Submit a ticketCall us

Get a crash course on Network Monitoring delivered right to your inbox
This free 7-day email course provides a primer to the philosophy, theory, and fundamental concepts involved in IT monitoring. Lessons will explain not only how to perform various monitoring tasks, but why and when you should use them. Sign up now.

Home > Success Center > Patch Manager > Request for principal permission failed

Request for principal permission failed

Created by Leif Amland, last modified by Justin Rouviere on Apr 10, 2017

Views: 174 Votes: 1 Revisions: 8

Overview

This article describes the issue when you receive the following error:

Unable to connect to the WSUS Server using the account: domain\admin. Request for principal permission failed.

 

 

Environment

Patch Manager version 2.1.1.2005

 

Cause 

This issue occurs because the FQDN and Canonical Name are not filled out completely for the WSUS server.  It can also occur if the service account for Patch Manager doesn't have sufficient access to the WSUS server.

 

Resolution

  1. Select and highlight Update Services.
  2. Choose your WSUS server and select Configure WSUS Server.
  3. Fill in the Hostname/FQDN box as well as the Canonical Name. You can use an IP address for the Cannonical name just use the format \111.11.111.111.
  4. Test the connection.

 

2nd Option: Elevate the service account (ewdgssvc-xxxx)

1. Go to Local Users and Groups

2. Go to ewdgssvc-xxxx and join in WSUS Administrator and Administrator Group

3. Save and Restart the EminentWare Data Grid Service

 

If the above steps have not resolved the issue, check the logs on the WSUS server to verify connectivity:

  1. Open Event Viewer on the WSUS server.
  2. Expand Windows Logs.
  3. Select Application.
  4. Search the recent events for any Error events related to WSUS.
  5. The service account that Patch Manager is using may be getting a logon failure or access denied.
  6. Add the Patch Manager Service Account to the WSUS Administrators group on the WSUS server.

Note:  If this is an Automation Server you may also need to add the local account created during the installation of the Automation Server role.

 

 

Last modified
14:27, 10 Apr 2017

Tags

Classifications

Public