WSUS SUS .. Wiki Contributors .. I Love WSUS .. WSUS Wiki Diary .. Wiki Statistics .. To Do Page Miscellaneous Stuff .. Other Resources .. Do You Know? Terms of Use Trademarks Privacy Statement
|
SYMPTOMS In some cases, the AU service terminates with the following event log error:
Event Type: Error BACKGROUND This error was seen in a cloned PC environment that used newsid.exe to resolve SID duplication on cloned systems. The machine started complaining upon trying to start the AU service after that. Deleted the registry values that contain the WUS GUID's. But can't seem to start the AU service. Note: If you (Microsoft) fix this problem, please let us know here. Track ID is: 198320380. Comments:From rialtus - 2/14/06 12:00 PM I commented on this over in my LiveJournal (http://rialtus.livejournal.com/193982.html), but we had a case where a GPO was controlling the Automatic Updates and BITS services, and the resolution was to give Netwrok Service the Read right to the service. Everything worked smashingly after that.
From Neiltb - 4/18/05 8:04 AM After fixing the problem with the previous instructions, I soon broke again with the security template I had used when we first built the machines. Originally we were using another patch management solution so we had disabled Automatic Updates. When it was disabled, the default security settings (Pre SP2) were installed which removed Authenticated Users. In order to fix it without touching all of the computers manually, I modified the Default Computer Policy on the domain. I modified the Automatic Updates service in the policy and set the permissions on the service so that Authenticated Users had read access and of course set the service to Automatic. Once the policy was modified and updated on the SP2 machines, the service started. From Neiltb - 4/7/05 8:34 AM We ran into this problem and were able to resolve the issue. The problem was not solely with WSUS but with WSUS and Service Pack 2 for Windows XP. Problem was identified by using Article 892199. Cause: The problem may occur if certain Administrative Templates from the Windows XP Security Guide were applied to the computer before Windows XP SP2 was installed. The problem occurs because of a problem in some of the security templates that were published as part of the Windows XP Security Guide. In Windows XP SP2, remote procedure call (RPC) runs using the NT Authority\NetworkService account. The default security descriptor for services in Windows XP SP2 gives Read access to the Authenticated Users group, which includes the NT Authority\NetworkService account. Resolution: The service that controls the Automatic Updates service is named wuauserv. The default security descriptor (SD) gives READ access to LocalSystem (SY), PowerUsers (PU), and AuthenticatedUsers (AU), and it gives Full Control access to Administrators (BA). To view the SD of wuauserv, type SC sdshow wuauserv at the command prompt, and then press ENTER. The default SD appears and is similar to the following:
Note For more information about how to interpret the strings, visit the following MSDN Web site and search for SDDL or "ACE strings": http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/ace_strings.asp SC sdset wuauserv D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU) For more information about the SC sdset command, see Windows Help. Follow the same steps for the Windows Firewall/Internet Connection Sharing(ICS) service except replace wuauserv with SharedAccess. Last Modified 4/12/05 2:04 PM | Hide Tools |