none
WSUS - SQL Exception error

    Question

  • Hi!

     

    We are setting up WSUS with SCCM. Our configuration is as follows:

    1 SCCM site server

    1 SCCM sql server

    1 SCCM distribution point (different subnet)

    1 WSUS server (different subnet) its also the SUP (admwsus001)

    1 WSUS remote SQL server (admsql001)

     

    All looks well and fine until I check the Component and Site System Status. There are some errors there:

    Under the site system status there is a critical error on the software update point role it repeats about every hour:

    "Failures were reported on WSUS Server "ADMWSUS001" while trying to make WSUS database connection with SQL Exception error code -2146232060.

    Possible cause: SQL Database service is not running or cannot be accessed.
    Solution: Verify that the SQL Server and SQL Server Agent services are running and can be contacted."

     

    Under the Component Status there is the following reoccurring error:

    Failures were reported on WSUS Server "ADMWSUS001" while trying to make WSUS database connection with SQL Exception error code -2146232060.

    Possible cause: SQL Database service is not running or cannot be accessed.
    Solution: Verify that the SQL Server and SQL Server Agent services are running and can be contacted."

     

    Are these errors possibly SPN related? I have tried registering SPNs for the domain user that runs the SQL Server and SQL Server Agent services. But im a bit unsure if it was done correctly.. What should the output for "setspn -l admsql001" look like if the SPNs are registered correctly?

     

    Or is this error caused by something else? All help is greatly appreciated :)

     

     

    vendredi 14 mai 2010 10:21

Réponses

  • Ok I think I solved this.

     

    I used the approach detailed here: http://social.technet.microsoft.com/forums/en-US/configmgrsum/thread/d831dc07-3000-4ae3-b609-5ca767dc9d53/

     

    I changed the user that the sms_executive service ran under on the wsus server from local system to a domain account. I then gave that domain account rights on the sql server. The error now seems to have gone away and the clients are now reporting correct status in the Deployment Status field.

    There is one thing left however.. Under component status under site status the sms_executive component is reported as stopped and the availability is set to unknown. It does not give any errors and everything seems to work so.. Is this a problem?

    vendredi 21 mai 2010 08:01

Toutes les réponses

  • What errors do you see in the wcm.log file?
    Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products
    vendredi 14 mai 2010 11:42
  • As far as I can see there are no errors in the wcm.log file.
    vendredi 14 mai 2010 11:47
  • and how about the wsyncmgr.log and wsusctrl.log?
    Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products
    vendredi 14 mai 2010 13:55
  • do the configmgr primary and remote wsus servers have the wsus console installed?

    http://technet.microsoft.com/en-us/library/bb693886.aspx

     

    samedi 15 mai 2010 10:13
  • The wsyncmgr.log contains no errors. I cannot find the wsusctrl.log, where is it located?

     

    The strange thing is that I have already patched a server 2008 and a server 2008 R2 server fine using sccm and wsus 3.0. To me this error seems strange, why is sccm looking for the sql server and sql server agent services on amdwsus001? This server has no sql installation. Those services are running on admsql001(the remote sql server for wsus). It seems to me that sccm is assuming that we are running the sql server on the wsus server?

     

    mardi 18 mai 2010 09:44
  • The site server has only the wsus administrator console installed, the wsus server has both the admin console and wsus itself installed. As far as I know this should be sufficient.
    mardi 18 mai 2010 09:46
  • Any word on this problem?

     

    "Failures were reported on WSUS Server "ADMWSUS001" while trying to make WSUS database connection with SQL Exception error code -2146232060.

    Possible cause: SQL Database service is not running or cannot be accessed.
    Solution: Verify that the SQL Server and SQL Server Agent services are running and can be contacted."

     

    The above error message seems to be false. As the sql services are running on the remote sql server, not on admwsus001. It seems to me that SCCM does not recognize that we are using a remote sql server for wsus. Has anyone set up wsus with a remote sql server experienced the same problem?

    I have been testing and it seems that the patching works fine. But the glaring red error in site status really looks bad, is there any way to get rid of this seemingly false error?

     

     

    jeudi 20 mai 2010 06:59
  • Ok i found the wsusctrl.log file.

    The log looks ok but I noticed a couple of entries:

    Successfully connected to local WSUS server

    There are no unhealthy WSUS Server components on WSUS Server ADMWSUS001

    Failures reported during periodic health check by the WSUS Server ADMWSUS001. Will retry check in 57 minutes

     

    I have also noticed that, for example kb980182, shows up with deployment status Unknown in the sccm console. Even though this update has been successfully installed via sccm/wsus on the target test machine. Even the WUAHandler.log file on the target machine reports that the update is installed.

    "Update (Installed): Akkumulert sikkerhetsoppdatering for Internet Explorer 6 for Windows Server 2003 (KB980182) (f0ead6fd-871e-4175-b5da-69bcba04859a, 102)"

    Could these problems be related?

     

    Edit: I have also noticed that its only machines with Windows Server 2003 that has the Unknown error for updates. My 2008 and 2008 R2 servers are reporting fine..

    jeudi 20 mai 2010 11:36
  • I found the following error in the wsusctrl.log :

     

    System.Data.SqlClient.SqlException: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.~~   at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection)~~   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)~~   at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)~~   at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)~~   at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject)~~   at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart)~~   at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance)~~   at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance)~~   at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection)~~   at System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options)~~   at System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject)~~   at System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject)~~   at System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject)~~   at System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection)~~   at System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory)~~   at System.Data.SqlClient.SqlConnection.Open()~~   at Microsoft.UpdateServices.DatabaseAccess.DBConnection.Connect(String connectionString)~~   at Microsoft.UpdateServices.DatabaseAccess.DBConnection.Connect()~~   at Microsoft.UpdateServices.Internal.BaseApi.DatabaseConfigurationTester.ConnectToDatabase()~~   at Microsoft.UpdateServices.Internal.DatabaseConfiguration.ConnectToDatabase()~~   at Microsoft.SystemsManagementServer.WSUS.WSUSServer.TestDatabaseConnection()

    jeudi 20 mai 2010 12:15
  • Ok I think I solved this.

     

    I used the approach detailed here: http://social.technet.microsoft.com/forums/en-US/configmgrsum/thread/d831dc07-3000-4ae3-b609-5ca767dc9d53/

     

    I changed the user that the sms_executive service ran under on the wsus server from local system to a domain account. I then gave that domain account rights on the sql server. The error now seems to have gone away and the clients are now reporting correct status in the Deployment Status field.

    There is one thing left however.. Under component status under site status the sms_executive component is reported as stopped and the availability is set to unknown. It does not give any errors and everything seems to work so.. Is this a problem?

    vendredi 21 mai 2010 08:01