locked
WSUS DB on remote MSQL server RRS feed

  • Question

  • We have this setup and sort of working. However, when I say sort of, basically we have to give the machine\computer name account (domain.com\xxxxx$) that WSUS is running on sysadmin role privs on the DB instance that resides on the remote SQL server. This is unacceptable and I cannot locate any other documentation explicitly stating what role(s) are needed on the SQL server DB for WSUS.

    Has anyone else ran into this? Thank you.


    • Edited by LakesideZ29 Thursday, January 8, 2015 9:17 PM
    Thursday, January 8, 2015 7:33 PM

Answers

  • we have to give the machine\computer name account (domain.com\xxxxx$) that WSUS is running on sysadmin role privs on the DB instance that resides on the remote SQL server.

    That's correct. That's how the environment is configured.

    This is unacceptable

    Then you'll need to install a local instance of SQL Server on the WSUS Server, or use the Windows Internal Database. But I am curious as to why you find this unacceptable?

    I cannot locate any other documentation explicitly stating what role(s) are needed on the SQL server DB for WSUS.

    Well, generally, these are all handled by the installer when the installer is properly executed, so they're not of immediate concern to the end user; but they are referred to in the document regarding migrating the database from local to remote SQL.

    http://technet.microsoft.com/en-us/library/dd939918(v=ws.10).aspx


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, January 9, 2015 12:10 PM

All replies

  • This may be helpful?

    http://technet.microsoft.com/en-us/library/cc708595(v=ws.10).aspx

    Step 2.6: Set up this account for the roles needed to set up the WSUS 3.0 database. The roles are either dbcreator plus diskadmin, or sysadmin. Accounts belonging to the local Administrators group have the sysadmin role by default.


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)


    • Edited by DonPick Friday, January 9, 2015 12:09 AM
    Friday, January 9, 2015 12:08 AM
  • Yeah I\we did stumble across that, tried it, and no luck.
    Friday, January 9, 2015 11:56 AM
  • we have to give the machine\computer name account (domain.com\xxxxx$) that WSUS is running on sysadmin role privs on the DB instance that resides on the remote SQL server.

    That's correct. That's how the environment is configured.

    This is unacceptable

    Then you'll need to install a local instance of SQL Server on the WSUS Server, or use the Windows Internal Database. But I am curious as to why you find this unacceptable?

    I cannot locate any other documentation explicitly stating what role(s) are needed on the SQL server DB for WSUS.

    Well, generally, these are all handled by the installer when the installer is properly executed, so they're not of immediate concern to the end user; but they are referred to in the document regarding migrating the database from local to remote SQL.

    http://technet.microsoft.com/en-us/library/dd939918(v=ws.10).aspx


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, January 9, 2015 12:10 PM
  • Thank you for the document link from above, I just wish something documented would state explicitly that yes the server that has WSUS installed needs to have sysadmin privs on the DB. I need that to show to our DBA's.

    As far as unacceptable it's just how we operate here, basically "if" a product has an option to have it's DB stored on a separate isolated server then we are mandated to do it. That procedure I cannot control.

    Friday, January 9, 2015 12:43 PM
  • that yes the server that has WSUS installed needs to have sysadmin privs on the DB. I need that to show to our DBA's.

    Frankly that should be a Doh! moment for your DBAs. Ask them this question: What role memberships are *required* to CREATE a database?

    As far as unacceptable it's just how we operate here, basically "if" a product has an option to have it's DB stored on a separate isolated server then we are mandated to do it. That procedure I cannot control.

    Then I'd say your policy is fundamentally flawed and probably needs to be reconsidered. How else would you expect a front-end ASP.NET web server servicing *anonymous* users to authenticate with a back-end SQL Server?

    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.


    Sunday, January 11, 2015 1:25 PM