your servers on the same domain?

What settings did you use when you set your SPN?  Did you use a domain account for the SPN?

What type of account is your SQL instance running as?  Did you create a service account on the domain to run sql, or is it running under local system or network service?

Check your DNS settings too, can you resolve the fqdn of your servers from one another?

http://blogs.msdn.com/sql_protocols/archive/2005/10/12/479871.aspx

http://blogs.msdn.com/sql_protocols/archive/2006/12/02/understanding-kerberos-and-ntlm-authentication-in-sql-server-connections.aspx
0
 

Author Comment

by:CityofKerrville
ID: 22799273
Are all your servers on the same domain?

YES

What settings did you use when you set your SPN?  Did you use a domain account for the SPN?

If followed the instructions found here - http://support.microsoft.com/kb/909801

I did all of the following

SetSPN A MSSQLSERVER/sqlservername.domainaname:1433 domainadmin
SetSPN A MSSQLSERVER/sqlservername.domainaname:1433 domainuser
SetSPN A MSSQLSERVER/wsusservername.domainaname:1433 domainadmin
SetSPN A MSSQLSERVER/wsusservername.domainaname:1433 domainuser

What type of account is your SQL instance running as?  Did you create a service account on the domain to run sql, or is it running under local system or network service?

It is running on a domain user account and is the same one reference in the spn commands above

Check your DNS settings too, can you resolve the fqdn of your servers from one another?

DNS resolves for both machines
0
 
LVL 8

Assisted Solution

by:russell124
russell124 earned 500 total points
ID: 22800067
Have you verified the SPNs with the "setspn -L" command?

The second link posted in the my first post has a couple troubleshooting tips for the SPNs.  Have you tried verifying your SPNs?

For example:

setspn -L sqlservername
setspn -L domainuser
setspn -L domainadmin.

You may also need to register the sql service account as an spn with the "domain\user" format.

setspn -A domainname\domainuser
0
 

Author Comment

by:CityofKerrville
ID: 22800181
C:\Program Files\Resource Kit>setspn -L mgrahamadmin
Registered ServicePrincipalNames for CN=Matt Graham - Admin,OU=IT,OU=Domain_User
s,DC=city,DC=local:
    MSSQLSERVER/oracle
    MSSQLSERVER/oracle.city.local:1433
    MSSQLSERVER/oracle:1433
    MSSQLSERVER/neo:1433

C:\Program Files\Resource Kit>setspn -L sqlservice
Registered ServicePrincipalNames for CN=SQL Service,OU=IT,OU=Domain_Users,DC=cit
y,DC=local:
    MSSQLSERVER/oracle
    MSSQLSERVER/oracle.city.local:1433
    MSSQLSERVER/oracle:1433
    MSSQLSERVER/neo:1433

You may also need to register the sql service account as an spn with the "domain\user" format.

I tried and it would not even accept the command.
0
 
LVL 8

Assisted Solution

by:russell124
russell124 earned 500 total points
ID: 22800346
Sorry, I worded that last post poortly.  The short command:

SetSPN -A domainname\user

Will fail, I meant to say the full command, such as:

SetSPN -A MSSQLSERVER/sqlservername.domainaname:1433 domainname\sqlservice
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Access License Server from 2 locations 4 72
Dell OpenManage 8.3 Windows 10 2 125
SQl Agent job fails--SSIS package looses password 6 45
Query to Add Late Tolerance 10 60
If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now