Connected from Different Computer –

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          10/24/2016 11:51:49 AM
Event ID:      4006
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Description:
The Windows logon process has failed to spawn a user application. Application name: taskmgr.exe. Command line parameters: taskmgr.exe /3 .

Got below Event.

Solution –

Safe Mode Works.

Solution 1 –  (didn’t work for me)

Tried Re-adding Below Accounts

• Interactive account
• Authenticated Users

This may occur when the membership of the local Users group is changed from the default settings. By default, the local Users group should contain the Interactive account and the Authenticated Users group.
By default, User Account Control (UAC) is enabled. At logon, the standard user access token is built, and if the Users group is missing the default members, the user will be unable to interact with the desktop, resulting in the blank desktop being displayed.

Solution 2 – (Worked for me)

Connected to Registry from Different Machine.

Logged in to Safe mode. Run on Powershell

Set-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -Value 0

or you can connect via remote registry and modify the registry as well.

Had to do a migration Windows Server Update Services (WSUS) Migration from 2008 R2 to 2012 R2

WSUS 3.2 Windows Server 2008 R2 to WSUS 6.3 Windows Server 2012 R2

Criteria’s has to be Met in my case.

• Retain Same Name.
• Retain Same IP.
• Retain Same Port – WSUS currently Running on Port 80.
• Downstream servers will be migrated later.

Use can use the Same methods to bring a new Server and do the same process. it shouldn’t be a issue.

Tasks –

• Take SQL Backup
• Copy WSUSContent Binaries.
• Install Test Windows Server , Test Domain , Install WSUS Role to verify it imports the database ok on 2012R2 . (Optional)
• Collected Local Administrators to manually Apply it Again on New server.
• Build New Server
• Restore SQL Database , WSUS Binaries on New Server.
• Verify Downstream servers.
• Verify Client Machines.

Step 1 –

Take SQL Backup .bak file of WSUS internal Database.

Login to Windows 2008 R2

Download SQL Server management Studio and install it .

Connect it to the Windows internal Database and take a backup of it.

Login as WSUS administrator. Run SQL Management Studio as Administrator

Server Instance

\\.\pipe\mssql$microsoft##ssee\sql\query

Windows Authentication

Choose Copy-Only Backup

Step 2 –

Copy WSUSContent Binaries.

Copy WSUSContent Folder to Safe Location for avoiding downloading the binaries again.

Step 3 –

Collected Local Administrators to manually Apply it Again on New server.

Step 4 –  (Optional if you don’t want to retain Same Name,IP)

• Turned off Old WSUS server.
• Renamed the VM
• Removed Active Directory Account
• Built the WSUS Server with Same Name, Same IP
• Installed WSUS Role . Next Next Leave everything default (Specified Store Updates D:\WSUS in my case).

Enter the Path to store Upates

Step 5 –

Restore SQL Database on New Server.

Login as WSUS administrator. Run SQL Management Studio as Administrator

Server Instance

\\.\pipe\Microsoft##WID\tsql\query

Windows Authentication

Take a Backup of the Default Database.

Run the Query  to Drop the Default Database –

USE master

GO

ALTER DATABASE SUSDB SET SINGLE_USER WITH ROLLBACK IMMEDIATE

GO

DROP DATABASE SUSDB

GO

Placed the Backup as below location on the new server – C:\WsusBackup\SUSDB.bak’

Run the Query  to Restore the Database –

RESTORE DATABASE [SUSDB] FROM DISK = N'C:\WsusBackup\SUSDB.bak' WITH FILE = 1, MOVE N'SUSDB' TO N'c:\Windows\WID\Data\susdb.mdf', MOVE N'SUSDB_log' TO N'c:\Windows\WID\Data\SUSDB_log.ldf', NOUNLOAD, STATS = 10

Copy the WSUSContent Binaries Folder – Merge it on the New server – Same location .

Then Run below

Cd “C:\Program Files\Update Services\Tools”

.\WsusUtil.exe postinstall CONTENT_DIR=D:\WSUS

Open Powershell ISE Run as Administrator

Make WSUS as Active.

$updateServer = get-wsusserver

$config = $updateServer.GetConfiguration()

$config.ServerId = [System.Guid]::NewGuid()

$config.Save()

Do Post Install for Completion

.\WsusUtil.exe postinstall

if you don’t want to use the default Port.  and use Port 80 for Updates (Optional)

Run below

.\WsusUtil.exe usecustomwebsite false

Step 6 –

Verify Downstream servers.

Now if you have downstream servers. Run Sync it should sync to verify things are fine.

if it  doesn’t work

Try Unchecking Replica and put it back . Run Sync again.

If you used a different name, Update the same.

Default Ports WSUS _ Reference

• On WSUS 3.2 and earlier, port 80 for HTTP and 443 for HTTPS.
• On WSUS 6.2 and later , port 8530 for HTTP and 8531 for HTTPS

Step 7 –

Verify Client Machines.

Login to a client Machine Windows 7.

Run

wuaclt.exe /detectnow

wuaclt.exe /reportnow

C:\Windows\WindowsUpdate.log

To verify If it connects ok .

Try to Approve some patches and download.

Known Issues 1 – WSUS 2012 R2 

After Windows Updates . Databases didn’t Start up.

Log Name: Application
Source: MSSQL$MICROSOFT##WID
Event ID: 18456
Task Category: Logon
Level: Information
Keywords: Classic,Audit Failure
User: NETWORK SERVICE
Description:
Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’. Reason: Failed to open the explicitly specified database ‘SUSDB’. [CLIENT: <named pipe>]

Get-Hotfix -ID KB3159706

Found its installed.

Ran below steps;

• Open an elevated Command Prompt and run “C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing
• Enable HTTP Activation under .NET Framework 4.5 Features in the Server Manager Add Roles and Features Wizard
• Restart the WSUS service

Known Issues 2 – Windows 10 Update Error 0x80070643 Client Side.

Resolution-

Resetting Windows Client Update Components (For Client Side Only)-

Please follow the below steps to reset the Windows Updates Components:

1. Press Windows Key + X on the keyboard and then select “Command Prompt (Admin)” from the menu.
2. Stop the BITS, Cryptographic, MSI Installer and the Windows Update Services. To do this, type the following commands at a command prompt. Press the “ENTER” key after you type each command.                     

   net stop wuauserv

   net stop cryptSvc

   net stop bits

   net stop msiserver

3. Now rename the SoftwareDistribution and Catroot2 folder. You can do this by typing the following commands in the Command Prompt. Press the “ENTER” key after you type each command.                        

ren C:\Windows\SoftwareDistribution SoftwareDistribution.old

ren C:\Windows\System32\catroot2 Catroot2.old

4. Now, let’s restart the BITS, Cryptographic, MSI Installer and the Windows Update Services. Type the following commands in the Command Prompt for this. Press the ENTER key after you type each command. 

net start wuauserv

net start cryptSvc

net start bits

net start msiserver

5. Type Exit in the Command Prompt to close it.