locked
How to reinstall WSUS 3.0 in RODC (windows 2012) RRS feed

  • Question

  • Hi,

    I'm trying to REINSTALL WSUS 3.0 in RODC (windows 2012). But I can't past the post installation and always getting the error:

    2019-01-24 14:38:43  Postinstall started

    2019-01-24 14:38:43  Detected role services: UI, WidDatabase, Services

    2019-01-24 14:38:43  Start: LoadSettingsFromParameters

    2019-01-24 14:38:43  Content local is: True

    2019-01-24 14:38:43  Content directory is: c:\WSUS

    2019-01-24 14:38:43  SQL instname is:

    2019-01-24 14:38:43  End: LoadSettingsFromParameters

    2019-01-24 14:38:43  Start: Run

    2019-01-24 14:38:43  Configuring content directory...

    2019-01-24 14:38:43  Configuring groups...

    2019-01-24 14:38:43  Starting group configuration for WSUS Administrators...

    2019-01-24 14:38:43  Group does not already exist in the registry

    2019-01-24 14:38:43  Searching for existing group...

    2019-01-24 14:40:28  Group was not fount attempt to create it...

    2019-01-24 14:40:28  System.DirectoryServices.AccountManagement.PrincipalOperationException: The group already exists.

    ---> System.Runtime.InteropServices.COMException: The group already exists.

     

       at System.DirectoryServices.DirectoryEntry.CommitChanges()

       at System.DirectoryServices.AccountManagement.SDSUtils.ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes)

       --- End of inner exception stack trace ---

       at System.DirectoryServices.AccountManagement.SDSUtils.ApplyChangesToDirectory(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes)

       at System.DirectoryServices.AccountManagement.SDSUtils.InsertPrincipal(Principal p, StoreCtx storeCtx, GroupMembershipUpdater updateGroupMembership, NetCred credentials, AuthenticationTypes authTypes, Boolean needToSetPassword)

       at System.DirectoryServices.AccountManagement.SAMStoreCtx.Insert(Principal p)

       at Microsoft.UpdateServices.Administration.ConfigureGroups.FetchOrCreateGroup(PrincipalContext context, String name, String description)

       at Microsoft.UpdateServices.Administration.ConfigureGroups.SetupGroup(PrincipalContext context, String groupName, String description, String registryValue)

       at Microsoft.UpdateServices.Administration.ConfigureGroups.Run(Action`1 logWriter)

       at Microsoft.UpdateServices.Administration.PostInstall.Run()

       at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)


    I already have the groups needed in RWDC.

    1.      SQLServer2005MSFTEUser$Servername$Microsoft##SSEE

    2.      SQLServer2005MSSQLUser$Servername$Microsoft##SSEE

    3.      WSUS Administrators

    4.      WSUS  Reporters

    Already uninstalled IIS and WSUS, still no luck. Can some help me figure out this or send me step by step configuration for this. Thanks in advance.

    Thursday, January 24, 2019 8:34 AM

All replies

  • Hi,
     

    I think that in the logs you provide, this content is worthy of attention:
     

    • 2019-01-24 14:38:43  Starting group configuration for WSUS Administrators...
    • 2019-01-24 14:38:43  Group does not already exist in the registry
    • 2019-01-24 14:38:43  Searching for existing group...
    • 2019-01-24 14:40:28  Group was not fount attempt to create it...
       

    This seems to indicate that the WSUS Administrators group was not found during the installation process. Although you mentioned it, you created this group by hand, but I think the problem still exists in the groups you created.
     

    If installed to a ReadWrite DC, these groups would be created in Active Directory; however, on an RODC, there is no local SAM, and the WSUS installer cannot write to the directory store to create the groups.
     

    Then please follow the steps below to check your steps to install WSUS on the RODC:
     

    1. Create the "WSUS Administrators" and "WSUS Reporters" domain security group on the ReadWrite DC.
    2. Force two groups to be copied to the RODC.
    3. Then install WSUS on the RODC.
       

    The WSUS installer will see these groups already exist instead of trying to create them.
     

    And I found that other users have encountered situations similar to yours. Their discussion could be used for your reference:
    https://www.bleepingcomputer.com/forums/t/566966/wsus-rodc-server-2012/
     

    Reply back with the results would be happy to help.
     

    Regards,
    Yic Lv

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 25, 2019 6:18 AM
  • Hi,

    I ended up on formatting the sever.

    Install the OS.

    Install WSUS first followed by RODC.

    This is easier than to look for other solution. haha

    Thank you

    Monday, January 28, 2019 12:17 AM
  • Just for future - https://www.ajtek.ca/wsus/how-to-remove-wsus-completely-and-reinstall-it/

    It's not that difficult to do.


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Wednesday, January 30, 2019 4:27 AM