Solved

Windows Update on Domain Cotroller

Posted on 2011-09-14
4
603 Views
Last Modified: 2012-05-12
Hello Experts

I have a server 2008 R2 x64 that perform as domain controller.
I have encountered with a problem that I can't update the server using the "windows update" service.
I get this error "code 8000FFFF windows update encountered an unknown error".

I have a WSUS in my network, but the DC wasn't a part of the pc's that get updates from it.
I then include the DC to the WSUS computer list, but still i get this error.

Please notify that the error is displaying only at the end of the process, it seems that the updates are installed but then I get the error.

Please Help.
0
Comment
Question by:IT_Group1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
Amitabh Singh earned 500 total points
ID: 36535807
Hi
do the fallowing , its known problem in windows 2008

1) Login to the server as "Administrator"
2) Change permissions to provide full access to C-drive for the user "Network Services"
2) Log off the from the server
3) Log back in as "Administrator"
4) Re-run the Updates
-----------------------------------------------------------------------------------------
Let us know the outcome
0
 

Author Comment

by:IT_Group1
ID: 36536017
Hi  Tech_Eng

are you Referring to state when the DC linked with the WSUS or not ?
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536410
the steps for both , its allow windows update service to download and updates and store in C:
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36541183
In windows 2008 by default the trusted installer has the ownership,replace the ownership of the C drive to administrators group.

TrustedInstaller.exe is Windows Module Installer service which is part of Windows Resource Protection.

Windows Resource Protection (WRP) is a technology that restricts access to certain core system files, folders, and registry keys that are part of the Windows Vista installation. WRP prevents files with .dll, .exe, .ocx, and .sys file extensions from being modified or replaced.

Protecting these key resources is important to overall system stability, and, as such, they can only be modified by the Windows Module Installer service (TrustedInstaller.exe). If someone with administrative rights attempts to modify or replace a file that is protected by WRP, he will be presented with the message "Access Denied".

I personally would not recommend to link the DC and critical application server not to link to WSUS server installed it manualy.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question