Solved

WSUS not communicating with machines

Posted on 2014-09-15
11
85 Views
Last Modified: 2016-02-20
I'm having issues with WSUS on my domain/file server.  WSUS service will no longer load.  The service is "missing" from the list of services when you bring up WSUS under the "server roles" and it shows all of the services associated with that role.  The "display name" is blank, Service Name is "WSUSService", and the Status is "not available".   Windows Internal Database, BITS, Application Host Helper Service, World Wide Web Publishing Service, WSUS Certificate Service, etc....  All of those are running, but WSUSService is missing from the list.  

What most certainly caused this was because I tried "remove roles" on WSUS and IIS, and also tried to reinstall WSUS, and received the message that it did not finish installing/uninstalling.  It gave an error 0x80070643.  I tried to give the SQL user installing admin permissions per the link below, but I clearly don't know enough about SQL to do it properly.  I think after that is straightened out, it might work, but I don't know.  
http://support.microsoft.com/kb/920660

I am self taught when it comes to network management, and have massive gaps in my knowledge base, so please go a little slower than you would with a "peer".  Thanks, Jeff.

My setup...
Operating system is Windows Server 2008 R2.
We are on a domain, and the name of it is "DZA".
The name of the server is "Server08".
The name of the user account that I log in with is "DZA\Administrator"
I almost always access this machine using Remote Desktop.  Not sure that makes a difference, but I thought I'd mention it.
SQL Express 2005 with the latest service pack (I think) is running the Windows Internal Database.
0
Comment
Question by:Jeff Zylstra
  • 7
  • 4
11 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Do you have another system on which you can install wsus from scratch?
Trying to diagnose your issue on the existing system would take a while including the riskier registry and other cleanup methods

You could look into using sc or registry edit to readd the missing service, but I believe you my have an unstable situation.

Did you have an anti-virus or similar app ran such that it may have removed/disabled it?
0
 

Author Comment

by:Jeff Zylstra
Comment Utility
No, unfortunately I don't have another system that I can install WSUS on.   I already tried adding/removing the WSUS service using the SC utility, but I'm also pretty sure that I may have been using the "display name" of the service, and not the actual name that the service manager uses.  

I'm wondering if any of this can be done in "safe mode" in order to prevent any running services or dependencies from interfering with the removal or installation?  The uninstall/reinstall was thwarted by the SQL user not having sysadmin permissions.  If I could get the service installed again, I think that it might be salvageable.   I don't mind starting with a blank database again if that gives more options.

This isn't a "run of the mill" question.  How do I give more "points" for the solution?
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Do you have an administrative account on the system?  Not sure why you would need to use sql user for that purpose.  See whether the UAC or any other anti-virus or similar system is the one interferring with your process.

Does this system have hyper-v and enough resources to setup a VM WSUS server?
0
 

Author Comment

by:Jeff Zylstra
Comment Utility
Yes, I am logging in as user DZA\Administrator, which is domain admin account with administrative privileges.  I got the idea about the system adminsitrator in SQL because of the Microsoft KB # 920660 regarding "Error 0x80070643: Fatal error during installation".   It lists the following as the cause of this error...

"WSUS Setup uses Microsoft SQL Server to perform the installation. This problem occurs because the user who is running WSUS Setup does not have System Administrator permissions in SQL Server."   That's why I was trying to use the "GrantPermission.SQL" file to add or modify that account to give it the required permission.   Check out this link and see if you can make any sense of it.  Thank you.
http://support.microsoft.com/kb/920660
0
 

Author Comment

by:Jeff Zylstra
Comment Utility
By the way, I believe the instance of SQL running for Windows Internal Database uses the "NT Authority" account, which might explain why the domain admin account doesn't have the required permissions in SQL.  Hopefully that made sense.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 76

Expert Comment

by:arnold
Comment Utility
To add the domain admin account as an sql administrative account, yes the sql surface configuration tool.
Using ssms as well as adding the domain admin the the mssql user group may .

The issue I am having in undertanding your situation is that the WSUS was installed and has been functioning until ... Was there an update that was installed after which it stopped working?
0
 

Author Comment

by:Jeff Zylstra
Comment Utility
No.  WSUS was running, but no one was able to check on it or apply updates for over a month.  So the next time I was able to log into the server and check on it, it did not work.  In fact, Windows update did not even work and gave an error, so there was both WSUS connection issues, and also Windows update issues.  

That's not the real issue at this point, however.  The issue is that my attempts to uninstall/reinstall WSUS damaged the WSUS installation.  The WSUS service is missing, and the WSUS database may have been affected as well.  If I can just change the permissions on that user and uninstall WSUS so that I can do a "clean" install, I think it will fix itself.

Using the example from the above KB article, EXACTLY what should the "GrantPermissions.SQL" script look like?

I checked the SQL Server Configuraiotn Manager, and my choices for servers and logons are as follows:

SQLExpress with a "logon as" of "LocalService"
MICROSOFT ##SSEE " with a "logon as" of "NT Authority\Network Service".  That's the "Windows Internal Database".

What should the below script look like to grant proper permission?

Start Notepad, and then copy the following text into Notepad.

EXEC sp_grantlogin '<ServerName>\<Login>'
Go
EXEC sp_addsrvrolemember '<ServerName>\<Login>', 'sysadmin'
Go

Open in new window


Note If you are granting permissions to an existing user account or group account, copy the following text into Notepad.

EXEC sp_addsrvrolemember '<ServerName>\<Login>', 'sysadmin'
Go

Open in new window


Replace occurrences of <ServerName> with the name of your instance of SQL Server.
Replace occurrences of <Login> with the name of the user account or with the name of the group account.
Save the file as GrantPermission.sql.
Click Start, click Run, type cmd, and then click OK.
At the command prompt, type the following command, and then press ENTER.
osql -E -i C:\path\GrantPermission.sql

Please keep in mind I know NOTHING about SQL or the tools to manage it.  Thank you!
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
In the current framework, the situation as to the cause is unclear, when performing the install what if any errors are reported?


During the install choose advanced settings such that you could designated another sql instance. Another option deals ith backing up the existing WSUS database.

Going through the uninstall including going through registry cleanup of all references to WSus.

 Uninstalling the ssee instance.

Using process monitor/explorer while you are running the install, may help in identifying the cause of the error or at least what is being looked at.

The issue could be within the IIS configuration for the wsus site instance whereby a newere version of .net was set.

Using wsutils relocating to the non-default site worked in some circumstances.    In the remove/uninstall, something had to have gone wrong.
0
 

Author Comment

by:Jeff Zylstra
Comment Utility
Installation Errors from Log File:

2014-08-19 12:24:51  Error     CustomActions.Dll  ExecuteQueryGetMultipleResults: GetRows returned error (Error 0x800A0BCD)
2014-08-19 12:24:51  Error     CustomActions.Dll  GetDatabaseLocation: Failed to execute SQL query EXEC dbo.sp_helpdb '%s' (Error 0x800A0BCD)
2014-08-19 12:24:51  Error     CustomActions.Dll  SetWyukonInstallDirProperty: Failed to get installed location of SUSDB in WYukon (Error 0x800A0BCD)
2014-08-19 12:24:51  Error     CustomActions.Dll  SetUnInstallProperties: Failed to set WYUKON install directory (Error 0x800A0BCD)
2014-08-19 12:24:51  Error     MWUSSetup          RemoveWsus: MWUS Uninstall Failed (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:51  Error     MWUSSetup          Wsus MSI uninstallation failed. (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:51  Error     MWUSSetup          CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)
2014-08-19 12:24:53  Error     MWUSSetup          DoInstall: Wsus setup failed (Error 0x80070643: Fatal error during installation.)
2014-09-02 21:53:32  Success   MWUSSetup          Validating pre-requisites...
2014-09-02 21:54:41  Success   MWUSSetup          Removing Wsus...

There is no "advanced" option during installation.  I've tried installing both through "add roles" in server manager, and also by downloading the WSUS 3.0 SP2 EXE file.  Neither gives an "advanced" installation option.  

I should let you know what I've done on my own since our last posts....

I have successfully uninstalled WSUS after deleting DB files and folders using instructions here:  http://social.technet.microsoft.com/forums/windowsserver/en-US/8f903f2b-074e-43e8-ac27-0bc4ddf74e43/wsus-service-failure-and-uninstall-error-0x80070643

After rebooting, and GPUpdate /Force, I tried the install again w/o success.  I downloaded and ran the NetFXRepairTool and tried again w/o success.  Right now I have the GPO set to look to Microsoft Update because kept getting an error saying it couldn't download the updates while installing.  I don't get that error message now.  But I do see that when I run the WSUS 3.0 EXE file that it wants to unzip to my F: drive which is a USB hard drive.  Then it errors out.  Maybe that drive has the most free space.  I don't know.  

Anyways, I've done some Googling, and it says that the errors are caused because it uses SQL during the installtion, and the user account I'm logged in with - Administrator on the domain - doesn't have administrator permissions within SQL.  I am not experienced enough to add those permissions.  Anytime I try to add them using the "GrantPermissions.SQL" example above, it gives me an error and say I can't do this "remotely" and times out.  I think I'm doing it wrong. I'm fairly sure that I can resolve this if I can do that correctly. Can anyone help me with that?  I'm pretty stupid on SQL, so you'll have to spell it out for me with EXACT examples.  

The Windows user login account is what I am assuming they're talking about, and that is "dza\administrator".  If anyone can help with syntax and procedure here, I would really appreciate it.  THANK YOU!
0
 

Accepted Solution

by:
Jeff Zylstra earned 0 total points
Comment Utility
OK.  I should probably update and/or "close" this one.  What finally resolved this was removing the windows database that I was so scared of doing.  I'm not sure if this is a traditional SQL type database or not, but WSUS uses this database and it was keeping me from completely uninstalling WSUS.

After that was done, I ran into several other issues with registry permissions that were damaged or non-existent.  I had to give administrative permissions to one of the folders, because any attempt to install came back with multiple error messages.  After that was done, it installed just fine.
0
 

Author Closing Comment

by:Jeff Zylstra
Comment Utility
Not really a "clean" solution.  I think I ended up also using CCleaner to remove some errant registry settings, but only after reviewing each one individually.  It got the job done, but was quite labor intensive.  It has been running just fine for about 6 weeks now, so at least it works.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Ever needed a SQL 2008 Database replicated/mirrored/log shipped on another server but you can't take the downtime inflicted by initial snapshot or disconnect while T-logs are restored or mirror applied? You can use SQL Server Initialize from Backup…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now