?
Solved

Windows Update on Domain Cotroller

Posted on 2011-09-14
4
Medium Priority
?
605 Views
Last Modified: 2012-05-12
Hello Experts

I have a server 2008 R2 x64 that perform as domain controller.
I have encountered with a problem that I can't update the server using the "windows update" service.
I get this error "code 8000FFFF windows update encountered an unknown error".

I have a WSUS in my network, but the DC wasn't a part of the pc's that get updates from it.
I then include the DC to the WSUS computer list, but still i get this error.

Please notify that the error is displaying only at the end of the process, it seems that the updates are installed but then I get the error.

Please Help.
0
Comment
Question by:IT_Group1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
Amitabh Singh earned 2000 total points
ID: 36535807
Hi
do the fallowing , its known problem in windows 2008

1) Login to the server as "Administrator"
2) Change permissions to provide full access to C-drive for the user "Network Services"
2) Log off the from the server
3) Log back in as "Administrator"
4) Re-run the Updates
-----------------------------------------------------------------------------------------
Let us know the outcome
0
 

Author Comment

by:IT_Group1
ID: 36536017
Hi  Tech_Eng

are you Referring to state when the DC linked with the WSUS or not ?
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536410
the steps for both , its allow windows update service to download and updates and store in C:
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36541183
In windows 2008 by default the trusted installer has the ownership,replace the ownership of the C drive to administrators group.

TrustedInstaller.exe is Windows Module Installer service which is part of Windows Resource Protection.

Windows Resource Protection (WRP) is a technology that restricts access to certain core system files, folders, and registry keys that are part of the Windows Vista installation. WRP prevents files with .dll, .exe, .ocx, and .sys file extensions from being modified or replaced.

Protecting these key resources is important to overall system stability, and, as such, they can only be modified by the Windows Module Installer service (TrustedInstaller.exe). If someone with administrative rights attempts to modify or replace a file that is protected by WRP, he will be presented with the message "Access Denied".

I personally would not recommend to link the DC and critical application server not to link to WSUS server installed it manualy.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question