[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows Update on Domain Cotroller

Posted on 2011-09-14
4
Medium Priority
?
609 Views
Last Modified: 2012-05-12
Hello Experts

I have a server 2008 R2 x64 that perform as domain controller.
I have encountered with a problem that I can't update the server using the "windows update" service.
I get this error "code 8000FFFF windows update encountered an unknown error".

I have a WSUS in my network, but the DC wasn't a part of the pc's that get updates from it.
I then include the DC to the WSUS computer list, but still i get this error.

Please notify that the error is displaying only at the end of the process, it seems that the updates are installed but then I get the error.

Please Help.
0
Comment
Question by:IT_Group1
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
Amitabh Singh earned 2000 total points
ID: 36535807
Hi
do the fallowing , its known problem in windows 2008

1) Login to the server as "Administrator"
2) Change permissions to provide full access to C-drive for the user "Network Services"
2) Log off the from the server
3) Log back in as "Administrator"
4) Re-run the Updates
-----------------------------------------------------------------------------------------
Let us know the outcome
0
 

Author Comment

by:IT_Group1
ID: 36536017
Hi  Tech_Eng

are you Referring to state when the DC linked with the WSUS or not ?
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536410
the steps for both , its allow windows update service to download and updates and store in C:
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36541183
In windows 2008 by default the trusted installer has the ownership,replace the ownership of the C drive to administrators group.

TrustedInstaller.exe is Windows Module Installer service which is part of Windows Resource Protection.

Windows Resource Protection (WRP) is a technology that restricts access to certain core system files, folders, and registry keys that are part of the Windows Vista installation. WRP prevents files with .dll, .exe, .ocx, and .sys file extensions from being modified or replaced.

Protecting these key resources is important to overall system stability, and, as such, they can only be modified by the Windows Module Installer service (TrustedInstaller.exe). If someone with administrative rights attempts to modify or replace a file that is protected by WRP, he will be presented with the message "Access Denied".

I personally would not recommend to link the DC and critical application server not to link to WSUS server installed it manualy.
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question