locked
Trying to reinstall WSUS and get an error message: "A privilege that a service requires to function doesn't exist" RRS feed

  • Question

  • I get this message on the Windows Internal Databases (WID) service during the failure of the WSUS role installation.  When I check Services WID is attempting to run under a virtual account called NT SERVICE\MSSQL$MICROSOFT##WID. Which explains the "the account doesn't exist" error message.

    Troubleshooting attempted but didn't resolve:

    • Restarted the Server

    • Added Network, Network Service, and Service. IIS_WPG didn't exist

    • I tried changing Log On As from NT SERVICE\MSSQL$MICROSOFT##WID to Local Service but when I restart the server the Windows Internal Databases service disappears. I'm assuming it's because the Role and Feature installation failed and any changes is rolled back. 

    Monday, April 9, 2018 4:43 PM

All replies

  • You have to uninstall WSUS role and Delete WID DB, WSUS content and all WSUS related files.

    C:\windows\WID\Data\susdb.mdf

    Then update server with full windows patches. Install Again WSUS role.

    • Proposed as answer by Yuxiang Shi Friday, April 20, 2018 7:08 AM
    Tuesday, April 10, 2018 3:39 AM
  • To put a more step by step procedure to what Udara has mentioned, to remove WSUS completely, you need to:

    1. Remove WSUS Role and Windows Internal Database (WID) Feature.
    2. Remove C:\WSUS or where ever the WSUSContent folder resides.
    3. Remove C:\Windows\WID (specifically: delete the SUSDB.mdf and SUSDB_log.ldf in C:\Windows\WID\Data). If you don't remove the WID role and its files on a reinstall, it will re-attach to the same database.
    4. In IIS, remove the 'WSUS Administration' website and the 'WsusPool' Application Pool if they still exist.
    5. Restart the server and re-add the WSUS And WID Roles. Let it install, and then restart the server again.
    6. MAKE SURE .NET 4.7 IS NOT INSTALLED (it comes as a KB number for your server OS, not an add/remove programs installation.) The WSUS post-installer is not compatible with .NET 4.7 and will always error out. Once WSUS is installed and working, .NET 4.7 can be reapplied and WSUS should still work.

    Now try to do the post-installation configuration.

    If this doesn't work, disjoin the server from the domain, and restart. Try the post-installation steps again. If it works, the issue is a policy on your domain that is causing the issues. You can then rejoin the server to the domain.


    Adam Marshall, MCSE: Security
    http://www.adamj.org
    Microsoft MVP - Windows and Devices for IT

    • Proposed as answer by Yuxiang Shi Friday, April 20, 2018 7:08 AM
    Friday, April 20, 2018 3:13 AM