Submit a ticketCall us
Home > Success Center > Patch Manager > Error when adding or modifying a WSUS server in Patch Manager

Error when adding or modifying a WSUS server in Patch Manager

Overview

When you add or modify a WSUS server in Patch Manager, the following error displays:

Unable to connect to the WSUS Server using the account: domain\admin. Request for principal permission failed.

error-message.png

Environment

Patch Manager version 2.1.x

Cause 

The fully-qualified domain name (FQDN) and Canonical Name fields in the Add or Modify WSUS Server window are blank or not filled out completely for the WSUS server. This issue can also occur when the Patch Manager service account does not have sufficient access to the WSUS server.

Resolution

  1. Log in to the Patch Manager Admin Console as an administrator.
  2. In the navigation pane, expand Enterprise > Update Services and select the WSUS server.
    SPM-Admin-Guide-Select-WSUS-Server.png
  3. In the center pane, select your WSUS server.
  4. In the Actions pane, click Add or Configure WSUS Server.
  5. In the Add or Modify WSUS Server window, complete the Hostname or FQDN and Canonical Name fields.

    add-or-modify-wsus-server2.png

    For the Canonical Name field, you can enter an IP address in the following format:

    \xxx.xx.xxx.xxx

  6. Test the connection.

    If the connection passes, click Save. You are finished.

    If the connection does not pass, elevate the service account in Local Users and Groups.

Elevate the Service account

  1. Navigate to Local Users and Groups.
  2. Go to ewdgssvc-xxxx and join in the WSUS Administrator and Administrator Group.
  3. Save your changes.
  4. Restart the EminentWare Data Grid Service.
    If the error message does not display, you are finished.
    If the error message displays, check the WSUS server logs to verify the connection.

Check the WSUS server logs to verify the connection

  1. Open the Event Viewer on the WSUS server.
  2. Expand Windows Logs and select Application.
  3. Search the recent events for any error events related to WSUS.
    The service account used by Patch Manager may have experienced a logon failure or access denied event.
  4. Add the Patch Manager Service Account to the WSUS Administrators group on the WSUS server.
    If the WSUS server is an Automation server, you may need to add the local account that you created when you installed the Automation Server role. 
  5. Verify that the error no longer displays.
    If the error does not display, you are finished.
    If the error displays, verify that the Primary Application Server (PAS) and WSUS are on the same server

Verify that the PAS and WSUS are on the same server

  1. Log in to SQL Server Management Studio.
    Use SQL Server Management Studio 2008 for Patch Manager 2.1.3 and earlier.
    Use SQL Server Management Studio 2014 for Patch Manager 2.1.4 and later or the appropriate version if they are using enterprise SQL.
  2. Review the dbo.device and dbo.gc_device tables for duplicate entries for the WSUS server.
    Be sure not to delete the PAS entry. You can confirm the PAS Device ID in the console by expanding Patch Manager System Configuration and selecting Patch Manager Servers.
  3. Delete the duplicate entry.
  4. Restart the EminentWare Data Grid Server Service.
  5. Launch the console and re-add the WSUS server.
  6. Verify that the error no longer displays.
    If the error does not display, you are finished.
    If the error displays, check the PAS and Application server or contact Support

 

 

Last modified

Tags

Classifications

Public