locked
Installing WSUS role on Domain Controller RRS feed

  • Question

  • HI,

    I am trying to install the WSUS role on a Windows 2012 STD server which is currently configured as a Domain Controller.  Getting the below error while doing the post installation configuration.

    Log file is located at C:\Users\gblsccmserv1\AppData\Local\Temp\tmp9160.tmp

    Post install is starting

    Fatal Error: Value cannot be null.

    Parameter name: identity

    Could anyone help on this.  Also is there any restriction to install WSUS on a Domain Controller?


    Regards Nikhil S

    Wednesday, December 24, 2014 9:17 PM

Answers

  • I have re-installed the operating system, installed WSUS and then configured the Active Directory role. This time it worked without any errors. :)

    Regards Nikhil S

    • Proposed as answer by DonPick Tuesday, January 6, 2015 10:02 PM
    • Marked as answer by Daniel JiSun Wednesday, January 7, 2015 1:08 AM
    Tuesday, January 6, 2015 8:10 PM

All replies

  • Don't know if it's restricted or not, but it's definitely not a best practice to use you DC for anything else than the Active Directory.
    Wednesday, December 24, 2014 9:31 PM
  • Thanks for the response.

    I need to place one server in DMZ for managing internet based SCCM clients, so configuring a domain and SCCM roles on the same server.


    Regards Nikhil S

    Wednesday, December 24, 2014 9:42 PM
  • I don't believe it's restricted, but I"ve seen during post configuration error that sometimes the SQL settings are populated wrong (it will use a NetBIOS name instead of FQDN or something else that may not resolve correctly).  Typically (at least on 2012/R2) you can "configure manually" and verify all the post configuration settings.

    I have to make a LOT of assumptions in that suggestion ... we'd have to know more about your environment like is WSUS even using a SQL backend or just the native db?

    Typically in a DMZ scenario I recommend to clients to allow 443 to an SSL enabled WSUS/MP/DP on the inside or even treat DMZ machines as internet only mode and share the public route as opposed to a purposed built DMZ authentication system.  Technically yes:  it's less secure this way to have a DMZ resource that can talk into private, but when you start getting into a truly isolated configuration (one-way SQL replication for the localized MP to connect to plus all other roles, one way trust to a DMZ domain, etc.) you end up with a system that is a nightmare to upgrade (to install service packs you have to disable all SQL replication, install the update, then re-configure the replication DB and sometimes even redeploy the roles).

    Just keep in the back of your head you need to support this going forward ... 

    EDIT:  read more closely and saw that this is for Internet facing systems so this is a DMZ based MP you are configuring, not other boxes in the DMZ.  I've always put the DCs on a separate machine ... but again:  I don't *think* there's a restriction there.
    • Edited by Justin.King Wednesday, December 24, 2014 10:42 PM
    Wednesday, December 24, 2014 10:33 PM
  • Log file is located at C:\Users\gblsccmserv1\AppData\Local\Temp\tmp9160.tmp

    Post install is starting

    Fatal Error: Value cannot be null.

    Parameter name: identity

    open the logfile with notepad or similar - what does it reveal ?

    Also, note that the dedicated WSUS forum is here:
    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverwsus


    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)


    • Edited by DonPick Wednesday, December 24, 2014 10:53 PM
    Wednesday, December 24, 2014 10:53 PM
  • Hello,

    If you have to install WSUS on a DC, you should take more into consideration, check this article:

    Guidance about WSUS on a Domain Controller

    And it is still not recommended to install WSUS on DC.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, December 25, 2014 2:43 AM
  • It is never a good idea,  Throw up another VM and install WSUS on there.
    Friday, December 26, 2014 10:19 PM
  • I have re-installed the operating system, installed WSUS and then configured the Active Directory role. This time it worked without any errors. :)

    Regards Nikhil S

    • Proposed as answer by DonPick Tuesday, January 6, 2015 10:02 PM
    • Marked as answer by Daniel JiSun Wednesday, January 7, 2015 1:08 AM
    Tuesday, January 6, 2015 8:10 PM