Solved

Windows Update on Domain Cotroller

Posted on 2011-09-14
4
599 Views
Last Modified: 2012-05-12
Hello Experts

I have a server 2008 R2 x64 that perform as domain controller.
I have encountered with a problem that I can't update the server using the "windows update" service.
I get this error "code 8000FFFF windows update encountered an unknown error".

I have a WSUS in my network, but the DC wasn't a part of the pc's that get updates from it.
I then include the DC to the WSUS computer list, but still i get this error.

Please notify that the error is displaying only at the end of the process, it seems that the updates are installed but then I get the error.

Please Help.
0
Comment
Question by:IT_Group1
  • 2
4 Comments
 
LVL 8

Accepted Solution

by:
Amitabh Singh earned 500 total points
ID: 36535807
Hi
do the fallowing , its known problem in windows 2008

1) Login to the server as "Administrator"
2) Change permissions to provide full access to C-drive for the user "Network Services"
2) Log off the from the server
3) Log back in as "Administrator"
4) Re-run the Updates
-----------------------------------------------------------------------------------------
Let us know the outcome
0
 

Author Comment

by:IT_Group1
ID: 36536017
Hi  Tech_Eng

are you Referring to state when the DC linked with the WSUS or not ?
0
 
LVL 8

Expert Comment

by:Amitabh Singh
ID: 36536410
the steps for both , its allow windows update service to download and updates and store in C:
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36541183
In windows 2008 by default the trusted installer has the ownership,replace the ownership of the C drive to administrators group.

TrustedInstaller.exe is Windows Module Installer service which is part of Windows Resource Protection.

Windows Resource Protection (WRP) is a technology that restricts access to certain core system files, folders, and registry keys that are part of the Windows Vista installation. WRP prevents files with .dll, .exe, .ocx, and .sys file extensions from being modified or replaced.

Protecting these key resources is important to overall system stability, and, as such, they can only be modified by the Windows Module Installer service (TrustedInstaller.exe). If someone with administrative rights attempts to modify or replace a file that is protected by WRP, he will be presented with the message "Access Denied".

I personally would not recommend to link the DC and critical application server not to link to WSUS server installed it manualy.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Problems with GPO registry settings 7 43
Inactive computer in domain 7 59
Need help in modifying an existing script 2 18
Domain users Report or list- URGENT 2 29
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question