locked
WSUS Post Installation Fails: Specified Directory Service Attribute or value does not exist. RRS feed

  • Question

  • I am trying to install WSUS on Server 2012 R2. The deployment is to have the database on a SQL Server of ours and not WID. 

    When WSUS is going through the Post-Installation tasks, it eventually keeps failing. I am receiving a "System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist. 

    2014-10-17 10:30:08  Reestablishing database connection...

    2014-10-17 10:30:08  Configuring database...

    2014-10-17 10:30:08  Writing settings...

    2014-10-17 10:30:09  Settings set

    2014-10-17 10:30:09  Creating logins...

    2014-10-17 10:30:09  Fetching machine account info

    2014-10-17 10:30:10  System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.

     

       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)

       at System.DirectoryServices.DirectoryEntry.Bind()

       at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()

       at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)

       at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)

       at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)

       at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()

       at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()

       at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()

       at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()

       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)

       at System.DirectoryServices.AccountManagement.ComputerPrincipal.FindByIdentity(PrincipalContext context, String identityValue)

       at Microsoft.UpdateServices.Administration.ConfigureDB.GetMachineAccountInfo(Byte[]& binarySid, String& accountName)

       at Microsoft.UpdateServices.Administration.ConfigureDB.Configure()

       at Microsoft.UpdateServices.Administration.PostInstall.Run()

       at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)

    Fatal Error: The specified directory service attribute or value does not exist.

     

    Anyone know what exactly this is erroring out on? 

    Friday, October 17, 2014 2:46 PM

Answers

  • I got this working.

    It turned out I needed to grant "Read" permissions on the main "Computer" OU. Once I gave the WSUS user account I was logged into the server as "Read" permissions on the "Computer" OU...this started working. 

    I am a little confused why it needed that "Read" permission though since I moved the computer object out of hte default "Computer" OU and into another OU structure. 

    • Proposed as answer by antwesor Wednesday, November 5, 2014 4:41 PM
    • Marked as answer by Steven_Lee0510 Thursday, November 6, 2014 6:58 AM
    Wednesday, October 29, 2014 2:42 PM

All replies

  • The deployment is to have the database on a SQL Server of ours and not WID. 

    First step is to describe the actual database environment.

    What account are you logged onto on the WSUS Server to install the WSUS ROLE?


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, October 17, 2014 5:35 PM
  • Hi,

    I just want to confirm what is the current situation.

    Please feel free to let us know if you need further assistance.

    Best Regards.



    Steven Lee

    TechNet Community Support

    Wednesday, October 29, 2014 8:20 AM
  • I got this working.

    It turned out I needed to grant "Read" permissions on the main "Computer" OU. Once I gave the WSUS user account I was logged into the server as "Read" permissions on the "Computer" OU...this started working. 

    I am a little confused why it needed that "Read" permission though since I moved the computer object out of hte default "Computer" OU and into another OU structure. 

    • Proposed as answer by antwesor Wednesday, November 5, 2014 4:41 PM
    • Marked as answer by Steven_Lee0510 Thursday, November 6, 2014 6:58 AM
    Wednesday, October 29, 2014 2:42 PM
  • Hi,

    According to the trace log, "System.DirectoryServices.AccountManagement.ComputerPrincipal.FindByIdentity" is called by "Microsoft.UpdateServices.Administration.ConfigureDB.GetMachineAccountInfo".

    From my point of view, it's really a Directory Services question that how does Directory Services find the computer principal by identity.

    Besides, glad to hear the issue is resolved and thanks for your sharing!

    Best Regards.



    Steven Lee

    TechNet Community Support

    Tuesday, November 4, 2014 1:08 PM
  • I am getting this same error and granting read rights to computers OU did not resolve.

    I had a domain admin login and try his credentials and it worked but I needed to rebuild my primary SCCM server that is hosting the database.  Once the database server was replaced I tried to reconfigure and reinstall and I am getting this same error again.  Full uninstall and reinstall performed.

    2014-11-05 15:49:53  Postinstall started
    2014-11-05 15:49:53  Detected role services: Api, Database, UI, Services
    2014-11-05 15:49:53  Start: LoadSettingsFromParameters
    2014-11-05 15:49:53  Content local is: True
    2014-11-05 15:49:53  Content directory is: S:\WSUS
    2014-11-05 15:49:53  SQL instname is: xxxxxxxxxxxx\WSUS
    2014-11-05 15:49:53  End: LoadSettingsFromParameters
    2014-11-05 15:49:53  Start: Run
    2014-11-05 15:49:53  Fetching WsusAdministratorsSid from registry store
    2014-11-05 15:49:53  Value is xxxxxxxxxxxxxxxxx
    2014-11-05 15:49:53  Fetching WsusReportersSid from registry store
    2014-11-05 15:49:53  Value is xxxxxxxxxxxxxxxxxxxxxx
    2014-11-05 15:50:53  Configuring content directory...
    2014-11-05 15:50:53  Configuring groups...
    2014-11-05 15:50:54  Starting group configuration for WSUS Administrators...
    2014-11-05 15:50:54  Found group in regsitry, attempting to use it...
    2014-11-05 15:50:56  Writing group to registry...
    2014-11-05 15:50:56  Finished group creation
    2014-11-05 15:50:56  Starting group configuration for WSUS Reporters...
    2014-11-05 15:50:56  Found group in regsitry, attempting to use it...
    2014-11-05 15:50:56  Writing group to registry...
    2014-11-05 15:50:56  Finished group creation
    2014-11-05 15:50:56  Configuring permissions...
    2014-11-05 15:50:56  Fetching content directory...
    2014-11-05 15:50:56  Fetching ContentDir from registry store
    2014-11-05 15:50:56  Value is S:\WSUS
    2014-11-05 15:50:56  Fetching group SIDs...
    2014-11-05 15:50:56  Fetching WsusAdministratorsSid from registry store
    2014-11-05 15:50:56  Value is xxxxxxxxxxxxxxxxxxxxxx
    2014-11-05 15:50:56  Fetching WsusReportersSid from registry store
    2014-11-05 15:50:56  Value is xxxxxxxxxxxxxxxxxxxxxx
    2014-11-05 15:50:56  Creating group principals...
    2014-11-05 15:50:56  Granting directory permissions...
    2014-11-05 15:50:56  Granting permissions on content directory...
    2014-11-05 15:50:56  Granting registry permissions...
    2014-11-05 15:50:56  Granting registry permissions...
    2014-11-05 15:50:56  Granting registry permissions...
    2014-11-05 15:50:56  Configuring shares...
    2014-11-05 15:50:56  Configuring network shares...
    2014-11-05 15:50:56  Fetching content directory...
    2014-11-05 15:50:56  Fetching ContentDir from registry store
    2014-11-05 15:50:56  Value is S:\WSUS
    2014-11-05 15:50:56  Fetching WSUS admin SID...
    2014-11-05 15:50:56  Fetching WsusAdministratorsSid from registry store
    2014-11-05 15:50:56  Value is xxxxxxxxxxxxxxxxxxxxxxx
    2014-11-05 15:50:56  Content directory is local, creating content shares...
    2014-11-05 15:50:56  Creating share "UpdateServicesPackages" with path "S:\WSUS\UpdateServicesPackages" and description "A network share to be used by client systems for collecting all software packages (usually applications) published on this WSUS system."
    2014-11-05 15:50:57  Deleting existing share...
    2014-11-05 15:50:57  Creating share...
    2014-11-05 15:50:57  Share successfully created
    2014-11-05 15:50:57  Creating share "WsusContent" with path "S:\WSUS\WsusContent" and description "A network share to be used by Local Publishing to place published content on this WSUS system."
    2014-11-05 15:50:57  Deleting existing share...
    2014-11-05 15:50:57  Creating share...
    2014-11-05 15:50:57  Share successfully created
    2014-11-05 15:50:57  Creating share "WSUSTemp" with path "C:\Program Files\Update Services\LogFiles\WSUSTemp" and description "A network share used by Local Publishing from a Remote WSUS Console Instance."
    2014-11-05 15:50:57  Deleting existing share...
    2014-11-05 15:50:57  Creating share...
    2014-11-05 15:50:57  Share successfully created
    2014-11-05 15:50:57  Finished creating content shares
    2014-11-05 15:50:57  Stopping service WSUSService
    2014-11-05 15:50:57  Stopping service W3SVC
    2014-11-05 15:50:57  Configuring database...
    2014-11-05 15:50:57  Configuring the database...
    2014-11-05 15:50:57  Establishing DB connection...
    2014-11-05 15:50:57  Checking to see if database exists...
    2014-11-05 15:50:57  Database exists
    2014-11-05 15:50:57  Switching database to single user mode...
    2014-11-05 15:50:57  Loading install type query...
    2014-11-05 15:50:57  DECLARE @currentDBVersion       int
    DECLARE @scriptMajorVersion     int = (9600)
    DECLARE @scriptMinorVersion     int = (16384)
    DECLARE @databaseMajorVersion   int 
    DECLARE @databaseMinorVersion   int 
    DECLARE @databaseBuildNumber    nvarchar(10)
    IF NOT EXISTS(SELECT * FROM sys.databases WHERE name='SUSDB')
    BEGIN
        SELECT 1
    END
    ELSE
    BEGIN
        SET @currentDBVersion = (SELECT SchemaVersion FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
        SET @databaseBuildNumber = (SELECT BuildNumber FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
        DECLARE @delimiterPosition INT = CHARINDEX('.', @databaseBuildNumber)
        IF (@delimiterPosition = 0)
        BEGIN
            RAISERROR('Invalid schema version number', 16, 1) with nowait
            return 
        END 
        SET @databaseMajorVersion = SUBSTRING(@databaseBuildNumber, 1, @delimiterPosition - 1)
        SET @databaseMinorVersion = SUBSTRING(@databaseBuildNumber, (@delimiterPosition + 1), (10 - @delimiterPosition))
        IF @currentDBVersion < 926
        BEGIN
            SELECT 3
        END
        ELSE
        BEGIN
            IF (@scriptMajorVersion > @databaseMajorVersion OR
               (@scriptMajorVersion = @databaseMajorVersion AND @scriptMinorVersion > @databaseMinorVersion))
            BEGIN
                SELECT 2
            END
            ELSE IF (@scriptMajorVersion = @databaseMajorVersion AND
                     @scriptMinorVersion = @databaseMinorVersion)
            BEGIN
                SELECT 0
            END
            ELSE
            BEGIN
                SELECT 4
            END
        END
    END
    2014-11-05 15:50:57  Install type is: Reinstall
    2014-11-05 15:50:57  Creating logins...
    2014-11-05 15:50:57  Fetching machine account info
    2014-11-05 15:50:57  System.Runtime.InteropServices.COMException (0x8007200A): The specified directory service attribute or value does not exist.
       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_SchemaEntry()
       at System.DirectoryServices.AccountManagement.ADStoreCtx.IsContainer(DirectoryEntry de)
       at System.DirectoryServices.AccountManagement.ADStoreCtx..ctor(DirectoryEntry ctxBase, Boolean ownCtxBase, String username, String password, ContextOptions options)
       at System.DirectoryServices.AccountManagement.PrincipalContext.CreateContextFromDirectoryEntry(DirectoryEntry entry)
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoLDAPDirectoryInitNoContainer()
       at System.DirectoryServices.AccountManagement.PrincipalContext.DoDomainInit()
       at System.DirectoryServices.AccountManagement.PrincipalContext.Initialize()
       at System.DirectoryServices.AccountManagement.PrincipalContext.get_QueryCtx()
       at System.DirectoryServices.AccountManagement.Principal.FindByIdentityWithTypeHelper(PrincipalContext context, Type principalType, Nullable`1 identityType, String identityValue, DateTime refDate)
       at System.DirectoryServices.AccountManagement.ComputerPrincipal.FindByIdentity(PrincipalContext context, String identityValue)
       at Microsoft.UpdateServices.Administration.ConfigureDB.GetMachineAccountInfo(Byte[]& binarySid, String& accountName)
       at Microsoft.UpdateServices.Administration.ConfigureDB.Configure()
       at Microsoft.UpdateServices.Administration.PostInstall.Run()
       at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
    

    Wednesday, November 5, 2014 10:56 PM
  • I am getting this same error and granting read rights to computers OU did not resolve.

    Okay.. so exactly the same request applies to you.

    • Describe the actual database environment.
    • What ACCOUNT is logged in on the WSUS server to do the installation?

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, November 7, 2014 4:24 AM
  • but I needed to rebuild my primary SCCM server that is hosting the database.

    So... REALLY... you probably should be asking in the Configuration Manager forum.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, November 7, 2014 4:25 AM
  • directory is: S:\WSUS

    What is the S: drive? That's a pretty high letter to represent a *LOCAL* drive!


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, November 7, 2014 4:27 AM
  • S is local we went with a simple standard d=data l=logs s=storage

    Since the issue only related to SCCM in that WSUS is needed by SCCM and the issue is about installing WSUS to a server with nothing on it yet I thought this was the most appropriate forum.

    Database is on a remote server with two data base instances on 2012 r2 running sql 2012.  Remote instance name is "WSUS"

    Local machine is server 2012 r2 with s being the storage drive.

    The account that I was running the install from was a admin to both machines but not to the domain.  The second account I tried was an admin on both machines and domain but not full domain admin rights but rights to delete and add machine accounts users etc.  Attempts with a full domain admin account yielded the same results.

    Using the second set of above described credentials and another machine running 2008r2 and local WID I was able to install and configure WSUS just fine.

    This led me to just use a WID on the machine in question and it configured fine using those same credentials.  During attempts to use a remote database yes I did drop the database between some attempts and kept the built database between others.  If there is a better log that tells you what attribute it is looking for in AD from what computer I would appreciate knowing that for future issues and just so I learn.  So it is resolved in that I am functional but not as I had intended to by my design.

    Tuesday, November 11, 2014 12:24 AM
  • Since the issue only related to SCCM in that WSUS is needed by SCCM and the issue is about installing WSUS to a server with nothing on it yet I thought this was the most appropriate forum.

    But it's not that simple, because you're trying to install an underlying Configuration Manager ROLE onto an existing Site Server (and there's an additional question about whether you removed the Site Server role prior to removing WSUS). So, all things considered, this is a rather complicated scenario and to get the best assistance with reinstalling the *SUP* role on a Configuration Manager Site Server, you should inquire in the Configuration Manager forums.

    Database is on a remote server with two data base instances on 2012 r2 running sql 2012.  Remote instance name is "WSUS"

    This actually helps tremendously, as we can assume that the database is still intact. During the WSUS role installation, point it at the remote database instance. It will find and use the existing database.

    The account that I was running the install from was a admin to both machines but not to the domain.  The second account I tried was an admin on both machines and domain but not full domain admin rights but rights to delete and add machine accounts users etc.  Attempts with a full domain admin account yielded the same results.

    All of that is good information, but the key consideration is that the account being used to perform the installation MUST BE a member of the 'sysadmin' Server Role on the SQL Server instance containing the WSUS database.

    This requires that you use a DOMAIN account to do a WSUS installation with a remote SQL Server, and the domain account must be a member of the 'sysadmin' Server Role.

    Using the second set of above described credentials and another machine running 2008r2 and local WID I was able to install and configure WSUS just fine.

    Because now you're installing to a LOCAL WID and only require LOCAL access.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Wednesday, November 12, 2014 6:02 PM
  • I struggled with this same error for 2 hours. I even tried installing WSUS on another server and I got the same error when attempting to connect to my remote SQL box, even though the account i was using had syadmin permission and local permissions setup.

    My solution was this:

    Set my domain admin account as a sysadmin within my SQL database

    Login as a Domain Admin 

    Run the post deployment. It completed successfully.

    Thursday, September 3, 2015 3:57 PM