WSUS on Domain Controller – Issues

Is WSUS supported on Domain Controllers?


Oh yes – WSUS if fully supported on Domain Controllers. There are no issues with installing and running WSUS on a DC’s. However, you need to take a note of few things;


There are 2 known issues as documented on ReadMe for Windows Server Update Services;


Issue 10: If you install WSUS on a member server and then want to promote the member server to a domain controller, you should first uninstall WSUS



If you install WSUS on a member server and then want to promote the member server to a domain controller, you will need to take the following steps:













1.


Uninstall WSUS.


2.


Promote the server to a domain controller.


3.


Reinstall WSUS.


Issue 11: If you want to demote a WSUS Server from a domain controller to a member server you should first uninstall WSUS



If you’re running WSUS Server on a domain controller and want to demote the domain controller to a member server, you will need to complete the following steps:
















1.


Uninstall WSUS and retain the database.


2.


Create a user account called ASPNET.


3.


At the command prompt, type aspnet_regiis -i.


4.


Reinstall WSUS and use the retained database.




 


 


Other Known Issues as seen in microsoft.public.windows.server.update_services community.

 

UPDATED ON 5/17/2006.

 

Issue 1: Uninstalling WSUS on DC removes WSUS Administrators group from Active Directory.

 

Bobby P says:

Last week I was having an issue with running WSUS on a new DC (turns out someone had screwed up IIS, but I didn’t know that at the time), so first thing I did was uninstall/reinstall WSUS.  Soon afterward I got calls from local WSUS admins saying they were unable to authenticate to the WSUSAdmin console.  I checked AD and there was an empty WSUS Administrators group in the default Users OU, and the ACLs on the folders on the WSUS servers once again had “account unknown” listed instead of WSUS Administrators. It looks like uninstalling WSUS on one domain controller removes the security group from the domain, rendering all non “domain admins” unable to use the WSUSAdmin console on any other domain controller.   



 

MORE INFORMATION

 

A downloadable copy of ReadMe for Windows Server Update Services is available on the Microsoft Download Center at http://go.microsoft.com/fwlink/?LinkId=48126.

Leave a Reply

Your email address will not be published. Required fields are marked *