Windows Server Update Services (WSUS) installation fails

Windows Server Update Services (WSUS) installation fails

When you try to install Windows Server Update Services (WSUS) on Windows server 2012 R2 you might get the error

The request to add or remove features on the specified server failed. The operation cannot be completed, because the server that you specified requires a restart.

image

Restarting the server does not change anything.

Looking at the event log will give us a good idea about the cause of the problem:

The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICEMSSQL$MICROSOFT##WID with the currently configured password due to the following error:

Logon failure: the user has not been granted the requested logon type at this computer.

Service: MSSQL$MICROSOFT##WID

Domain and account: NT SERVICEMSSQL$MICROSOFT##WID

This service account does not have the required user right “Log on as a service.”

User Action

Assign “Log on as a service” to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.

If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.

image

One typical reason could be a Group policy in Active Directory restricting the Log on as a Service right to something other than expected by Windows, as shown below:

Removing this policy or configuring it with the rights expected by Windows would be a good place to start.

image

image

Default Local security Setting on Windows Server 2012 R2 would normally be:

image

When you successfully install WSUS on a Windows 2012 R2 server with no GPO’s, the local Security Setting would change to:

image

+ posts

Table of Contents

Share this post
Search blog posts
Search
Authors
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.

Modern Workplace consultant and a Microsoft MVP in Windows and Devices.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Cloud & security specialist with focus on Microsoft 365.

Cloud & Security Specialist, with a passion for all things Cybersecurity

Cloud and infrastructure security specialist with background in networking.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.

follow us in feedly
Categories

Follow on SoMe