locked
Reinstalling WSUS Issues server 2008 R2 RRS feed

  • Question

  • Team

    I have an issue where I cannot reinstall WSUS on my server.  I did the exact same thing in another server at a remote site days ago and it worked flawless.

    .

    Both servers are same configuration - One worked fine - the other didnt.:

    Windows 2008 R2 DC TS

    installing WSUS30-KB972455-x64.exe using Full server install inc Admin Console 

    Using Windows Internal Database using existing IIS Default Website

    installing to D:\WSUS (The change I am making it was X:\WSUS).

    .

    I've uninstalled, and reinstalled before on this and other servers as more drive space was required but this server is killing me. I think something is not happy that I have Uninstalled WSUS.

    .

    I would have thought this should be straight forward -- Uninstall - Shut down-  Reboot - Reinstall - Live happily ever after.

    .

    Whenever I install it goes through most of the installation but crashes out when it gets to 'Configuring Database". I've never had this error. Google gets me about 50,000,000 solutions...

    .
    I've gone through and removed the WIDbase (msiexec /x {BDD79957-5801-4A2D-B09E-852E7FA64D01} callerid=ocsetup.exe) https://technet.microsoft.com/en-us/library/cc708610(v=ws.10).aspx and then followed these instructions from same page deleting all files in the following location 
    %windir%\SYSMSI\SSEE directory.

    .

    .

    This page pretty much has my errors- but its solution doesnt work for me as I cannot find the files on the computer anywhere when I search for them.

    "Delete any MDF or LDF files that denote SUS Databases from SQL DB files location "

    https://social.technet.microsoft.com/wiki/contents/articles/15421.how-to-resolve-wsus-30-sp2-install-failure-error-0x80070643-fatal-error-during-installation.aspx

    .

    Then completely shut down the server and then powered on before trying again.

    .

    .

    My WSUSSetup.log says

    Success   MWUSSetup          Validating pre-requisites...
    Error     MWUSSetup          Failed to determine if an higher version of WSUS is installed. Assuming it is not... (Error 0x80070002: The system cannot find the file specified.)
    Error     MWUSSetup          WSUS is outdated. But this will not block setup (Error 0x00000000: The operation completed successfully.)
    Success   MWUSSetup          No SQL instances found
    Success   MWUSSetup          Initializing installation details
    Success   MWUSSetup          Skipping Asp.Net install since not running on win2k3...
    Success   MWUSSetup          Installing wYukon using ocsetup
    Success   MWUSSetup          Installing Windows Internal database using ocsetup with command line as "ocsetup "WSSEE" /quiet /norestart"
    success   MWUSSetup          Installed Windows Internal database successfully
    Success   MWUSSetup          Installing WSUS...
    success   CustomActions.Dll  Unable to get INSTALL_LANGUAGE property, calculating it...
    Success   CustomActions.Dll  The system language ENA is not supported. Using English resources...
    Success   CustomActions.Dll  Successfully set propery of WSUS admin groups' full names
    Success   CustomActions.Dll  .Net framework path: C:\Windows\Microsoft.NET\Framework64\v4.7.2053
    Success   CustomActions.Dll  Creating user group: WSUS Reporters with Description: WSUS Administrators who can only run reports on the Windows Server Update Services server.
    Success   CustomActions.Dll  Creating WSUS Reporters user group
    Success   CustomActions.Dll  WSUS Reporters user group already exists
    Success   CustomActions.Dll  Successfully created WSUS Reporters user group
    Success   CustomActions.Dll  Creating user group: WSUS Administrators with Description: WSUS Administrators can administer the Windows Server Update Services server.
    Success   CustomActions.Dll  Creating WSUS Administrators user group
    Success   CustomActions.Dll  WSUS Administrators user group already exists
    Success   CustomActions.Dll  Successfully created WSUS Administrators user group
    Success   CustomActions.Dll  Successfully created WSUS user groups
    Success   CustomActions.Dll  Succesfully set binary SID property
    Success   CustomActions.Dll  Succesfully set binary SID property
    Success   CustomActions.Dll  Successfully set binary SID properties
    Success   CustomActions.Dll  CopyADMFile:The system locale ENA is not supported. Using English...
    Error     MWUSSetup          InstallWsus: MWUS Installation Failed (Error 0x80070643: Fatal error during installation.)
    Error     MWUSSetup          CInstallDriver::PerformSetup: WSUS installation failed (Error 0x80070643: Fatal error during installation.)
     Error     MWUSSetup          CSetupDriver::LaunchSetup: Setup failed (Error 0x80070643: Fatal error during installation.)

    .

    .

    The WSUSCa_170706_1309.log says

    Creating view PUBLIC_VIEWS.vComputerInventory
    Creating TVF PUBLIC_VIEWS.fnUpdateInstallationStateMap
    Changed database context to 'SUSDB'.
    Executing string: CREATE CERTIFICATE [MS_SchemaSigningCertificateD7A4348D8F461363128D655AE4589B8206B74257] FROM FILE = 'C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\SchemaSig\wsussigndb.cer'
    Warning: The certificate you created is expired.
    Executing string: ALTER CERTIFICATE [MS_SchemaSigningCertificateD7A4348D8F461363128D655AE4589B8206B74257] ATTESTED BY 'C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\SchemaSig\WSUSSignDb.dll'
    Signing object:[dbo].[spGetComputerSummariesForTargetGroup]
    Msg 15299, Level 16, State 1, Server \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query,  Line 6
    The signature of the public key is invalid.
    Changed database context to 'master'.
    Changed database context to 'SUSDB'.
    Executing string: CREATE CERTIFICATE [MS_SchemaSigningCertificateD7A4348D8F461363128D655AE4589B8206B74257] FROM FILE = 'C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\SchemaSig\wsussigndb.cer'
    Warning: The certificate you created is expired.
    Executing string: ALTER CERTIFICATE [MS_SchemaSigningCertificateD7A4348D8F461363128D655AE4589B8206B74257] ATTESTED BY 'C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\SchemaSig\WSUSSignDb.dll'
    Signing object:[dbo].[spGetComputerSummariesForTargetGroup]
    Msg 15299, Level 16, State 1, Server \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query,  Line 6
    The signature of the public key is invalid.

    Changed database context to 'master'.

    .

    .

    Anyone able to help me here?

    .
    Thanks
    Bruce






    • Edited by Bruce Bird Thursday, July 6, 2017 7:00 AM
    Thursday, July 6, 2017 6:46 AM

All replies

  • Anyone ? :(
    Friday, July 7, 2017 3:35 AM
  • I had something similar, but our resolution here was to build a Windows Server 2012 R2 from scratch and replace the Windows Server 2008 R2.
    Friday, July 7, 2017 8:02 PM
  • Did you ever find a solution for this?  I am encountering the same issue on Small Business 2011 server and none of the usual fixes have worked.
    Thursday, August 10, 2017 7:08 PM
  • Update: I fixed my problem by uninstalling Microsoft .NET 4.7 and then re-running the WSUS installer.  I hope this helps anyone else that encounters this issue.  
    • Proposed as answer by antwesor Friday, August 11, 2017 4:18 PM
    Friday, August 11, 2017 1:16 PM
  • I tried the method u explained here. but It didn't work to mine.

    actually I was also fighting with the same problem and still is.

    hope to find the solution soon.

    thanks for an idea.


    Friday, May 11, 2018 2:33 AM
  • I am also fighting this issue. Has anyone got an explanation to the last log in WSUSCa_xxxx.log ? Which is

    "The signature of the public key is invalid"

    Or even better, a resolution to this freaking issue?


    MWebjorn


    • Edited by MWebjorn Saturday, June 9, 2018 5:49 PM
    Saturday, June 9, 2018 11:22 AM
  • To remove WSUS completely, you need to:

    1. Remove WSUS Role and Windows Internal Database (WID) Feature.
    2. Remove C:\WSUS or where ever the WSUSContent folder resides.
    3. Remove C:\Windows\WID (specifically: delete the SUSDB.mdf and SUSDB_log.ldf in C:\Windows\WID\Data). If you don't remove the WID role and its files on a reinstall, it will re-attach to the same database.
    4. In IIS, remove the 'WSUS Administration' website and the 'WsusPool' Application Pool if they still exist.
    5. Restart the server and re-add the WSUS And WID Roles. Let it install, and then restart the server again.
    6. MAKE SURE .NET 4.7 IS NOT INSTALLED (it comes as a KB number for your server OS, not an add/remove programs installation.) The WSUS post-installer is not compatible with .NET 4.7 and will always error out. Once WSUS is installed and working, .NET 4.7 can be reapplied and WSUS should still work.

    Now try to do the post-installation configuration.

    If this doesn't work, disjoin the server from the domain, and restart. Try the post-installation steps again. If it works, the issue is a policy on your domain that is causing the issues. You can then rejoin the server to the domain.

    Please also see my 8 part blog series on how to setup, manage, and maintain WSUS.

    https://www.ajtek.ca/wsus/how-to-setup-manage-and-maintain-wsus-part-1-choosing-your-server-os/


    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Tuesday, June 19, 2018 4:20 AM
  • This will NOT work on a SBS2011(which is based on 2008 R2). The reason is that other components depend on Windows Internal Database, and removing it will ruin the installation.

    But once again,what is the explanation to the last log in WSUSCa_xxxx.log ? Which is

    "The signature of the public key is invalid"


    MWebjorn

    Tuesday, June 19, 2018 6:39 AM
  • This will NOT work on a SBS2011(which is based on 2008 R2). The reason is that other components depend on Windows Internal Database, and removing it will ruin the installation.

    But once again,what is the explanation to the last log in WSUSCa_xxxx.log ? Which is

    "The signature of the public key is invalid"


    MWebjorn

    Agreed - but the OP did not say they were using SBS - they said they were using 2 Server 2008R2 systems. In the event of SBS, the only difference is that you remove the MDF/LDF as mentioned in the brackets of Step 3 of my post and not remove the entire Windows Internal Database role.

    Adam Marshall, MCSE: Security
    https://www.ajtek.ca
    Microsoft MVP - Windows and Devices for IT

    Tuesday, June 19, 2018 12:37 PM
  • .Net 4.6.1 does not work either
    Tuesday, September 11, 2018 4:11 PM
  • This is the third time I'm asking this question:

    But once again,what is the explanation to the last log in WSUSCa_xxxx.log ? Which is

    "The signature of the public key is invalid"


    This is obviously something which is a problem, and getting some explanation to this log might get us a bit closer in figuring out what the real problem is


    MWebjorn

    Tuesday, September 11, 2018 8:50 PM