Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Patch Manager > Request for principal permission failed

Request for principal permission failed

Created by Leif Amland, last modified by Justin Rouviere on Apr 10, 2017

Views: 266 Votes: 1 Revisions: 8


This article describes the issue when you receive the following error:

Unable to connect to the WSUS Server using the account: domain\admin. Request for principal permission failed.




Patch Manager version



This issue occurs because the FQDN and Canonical Name are not filled out completely for the WSUS server.  It can also occur if the service account for Patch Manager doesn't have sufficient access to the WSUS server.



  1. Select and highlight Update Services.
  2. Choose your WSUS server and select Configure WSUS Server.
  3. Fill in the Hostname/FQDN box as well as the Canonical Name. You can use an IP address for the Cannonical name just use the format \
  4. Test the connection.


2nd Option: Elevate the service account (ewdgssvc-xxxx)

1. Go to Local Users and Groups

2. Go to ewdgssvc-xxxx and join in WSUS Administrator and Administrator Group

3. Save and Restart the EminentWare Data Grid Service


If the above steps have not resolved the issue, check the logs on the WSUS server to verify connectivity:

  1. Open Event Viewer on the WSUS server.
  2. Expand Windows Logs.
  3. Select Application.
  4. Search the recent events for any Error events related to WSUS.
  5. The service account that Patch Manager is using may be getting a logon failure or access denied.
  6. Add the Patch Manager Service Account to the WSUS Administrators group on the WSUS server.

Note:  If this is an Automation Server you may also need to add the local account created during the installation of the Automation Server role.



Last modified
14:27, 10 Apr 2017