WSUS not communicating with machines

I'm having issues with WSUS on my domain/file server.  WSUS service will no longer load.  The service is "missing" from the list of services when you bring up WSUS under the "server roles" and it shows all of the services associated with that role.  The "display name" is blank, Service Name is "WSUSService", and the Status is "not available".   Windows Internal Database, BITS, Application Host Helper Service, World Wide Web Publishing Service, WSUS Certificate Service, etc....  All of those are running, but WSUSService is missing from the list.  

What most certainly caused this was because I tried "remove roles" on WSUS and IIS, and also tried to reinstall WSUS, and received the message that it did not finish installing/uninstalling.  It gave an error 0x80070643.  I tried to give the SQL user installing admin permissions per the link below, but I clearly don't know enough about SQL to do it properly.  I think after that is straightened out, it might work, but I don't know.

I am self taught when it comes to network management, and have massive gaps in my knowledge base, so please go a little slower than you would with a "peer".  Thanks, Jeff.

My setup...
Operating system is Windows Server 2008 R2.
We are on a domain, and the name of it is "DZA".
The name of the server is "Server08".
The name of the user account that I log in with is "DZA\Administrator"
I almost always access this machine using Remote Desktop.  Not sure that makes a difference, but I thought I'd mention it.
SQL Express 2005 with the latest service pack (I think) is running the Windows Internal Database.
Jeff ZylstraAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Do you have another system on which you can install wsus from scratch?
Trying to diagnose your issue on the existing system would take a while including the riskier registry and other cleanup methods

You could look into using sc or registry edit to readd the missing service, but I believe you my have an unstable situation.

Did you have an anti-virus or similar app ran such that it may have removed/disabled it?
Jeff ZylstraAuthor Commented:
No, unfortunately I don't have another system that I can install WSUS on.   I already tried adding/removing the WSUS service using the SC utility, but I'm also pretty sure that I may have been using the "display name" of the service, and not the actual name that the service manager uses.  

I'm wondering if any of this can be done in "safe mode" in order to prevent any running services or dependencies from interfering with the removal or installation?  The uninstall/reinstall was thwarted by the SQL user not having sysadmin permissions.  If I could get the service installed again, I think that it might be salvageable.   I don't mind starting with a blank database again if that gives more options.

This isn't a "run of the mill" question.  How do I give more "points" for the solution?
Do you have an administrative account on the system?  Not sure why you would need to use sql user for that purpose.  See whether the UAC or any other anti-virus or similar system is the one interferring with your process.

Does this system have hyper-v and enough resources to setup a VM WSUS server?
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Jeff ZylstraAuthor Commented:
Yes, I am logging in as user DZA\Administrator, which is domain admin account with administrative privileges.  I got the idea about the system adminsitrator in SQL because of the Microsoft KB # 920660 regarding "Error 0x80070643: Fatal error during installation".   It lists the following as the cause of this error...

"WSUS Setup uses Microsoft SQL Server to perform the installation. This problem occurs because the user who is running WSUS Setup does not have System Administrator permissions in SQL Server."   That's why I was trying to use the "GrantPermission.SQL" file to add or modify that account to give it the required permission.   Check out this link and see if you can make any sense of it.  Thank you.
Jeff ZylstraAuthor Commented:
By the way, I believe the instance of SQL running for Windows Internal Database uses the "NT Authority" account, which might explain why the domain admin account doesn't have the required permissions in SQL.  Hopefully that made sense.
To add the domain admin account as an sql administrative account, yes the sql surface configuration tool.
Using ssms as well as adding the domain admin the the mssql user group may .

The issue I am having in undertanding your situation is that the WSUS was installed and has been functioning until ... Was there an update that was installed after which it stopped working?
Jeff ZylstraAuthor Commented:
No.  WSUS was running, but no one was able to check on it or apply updates for over a month.  So the next time I was able to log into the server and check on it, it did not work.  In fact, Windows update did not even work and gave an error, so there was both WSUS connection issues, and also Windows update issues.  

That's not the real issue at this point, however.  The issue is that my attempts to uninstall/reinstall WSUS damaged the WSUS installation.  The WSUS service is missing, and the WSUS database may have been affected as well.  If I can just change the permissions on that user and uninstall WSUS so that I can do a "clean" install, I think it will fix itself.

Using the example from the above KB article, EXACTLY what should the "GrantPermissions.SQL" script look like?

I checked the SQL Server Configuraiotn Manager, and my choices for servers and logons are as follows:

SQLExpress with a "logon as" of "LocalService"
MICROSOFT ##SSEE " with a "logon as" of "NT Authority\Network Service".  That's the "Windows Internal Database".

What should the below script look like to grant proper permission?

Start Notepad, and then copy the following text into Notepad.

EXEC sp_grantlogin '<ServerName>\<Login>'
EXEC sp_addsrvrolemember '<ServerName>\<Login>', 'sysadmin'

Open in new window

Note If you are granting permissions to an existing user account or group account, copy the following text into Notepad.

EXEC sp_addsrvrolemember '<ServerName>\<Login>', 'sysadmin'

Open in new window

Replace occurrences of <ServerName> with the name of your instance of SQL Server.
Replace occurrences of <Login> with the name of the user account or with the name of the group account.
Save the file as GrantPermission.sql.
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER.
osql -E -i C:\path\GrantPermission.sql

Please keep in mind I know NOTHING about SQL or the tools to manage it.  Thank you!
In the current framework, the situation as to the cause is unclear, when performing the install what if any errors are reported?

During the install choose advanced settings such that you could designated another sql instance. Another option deals ith backing up the existing WSUS database.

Going through the uninstall including going through registry cleanup of all references to WSus.

 Uninstalling the ssee instance.

Using process monitor/explorer while you are running the install, may help in identifying the cause of the error or at least what is being looked at.

The issue could be within the IIS configuration for the wsus site instance whereby a newere version of .net was set.

Using wsutils relocating to the non-default site worked in some circumstances.    In the remove/uninstall, something had to have gone wrong.
Jeff ZylstraAuthor Commented:
Installation Errors from Log File:

2014-08-19 12:24:51  Error     CustomActions.Dll  ExecuteQueryGetMultipleResults: GetRows returned error (Error 0x800A0BCD)
2014-08-19 12:24:51  Error     CustomActions.Dll  GetDatabaseLocation: Failed to execute SQL query EXEC dbo.sp_helpdb '%s' (Error 0x800A0BCD)
2014-08-19 12:24:51  Error     CustomActions.Dll  SetWyukonInstallDirProperty: Failed to get installed location of SUSDB in WYukon (Error 0x800A0BCD)
2014-08-19 12:24:51  Error     CustomActions.Dll  SetUnInstallProperties: Failed to set WYUKON install directory (Error 0x800A0BCD)
2014-08-19 12:24:51  Error     MWUSSetup          RemoveWsus: MWUS Uninstall Failed (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:51  Error     MWUSSetup          Wsus MSI uninstallation failed. (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:51  Error     MWUSSetup          CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:53  Error     MWUSSetup          DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)
2014-09-02 21:53:32  Success   MWUSSetup          Validating pre-requisites...
2014-09-02 21:54:41  Success   MWUSSetup          Removing Wsus...

There is no "advanced" option during installation.  I've tried installing both through "add roles" in server manager, and also by downloading the WSUS 3.0 SP2 EXE file.  Neither gives an "advanced" installation option.  

I should let you know what I've done on my own since our last posts....

I have successfully uninstalled WSUS after deleting DB files and folders using instructions here:

After rebooting, and GPUpdate /Force, I tried the install again w/o success.  I downloaded and ran the NetFXRepairTool and tried again w/o success.  Right now I have the GPO set to look to Microsoft Update because kept getting an error saying it couldn't download the updates while installing.  I don't get that error message now.  But I do see that when I run the WSUS 3.0 EXE file that it wants to unzip to my F: drive which is a USB hard drive.  Then it errors out.  Maybe that drive has the most free space.  I don't know.  

Anyways, I've done some Googling, and it says that the errors are caused because it uses SQL during the installtion, and the user account I'm logged in with - Administrator on the domain - doesn't have administrator permissions within SQL.  I am not experienced enough to add those permissions.  Anytime I try to add them using the "GrantPermissions.SQL" example above, it gives me an error and say I can't do this "remotely" and times out.  I think I'm doing it wrong. I'm fairly sure that I can resolve this if I can do that correctly. Can anyone help me with that?  I'm pretty stupid on SQL, so you'll have to spell it out for me with EXACT examples.  

The Windows user login account is what I am assuming they're talking about, and that is "dza\administrator".  If anyone can help with syntax and procedure here, I would really appreciate it.  THANK YOU!
Jeff ZylstraAuthor Commented:
OK.  I should probably update and/or "close" this one.  What finally resolved this was removing the windows database that I was so scared of doing.  I'm not sure if this is a traditional SQL type database or not, but WSUS uses this database and it was keeping me from completely uninstalling WSUS.

After that was done, I ran into several other issues with registry permissions that were damaged or non-existent.  I had to give administrative permissions to one of the folders, because any attempt to install came back with multiple error messages.  After that was done, it installed just fine.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jeff ZylstraAuthor Commented:
Not really a "clean" solution.  I think I ended up also using CCleaner to remove some errant registry settings, but only after reviewing each one individually.  It got the job done, but was quite labor intensive.  It has been running just fine for about 6 weeks now, so at least it works.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server 2005

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.