Showing posts with label WSUS. Show all posts
Showing posts with label WSUS. Show all posts

May 24, 2018

WSUS Connection Error - Reset Server Node

I am setting up WSUS and am using a 2012 R2 Server. I got to the point where WSUS was syncing with Microsoft, but after approving critical updates WSUS now opens with "Error: Connection Error. Click Reset Server Node to try to connect to the server again." Clicking Reset Server Node does nothing

Here's what I found to work in a customers production environment:

1. On your WSUS Server, launch the IIS Manager

2. Open Application Pools


3. Right click 'WsusPool' and select 'Advanced Settings...'
4. When the Advanced Settings window opens up find the Recycling section near the bottom. 


5. Change Private Memory Limit (KB) to a higher number that fits your server specifications or ‘0’, which means no limit, instead of the hard-coded 1258015.


Since implementing this change, WSUS has been available consistently through the console and clients checking for new updates.

Good luck!

May 21, 2018

WSUS lỗi ko nhìn thấy Computers trong mạng nội bộ

Ở bài trước, khi tiến hành add thêm role WSUS cho server để cập nhật windows từ server thì gặp lỗi
 WSUS Role failed to add in Roles and Features on Server 2012 R2. Khi sửa xong tiến hành add role lại bình thường.
Quá trình cài đặt tiếp theo diễn ra suôn sẻ không vấn đề gì. Nhưng lại bị 1 lỗi khác là WSUS ko nhìn thấy bất kỳ máy tính nào trong mạng nội bộ.



Các bản cập nhật tải về đầy đủ



Các máy con đã nhận Policy windows update.



SOLVE:

Sau khi tìm hiểu về lỗi này thì sau đây là hướng giải quyết cho vấn đề trên

1. Lỗi này do chưa update gói cập nhật đầy đủ cho server WSUS
Truy cập đường dẫn bên dưới để tải bản cập nhật về :
Chạy gói cập nhật xong, khởi động lại windows

2. Tùy chỉnh Policy windows update cho đúng
Đối với Windows Server 2012 phải thêm :8530 phía sau IP server WSUS

Windows Svr 2008 thì ko cần port phía sau

3. Mở port trên FW đảm bảo port của WSUS 3850 và 3851 ko bị chặn thì client mới thấy

Kết quả:




trên đây là cách mình đã làm và thành công!
Ngoài ra các bạn có thể tham khảo thêm bài viết hỏi đáp của 1 bác trên facebook về vấn đề WSUS tại đây



May 18, 2018

WSUS Role failed to add in Roles and Features on Server 2012 R2

I was attempting to install WSUS role and I faced to below issue during the installation.
The request to add or remove features on the specified server failed.
The operation cannot be completed because the server that you specified requires a restart.

Go to event viewer -> windows logs->system ,you see below error message:

The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
Service: MSSQL$MICROSOFT##WID
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
This service account does not have the required user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
How do i fix this ?
To fix this first restart the server
There are 2 possible solutions to fix this issue :
1) By adding the account (NT SERVICE\MSSQL$MICROSOFT##WID) to log on as service using gpedit.msc 2)  implement the same solution using GPO.
- Add account NT SERVICE\MSSQL$MICROSOFT##WID as log on as service using GPEDIT.MSC on local server
Open gpedit.msc using administrator account ,Computer Configuration—>Windows Settings—>Security Settings—>Local Policies—>User Rights Assignment
Go to properties of Logon as Service,click on Add user or Group,Enter NT SERVICE\MSSQL$MICROSOFT##WID ,click ok.
Restart the server and start installing WSUS role .
2) Implementing using GPO :
Go to your group policy management console,edit default domain policy
Computer Configuration—>Policies—>Windows Settings—>Security Settings—>Local Policies—>User Rights Assignment
Note: It is not mandatory to edit the default domain Policy to enable this setting.You can also create new GPO and ensure to have Enforced (running on Server 2012) option is selected which can not be overwritten by Default Domain Controller.

Go to properties of Logon as Service,click on Add user or Group,Enter NT SERVICE\ALL SERVICES ,click OK.

open command prompt and type gpupdate /Force to apply the GPO settings.



Once you confirmed the settings are applied,Start the installation of WSUS role again,this time It should be okay.
Hope it Helps!