Jeff Zylstra
asked on
WSUS not communicating with machines
I'm having issues with WSUS on my domain/file server. WSUS service will no longer load. The service is "missing" from the list of services when you bring up WSUS under the "server roles" and it shows all of the services associated with that role. The "display name" is blank, Service Name is "WSUSService", and the Status is "not available". Windows Internal Database, BITS, Application Host Helper Service, World Wide Web Publishing Service, WSUS Certificate Service, etc.... All of those are running, but WSUSService is missing from the list.
What most certainly caused this was because I tried "remove roles" on WSUS and IIS, and also tried to reinstall WSUS, and received the message that it did not finish installing/uninstalling. It gave an error 0x80070643. I tried to give the SQL user installing admin permissions per the link below, but I clearly don't know enough about SQL to do it properly. I think after that is straightened out, it might work, but I don't know.
http://support.microsoft.com/kb/920660
I am self taught when it comes to network management, and have massive gaps in my knowledge base, so please go a little slower than you would with a "peer". Thanks, Jeff.
My setup...
Operating system is Windows Server 2008 R2.
We are on a domain, and the name of it is "DZA".
The name of the server is "Server08".
The name of the user account that I log in with is "DZA\Administrator"
I almost always access this machine using Remote Desktop. Not sure that makes a difference, but I thought I'd mention it.
SQL Express 2005 with the latest service pack (I think) is running the Windows Internal Database.
What most certainly caused this was because I tried "remove roles" on WSUS and IIS, and also tried to reinstall WSUS, and received the message that it did not finish installing/uninstalling. It gave an error 0x80070643. I tried to give the SQL user installing admin permissions per the link below, but I clearly don't know enough about SQL to do it properly. I think after that is straightened out, it might work, but I don't know.
http://support.microsoft.com/kb/920660
I am self taught when it comes to network management, and have massive gaps in my knowledge base, so please go a little slower than you would with a "peer". Thanks, Jeff.
My setup...
Operating system is Windows Server 2008 R2.
We are on a domain, and the name of it is "DZA".
The name of the server is "Server08".
The name of the user account that I log in with is "DZA\Administrator"
I almost always access this machine using Remote Desktop. Not sure that makes a difference, but I thought I'd mention it.
SQL Express 2005 with the latest service pack (I think) is running the Windows Internal Database.
ASKER
No, unfortunately I don't have another system that I can install WSUS on. I already tried adding/removing the WSUS service using the SC utility, but I'm also pretty sure that I may have been using the "display name" of the service, and not the actual name that the service manager uses.
I'm wondering if any of this can be done in "safe mode" in order to prevent any running services or dependencies from interfering with the removal or installation? The uninstall/reinstall was thwarted by the SQL user not having sysadmin permissions. If I could get the service installed again, I think that it might be salvageable. I don't mind starting with a blank database again if that gives more options.
This isn't a "run of the mill" question. How do I give more "points" for the solution?
I'm wondering if any of this can be done in "safe mode" in order to prevent any running services or dependencies from interfering with the removal or installation? The uninstall/reinstall was thwarted by the SQL user not having sysadmin permissions. If I could get the service installed again, I think that it might be salvageable. I don't mind starting with a blank database again if that gives more options.
This isn't a "run of the mill" question. How do I give more "points" for the solution?
Do you have an administrative account on the system? Not sure why you would need to use sql user for that purpose. See whether the UAC or any other anti-virus or similar system is the one interferring with your process.
Does this system have hyper-v and enough resources to setup a VM WSUS server?
Does this system have hyper-v and enough resources to setup a VM WSUS server?
ASKER
Yes, I am logging in as user DZA\Administrator, which is domain admin account with administrative privileges. I got the idea about the system adminsitrator in SQL because of the Microsoft KB # 920660 regarding "Error 0x80070643: Fatal error during installation". It lists the following as the cause of this error...
"WSUS Setup uses Microsoft SQL Server to perform the installation. This problem occurs because the user who is running WSUS Setup does not have System Administrator permissions in SQL Server." That's why I was trying to use the "GrantPermission.SQL" file to add or modify that account to give it the required permission. Check out this link and see if you can make any sense of it. Thank you.
http://support.microsoft.com/kb/920660
"WSUS Setup uses Microsoft SQL Server to perform the installation. This problem occurs because the user who is running WSUS Setup does not have System Administrator permissions in SQL Server." That's why I was trying to use the "GrantPermission.SQL" file to add or modify that account to give it the required permission. Check out this link and see if you can make any sense of it. Thank you.
http://support.microsoft.com/kb/920660
ASKER
By the way, I believe the instance of SQL running for Windows Internal Database uses the "NT Authority" account, which might explain why the domain admin account doesn't have the required permissions in SQL. Hopefully that made sense.
To add the domain admin account as an sql administrative account, yes the sql surface configuration tool.
Using ssms as well as adding the domain admin the the mssql user group may .
The issue I am having in undertanding your situation is that the WSUS was installed and has been functioning until ... Was there an update that was installed after which it stopped working?
Using ssms as well as adding the domain admin the the mssql user group may .
The issue I am having in undertanding your situation is that the WSUS was installed and has been functioning until ... Was there an update that was installed after which it stopped working?
ASKER
No. WSUS was running, but no one was able to check on it or apply updates for over a month. So the next time I was able to log into the server and check on it, it did not work. In fact, Windows update did not even work and gave an error, so there was both WSUS connection issues, and also Windows update issues.
That's not the real issue at this point, however. The issue is that my attempts to uninstall/reinstall WSUS damaged the WSUS installation. The WSUS service is missing, and the WSUS database may have been affected as well. If I can just change the permissions on that user and uninstall WSUS so that I can do a "clean" install, I think it will fix itself.
Using the example from the above KB article, EXACTLY what should the "GrantPermissions.SQL" script look like?
I checked the SQL Server Configuraiotn Manager, and my choices for servers and logons are as follows:
SQLExpress with a "logon as" of "LocalService"
MICROSOFT ##SSEE " with a "logon as" of "NT Authority\Network Service". That's the "Windows Internal Database".
What should the below script look like to grant proper permission?
Start Notepad, and then copy the following text into Notepad.
Note If you are granting permissions to an existing user account or group account, copy the following text into Notepad.
Replace occurrences of <ServerName> with the name of your instance of SQL Server.
Replace occurrences of <Login> with the name of the user account or with the name of the group account.
Save the file as GrantPermission.sql.
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER.
osql -E -i C:\path\GrantPermission.sq
Please keep in mind I know NOTHING about SQL or the tools to manage it. Thank you!
That's not the real issue at this point, however. The issue is that my attempts to uninstall/reinstall WSUS damaged the WSUS installation. The WSUS service is missing, and the WSUS database may have been affected as well. If I can just change the permissions on that user and uninstall WSUS so that I can do a "clean" install, I think it will fix itself.
Using the example from the above KB article, EXACTLY what should the "GrantPermissions.SQL" script look like?
I checked the SQL Server Configuraiotn Manager, and my choices for servers and logons are as follows:
SQLExpress with a "logon as" of "LocalService"
MICROSOFT ##SSEE " with a "logon as" of "NT Authority\Network Service". That's the "Windows Internal Database".
What should the below script look like to grant proper permission?
Start Notepad, and then copy the following text into Notepad.
EXEC sp_grantlogin '<ServerName>\<Login>'
Go
EXEC sp_addsrvrolemember '<ServerName>\<Login>', 'sysadmin'
GoNote If you are granting permissions to an existing user account or group account, copy the following text into Notepad.
EXEC sp_addsrvrolemember '<ServerName>\<Login>', 'sysadmin'
GoReplace occurrences of <ServerName> with the name of your instance of SQL Server.
Replace occurrences of <Login> with the name of the user account or with the name of the group account.
Save the file as GrantPermission.sql.
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER.
osql -E -i C:\path\GrantPermission.sq
Please keep in mind I know NOTHING about SQL or the tools to manage it. Thank you!
In the current framework, the situation as to the cause is unclear, when performing the install what if any errors are reported?
During the install choose advanced settings such that you could designated another sql instance. Another option deals ith backing up the existing WSUS database.
Going through the uninstall including going through registry cleanup of all references to WSus.
Uninstalling the ssee instance.
Using process monitor/explorer while you are running the install, may help in identifying the cause of the error or at least what is being looked at.
The issue could be within the IIS configuration for the wsus site instance whereby a newere version of .net was set.
Using wsutils relocating to the non-default site worked in some circumstances. In the remove/uninstall, something had to have gone wrong.
During the install choose advanced settings such that you could designated another sql instance. Another option deals ith backing up the existing WSUS database.
Going through the uninstall including going through registry cleanup of all references to WSus.
Uninstalling the ssee instance.
Using process monitor/explorer while you are running the install, may help in identifying the cause of the error or at least what is being looked at.
The issue could be within the IIS configuration for the wsus site instance whereby a newere version of .net was set.
Using wsutils relocating to the non-default site worked in some circumstances. In the remove/uninstall, something had to have gone wrong.
ASKER
Installation Errors from Log File:
2014-08-19 12:24:51 Error CustomActions.Dll ExecuteQueryGetMultipleRes
2014-08-19 12:24:51 Error CustomActions.Dll GetDatabaseLocation: Failed to execute SQL query EXEC dbo.sp_helpdb '%s' (Error 0x800A0BCD)
2014-08-19 12:24:51 Error CustomActions.Dll SetWyukonInstallDirPropert
2014-08-19 12:24:51 Error CustomActions.Dll SetUnInstallProperties: Failed to set WYUKON install directory (Error 0x800A0BCD)
2014-08-19 12:24:51 Error MWUSSetup RemoveWsus: MWUS Uninstall Failed (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:51 Error MWUSSetup Wsus MSI uninstallation failed. (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:51 Error MWUSSetup CSetupDriver::LaunchSetup:
2014-08-19 12:24:53 Error MWUSSetup DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)
2014-09-02 21:53:32 Success MWUSSetup Validating pre-requisites...
2014-09-02 21:54:41 Success MWUSSetup Removing Wsus...
There is no "advanced" option during installation. I've tried installing both through "add roles" in server manager, and also by downloading the WSUS 3.0 SP2 EXE file. Neither gives an "advanced" installation option.
I should let you know what I've done on my own since our last posts....
I have successfully uninstalled WSUS after deleting DB files and folders using instructions here: http://social.technet.microsoft.com/forums/windowsserver/en-US/8f903f2b-074e-43e8-ac27-0bc4ddf74e43/wsus-service-failure-and-uninstall-error-0x80070643
After rebooting, and GPUpdate /Force, I tried the install again w/o success. I downloaded and ran the NetFXRepairTool and tried again w/o success. Right now I have the GPO set to look to Microsoft Update because kept getting an error saying it couldn't download the updates while installing. I don't get that error message now. But I do see that when I run the WSUS 3.0 EXE file that it wants to unzip to my F: drive which is a USB hard drive. Then it errors out. Maybe that drive has the most free space. I don't know.
Anyways, I've done some Googling, and it says that the errors are caused because it uses SQL during the installtion, and the user account I'm logged in with - Administrator on the domain - doesn't have administrator permissions within SQL. I am not experienced enough to add those permissions. Anytime I try to add them using the "GrantPermissions.SQL" example above, it gives me an error and say I can't do this "remotely" and times out. I think I'm doing it wrong. I'm fairly sure that I can resolve this if I can do that correctly. Can anyone help me with that? I'm pretty stupid on SQL, so you'll have to spell it out for me with EXACT examples.
The Windows user login account is what I am assuming they're talking about, and that is "dza\administrator". If anyone can help with syntax and procedure here, I would really appreciate it. THANK YOU!
2014-08-19 12:24:51 Error CustomActions.Dll ExecuteQueryGetMultipleRes
2014-08-19 12:24:51 Error CustomActions.Dll GetDatabaseLocation: Failed to execute SQL query EXEC dbo.sp_helpdb '%s' (Error 0x800A0BCD)
2014-08-19 12:24:51 Error CustomActions.Dll SetWyukonInstallDirPropert
2014-08-19 12:24:51 Error CustomActions.Dll SetUnInstallProperties: Failed to set WYUKON install directory (Error 0x800A0BCD)
2014-08-19 12:24:51 Error MWUSSetup RemoveWsus: MWUS Uninstall Failed (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:51 Error MWUSSetup Wsus MSI uninstallation failed. (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:51 Error MWUSSetup CSetupDriver::LaunchSetup:
2014-08-19 12:24:53 Error MWUSSetup DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)
2014-09-02 21:53:32 Success MWUSSetup Validating pre-requisites...
2014-09-02 21:54:41 Success MWUSSetup Removing Wsus...
There is no "advanced" option during installation. I've tried installing both through "add roles" in server manager, and also by downloading the WSUS 3.0 SP2 EXE file. Neither gives an "advanced" installation option.
I should let you know what I've done on my own since our last posts....
I have successfully uninstalled WSUS after deleting DB files and folders using instructions here: http://social.technet.microsoft.com/forums/windowsserver/en-US/8f903f2b-074e-43e8-ac27-0bc4ddf74e43/wsus-service-failure-and-uninstall-error-0x80070643
After rebooting, and GPUpdate /Force, I tried the install again w/o success. I downloaded and ran the NetFXRepairTool and tried again w/o success. Right now I have the GPO set to look to Microsoft Update because kept getting an error saying it couldn't download the updates while installing. I don't get that error message now. But I do see that when I run the WSUS 3.0 EXE file that it wants to unzip to my F: drive which is a USB hard drive. Then it errors out. Maybe that drive has the most free space. I don't know.
Anyways, I've done some Googling, and it says that the errors are caused because it uses SQL during the installtion, and the user account I'm logged in with - Administrator on the domain - doesn't have administrator permissions within SQL. I am not experienced enough to add those permissions. Anytime I try to add them using the "GrantPermissions.SQL" example above, it gives me an error and say I can't do this "remotely" and times out. I think I'm doing it wrong. I'm fairly sure that I can resolve this if I can do that correctly. Can anyone help me with that? I'm pretty stupid on SQL, so you'll have to spell it out for me with EXACT examples.
The Windows user login account is what I am assuming they're talking about, and that is "dza\administrator". If anyone can help with syntax and procedure here, I would really appreciate it. THANK YOU!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not really a "clean" solution. I think I ended up also using CCleaner to remove some errant registry settings, but only after reviewing each one individually. It got the job done, but was quite labor intensive. It has been running just fine for about 6 weeks now, so at least it works.
Trying to diagnose your issue on the existing system would take a while including the riskier registry and other cleanup methods
You could look into using sc or registry edit to readd the missing service, but I believe you my have an unstable situation.
Did you have an anti-virus or similar app ran such that it may have removed/disabled it?