Thursday, June 19, 2014

WSUS Role failed on Windows server 2012 because of restart needed

Last week I did a new WSUS installation on a Windows Server 2012 R2 system. During installation however the WSUS Role failed and a restart was needed. After restart installing WSUS again it was still failed and restart was needed again. The error message shown was: "The request to add or remove features on the specified server failed. the operation cannot be completed because the server that you specified requires a restart."

After looking in Event Viewer the following message was seen:
The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
Service: MSSQL$MICROSOFT##WID
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
This service account does not have the required user right "Log on as a service."

User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.


The solution for this is to assign the "Log on as a service" user right to the "NT SERVICE\ALL SERVICES" account. This can be done in Group Policy or Local Policy as well: Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment. When doing an GPUPDATE / FORCE on the server WSUS installation went fine on first try. Just great it worked!

Source: ESwar KNOeti

No comments:

Post a Comment