locked
wsus wont install on server 2012r2 RRS feed

  • Question

  • i have a new 2012r2 server and try to install wsus through server manager.  after i do this i get 

    feature installation

    the request to add or remove features on the specified server failed.  the operation cannot be completed because the server that you specified requires a restart.  i tried to restart multiple times with no luck.

    i saw

    http://henkhoogendoorn.blogspot.com.br/2014/06/wsus-role-failed-on-windows-server-2012.html

    and tried the fix but still this doesnt work.  any ideas?

    Wednesday, August 20, 2014 12:57 AM

Answers

  • Hi,

    Firstly, is there any event in the server like below? If yes, it should be a WID issue.

    The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
    Logon failure: the user has not been granted the requested logon type at this computer.
    Service: MSSQL$MICROSOFT##WID  
    Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID 
    This service account does not have the required user right "Log on as a service." 

    Is the server installed with AD DS role? If yes, you can try to assign the "Log on as a service" user right to "NT SERVICE\ALL SERVICES" account by Default Domain Controller GPO.

    I have read the blog you mentioned above. It doesn't give the cause of this issue.

    When WID is installed, the NT SERVICE\MSSQL$MICROSOFT##WID local virtual account is created, and this account is granted the Log on as a service user right by local Group Policy. If the local Group Policy setting is overwritten by a Group Policy Object (GPO) that is linked to a site, domain, or organizational unit, the NT SERVICE\MSSQL$MICROSOFT##WID account does not have the necessary user rights. Therefore, WID cannot be installed. 

    Therefore, please make sure that there isn't any GPO overwriting the Default Domain GPO.

    To work around the issue, use one of the following methods:

    • Assign the Log on as a service user right to NT SERVICE\ALL SERVICES in the GPO that defines the user right.
    • Exclude the computer from the GPO that defines the user right.

    For detailed information, please refer to the link below,

    "MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID" error when you install WID in Windows Server 2012

    http://support.microsoft.com/kb/2832204

    Here is a guid about Troubleshooting WSUS 3.0 SP2 Server Setup,

    Troubleshoot WSUS 3.0 SP2 Server Setup

    http://technet.microsoft.com/en-us/library/hh334973(v=ws.10).aspx

    If issue persists, could you post the setup log files in the WSUSInstallationDrive\Program Files\Update Services\LogFiles\ folder?

    Best Regards



    Steven Lee

    TechNet Community Support


    Thursday, August 21, 2014 3:41 AM

All replies

  • I had documented this in my blog for other setup, let me know if this works for you : 

    CASE 1

    The registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile  does not exist. This is a typical situation on a fresh Windows Server 2012 installation.

    SOLUTION: Using registry editor, create the key and set its value to 0.

     CASE 2

    The registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile exists, but the value is set to a value other than 0.

    SOLUTION: Using the registry editor set the value of the UpdateExeVolatile to 0.

     CASE 3

    The registriy key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations contains any values.

    SOLUTION: Delete any values existing under the PendingFileRenameOperations key.


    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, August 20, 2014 2:36 AM
  • tried and this did not work
    Wednesday, August 20, 2014 5:20 PM
  • Anything in event logs?

    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, August 21, 2014 2:35 AM
  • Hi,

    Firstly, is there any event in the server like below? If yes, it should be a WID issue.

    The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
    Logon failure: the user has not been granted the requested logon type at this computer.
    Service: MSSQL$MICROSOFT##WID  
    Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID 
    This service account does not have the required user right "Log on as a service." 

    Is the server installed with AD DS role? If yes, you can try to assign the "Log on as a service" user right to "NT SERVICE\ALL SERVICES" account by Default Domain Controller GPO.

    I have read the blog you mentioned above. It doesn't give the cause of this issue.

    When WID is installed, the NT SERVICE\MSSQL$MICROSOFT##WID local virtual account is created, and this account is granted the Log on as a service user right by local Group Policy. If the local Group Policy setting is overwritten by a Group Policy Object (GPO) that is linked to a site, domain, or organizational unit, the NT SERVICE\MSSQL$MICROSOFT##WID account does not have the necessary user rights. Therefore, WID cannot be installed. 

    Therefore, please make sure that there isn't any GPO overwriting the Default Domain GPO.

    To work around the issue, use one of the following methods:

    • Assign the Log on as a service user right to NT SERVICE\ALL SERVICES in the GPO that defines the user right.
    • Exclude the computer from the GPO that defines the user right.

    For detailed information, please refer to the link below,

    "MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID" error when you install WID in Windows Server 2012

    http://support.microsoft.com/kb/2832204

    Here is a guid about Troubleshooting WSUS 3.0 SP2 Server Setup,

    Troubleshoot WSUS 3.0 SP2 Server Setup

    http://technet.microsoft.com/en-us/library/hh334973(v=ws.10).aspx

    If issue persists, could you post the setup log files in the WSUSInstallationDrive\Program Files\Update Services\LogFiles\ folder?

    Best Regards



    Steven Lee

    TechNet Community Support


    Thursday, August 21, 2014 3:41 AM
  • Hi,

    I’m writing to just check in to see if the suggestions were helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up.

    Best Regards.



    Steven Lee

    TechNet Community Support

    Monday, September 1, 2014 2:51 AM
  • In Windows 2012 after a migration from Windows 2003 the "NT SERVICE\ALL SERVICES"  does not exist.

    I have added the following to the user rights assign

    IIS

    Network

    Network Service

    administrator

    iis_wpg.

    And the WSUS still will install.


    Raymond W. Rio

    Thursday, July 2, 2015 3:01 PM