• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

windows 2012 security update from wsus

i have a windows 2012 domain controller and wsus server. Our group gpo says only local administrator can install updates on servers.
But domain controller none local admin.
How can i make all security updates on domain controller server
0
apollo-13
Asked:
apollo-13
  • 13
  • 6
  • 5
  • +1
10 Solutions
 
LesterClaytonCommented:
Domain controllers indeed don't have local administrators - you have to be a member of the Administrators group of the Domain itself.

Administrators group in Domain
Begin a member of this group will give you administrator access over all Domain Controllers.  Domain Admins are also a memver of this group, so if you are a Domain Admin, then you already have sufficient rights.
0
 
apollo-13Author Commented:
i am in administartors group, but still cant server wsus update .if i log the DC with domain\superuser  (superuser=DOMAIN ADMIN) windows update cant and says windows updates systemadmistrator.
0
 
Abdul Khadja AlaoudineCommented:
Domains admins are local administrator on Domain Controllers. Therefore, you don't have to make any further changes. Have you tried installing updates on DC?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LesterClaytonCommented:
This actually sounds like a UAC issue (User Account Control), but this is pretty much clutching at straws.

Try log in as DOMAIN\Administrator (i.e. the actual Administrator).  This account is not UAC limited by default.  If it works logged in Administrator, then it will confirm if this is a UAC issue or not.  The resolution to that would be to change the default domain controller policy to disable "User Account Control: Run all administrators in admin approval mode"

Turn off UAC for All Administrators
0
 
apollo-13Author Commented:
Have you tried installing updates on DC?---YES
0
 
apollo-13Author Commented:
i logged to Domain controller domain\administrator .Thats mean is i have like local admin isnt.

But windows updates says me . some configurations make configure from systemadministrator(Yellow).
0
 
apollo-13Author Commented:
UAC ist disabled before.
0
 
apollo-13Author Commented:
can be some where WSUS makes problem .when i need to windows update on the other server then i log local admin and make updates
0
 
LesterClaytonCommented:
It's hard to think that WSUS would be the cause of the issue - all it does is present a list of updates to your WSUS Client.

Can you post some screenshots showing the error messages?
0
 
apollo-13Author Commented:
hi clayton

I think my problem ,Domain controller local admin ,because i dont any problem with other servers.

example. i log on my other win2012 terminal server like ts1\administrator then i can make all updateson this server.

But how i do on DC ,because there is no local admin ,i mean i cant log in DC1\administrator  for updates.
0
 
LesterClaytonCommented:
There is no local administrator - you cannot log on as a local administrator.

Please post some screenshots showing the errors  you are getting.
0
 
apollo-13Author Commented:
also comes out UPDATES INSTALL screen sometimes ,i click install but comes other (yellow) screen and says some configurations make configure from systemadministrator

even i loged domain admin on dc
0
 
apollo-13Author Commented:
errors you mean wsus logs on dc?
0
 
apollo-13Author Commented:
2014-09-30      12:07:40:983       928      1210      AU      ###########  AU: Initializing Automatic Updates  ###########
2014-09-30      12:07:40:983       928      1210      AU      AIR Mode is disabled
2014-09-30      12:07:40:983       928      1210      AU        # Policy Driven Provider: http://wsusserver:8530
2014-09-30      12:07:40:983       928      1210      AU        # Detection frequency: 22
2014-09-30      12:07:40:983       928      1210      AU        # Approval type: Pre-install notify (Policy)
2014-09-30      12:07:40:983       928      1210      AU        # Auto-install minor updates: No (User preference)
2014-09-30      12:07:40:983       928      1210      AU        # Will interact with non-admins (Non-admins are elevated (User preference))
2014-09-30      12:07:41:076       928      1210      AU      WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037
2014-09-30      12:07:41:076       928      1210      AU      AU finished delayed initialization
2014-09-30      12:07:41:092      1500      dac      Misc      ===========  Logging initialized (build: 7.8.9200.16693, tz: +0200)  ===========
2014-09-30      12:07:41:092      1500      dac      Misc        = Process: C:\Windows\Explorer.EXE
2014-09-30      12:07:41:092      1500      dac      Misc        = Module: C:\Windows\system32\wucltux.dll
2014-09-30      12:07:41:092      1500      dac      CltUI      FATAL: CNetworkCostChangeHandler::RegisterForCostChangeNotifications: CoCreateInstance failed with error 80004002
2014-09-30      12:07:41:092      1500      dac      CltUI      WARNING: RegisterNetworkCostChangeNotification: Error 80004002
2014-09-30      12:18:18:361       928      1210      AU      ###########  AU: Uninitializing Automatic Updates  ###########
2014-09-30      12:18:18:408       928      1210      WuTask      Uninit WU Task Manager
2014-09-30      12:18:18:439       928      1210      Service      *********
2014-09-30      12:18:18:439       928      1210      Service      **  END  **  Service: Service exit [Exit code = 0x240001]
2014-09-30      12:18:18:439       928      1210      Service      *************
0
 
LesterClaytonCommented:
Here is your error code:

FATAL: CNetworkCostChangeHandler::RegisterForCostChangeNotifications: CoCreateInstance failed with error 80004002

From the looks of things, you have had this issue already:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/Q_28404012.html

You accepted multiple peoples answers as solutions.

Unfortunately, I have no first hand experience with this error code, so I am unsubscribing from this topic.  Hopefully, others can help.
0
 
Donald StewartNetwork AdministratorCommented:
Try reinstalling the Windows Update Agent on this server

http://windows.microsoft.com/en-us/windows7/windows-update-error-80004002

You should install from command line using  /quiet /norestart /wuforce

so  windowsupdateagent30-x64.exe /quiet /norestart /wuforce
0
 
Donald StewartNetwork AdministratorCommented:
You also will need to update your WSUS to support 2012

http://blogs.technet.com/b/sus/archive/2012/09/05/additional-note-on-kb-2734608-regarding-wsu-windows-8-and-windows-server-2012.aspx

Make sure you install this latest update on your WSUS server, which includes KB 2734608

http://support2.microsoft.com/kb/2828185
0
 
apollo-13Author Commented:
this server is main Domain controller which we want agent uninstall, do i need to consider something before agent uninstall?
0
 
Donald StewartNetwork AdministratorCommented:
uninstall ???

The agent *MUST* be installed in order for windows update to work.
0
 
apollo-13Author Commented:
Try reinstalling the Windows Update Agent on this server ---  no sucess ,reinstalled but still cant updates.


2014-10-02      11:31:26:596       916       44      Agent        * Found 58 updates and 69 categories in search; evaluated appl. rules of 488 out of 964 deployed entities
2014-10-02      11:31:26:596       916       44      Agent      *********
2014-10-02      11:31:26:596       916       44      Agent      **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2014-10-02      11:31:26:596       916       44      Agent      *************
2014-10-02      11:31:26:596       916      f94      AU      >>##  RESUMED  ## AU: Search for updates [CallId = {BE4A6117-88AC-4B89-AE58-AC9D3FA4A6FB} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-10-02      11:31:26:596       916      f94      AU        # 58 updates detected
2014-10-02      11:31:26:596       916      f94      AU      #########
2014-10-02      11:31:26:596       916      f94      AU      ##  END  ##  AU: Search for updates  [CallId = {BE4A6117-88AC-4B89-AE58-AC9D3FA4A6FB} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]
2014-10-02      11:31:26:596       916      f94      AU      #############
2014-10-02      11:31:26:596       916      f94      AU      All AU searches complete.
0
 
Donald StewartNetwork AdministratorCommented:
Really??

# 58 updates detected

Did you update your WSUS also ???
0
 
apollo-13Author Commented:
wsus log says:
IsSessionRemote: WinStationQueryInformationW(WTSIsRemoteSession) failed for session 2, GetLastError
0
 
Donald StewartNetwork AdministratorCommented:
Again, have you installed http://support2.microsoft.com/kb/2828185  ?????
0
 
apollo-13Author Commented:
thanks
0
 
Donald StewartNetwork AdministratorCommented:
What comment actually helped you solve your problem??? Accepting multiple answers is of no help to the database.
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 13
  • 6
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now