Windows Internal Database will not start after Install Active Directory

Hello,

I read the KB article below for the fix BUT where is the <MSI_File_Name> the
article is asking for? How can I download the job?



http://support.microsoft.com/kb/929665



Msiexec <MSI_File_Name> CALLERID=OCSetup.exe REINSTALL=ALL
REINSTALLMODE=omus /qn REBOOT=ReallySupress /l*v <Log_File_Path>



Thanks,

Jim

Hello Jim,

That's your installation file either on your server cd or sql cd. So search
on your disks for .msi files.

Best regards

Myweb
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.

> Hello,
>
> I read the KB article below for the fix BUT where is the
> <MSI_File_Name> the article is asking for? How can I download the job?
>
> http://support.microsoft.com/kb/929665
>
> Msiexec <MSI_File_Name> CALLERID=OCSetup.exe REINSTALL=ALL
> REINSTALLMODE=omus /qn REBOOT=ReallySupress /l*v <Log_File_Path>
>
> Thanks,
>
> Jim
>

Well I actually set up wsus3.0 using the WSUS3Setupx86.exe which installed
the Windows Internal Database on it's own so I don't have a Windows Internal
Database.msi. Thats My problem. Where is and which .msi am I looking for?
Jim


"Myweb" <meiweb@gmx.de> wrote in message
news:ff16fb664022d8c992d9b0876b78@msnews.microsoft .com...
> Hello Jim,
>
> That's your installation file either on your server cd or sql cd. So
> search on your disks for .msi files.
>
> Best regards
>
> Myweb
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
>
>> Hello,
>>
>> I read the KB article below for the fix BUT where is the
>> <MSI_File_Name> the article is asking for? How can I download the job?
>>
>> http://support.microsoft.com/kb/929665
>>
>> Msiexec <MSI_File_Name> CALLERID=OCSetup.exe REINSTALL=ALL
>> REINSTALLMODE=omus /qn REBOOT=ReallySupress /l*v <Log_File_Path>
>>
>> Thanks,
>>
>> Jim
>>
>
>

When you run the setup binary (.exe file), it self-extracts to a temp
folder. The MSI is under wYukon sub folder inside that temp folder.

--
Fei Cao
Microsoft, WSUS

This posting is provided "As Is" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Jim" <jim@camden.lib.nj.u$> wrote in message
news:%23D5AKTLxHHA.4592@TK2MSFTNGP05.phx.gbl...
> Well I actually set up wsus3.0 using the WSUS3Setupx86.exe which installed
> the Windows Internal Database on it's own so I don't have a Windows
> Internal Database.msi. Thats My problem. Where is and which .msi am I
> looking for?
> Jim
>
>
> "Myweb" <meiweb@gmx.de> wrote in message
> news:ff16fb664022d8c992d9b0876b78@msnews.microsoft .com...
>> Hello Jim,
>>
>> That's your installation file either on your server cd or sql cd. So
>> search on your disks for .msi files.
>>
>> Best regards
>>
>> Myweb
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>>
>>> Hello,
>>>
>>> I read the KB article below for the fix BUT where is the
>>> <MSI_File_Name> the article is asking for? How can I download the job?
>>>
>>> http://support.microsoft.com/kb/929665
>>>
>>> Msiexec <MSI_File_Name> CALLERID=OCSetup.exe REINSTALL=ALL
>>> REINSTALLMODE=omus /qn REBOOT=ReallySupress /l*v <Log_File_Path>
>>>
>>> Thanks,
>>>
>>> Jim
>>>
>>
>>
>
>

"Jim" <jim@camden.lib.nj.u$> wrote in message
news:%23D5AKTLxHHA.4592@TK2MSFTNGP05.phx.gbl...
> Well I actually set up wsus3.0 using the WSUS3Setupx86.exe which installed
> the Windows Internal Database on it's own so I don't have a Windows
> Internal Database.msi. Thats My problem. Where is and which .msi am I
> looking for?

Jim, can you please clarify your subject line...

Re: Windows Internal Database will not start after Install Active Directory


Did you run dcpromo on this system *after* installing IIS/WSUS???


--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/pr...2-D095EB07B36E

Everything you need for WSUS is at
http://www.microsoft.com/wsus

And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....

Lawrence,
It was a WSUS member server. Then I dcpromo it up to a DC.
Jim


"Lawrence Garvin (MVP)" <onsitech@community.nospam> wrote in message
news:uOJti5PxHHA.4476@TK2MSFTNGP06.phx.gbl...
> "Jim" <jim@camden.lib.nj.u$> wrote in message
> news:%23D5AKTLxHHA.4592@TK2MSFTNGP05.phx.gbl...
>> Well I actually set up wsus3.0 using the WSUS3Setupx86.exe which
>> installed the Windows Internal Database on it's own so I don't have a
>> Windows Internal Database.msi. Thats My problem. Where is and which .msi
>> am I looking for?
>
> Jim, can you please clarify your subject line...
>
> Re: Windows Internal Database will not start after Install Active
> Directory
>
>
> Did you run dcpromo on this system *after* installing IIS/WSUS???
>
>
> --
> Lawrence Garvin, M.S., MCTS, MCP
> Independent WSUS Evangelist
> MVP-Software Distribution (2005-2007)
> https://mvp.support.microsoft.com/pr...2-D095EB07B36E
>
> Everything you need for WSUS is at
> http://www.microsoft.com/wsus
>
> And, almost everything else is at
> http://wsusinfo.onsitechsolutions.com
> ....
>

Well I got the .msi and ran it but I kept getting the popup screen with all
the msiexec.exe switches. The following was my command line:
E:\>Msiexec ssee_10.msi CALLERID=OCSetup.exe REINSTALL=ALL
REINSTALLMODE=omus /q
n REBOOT=ReallySupress /l*v E:\log

I also did what Fei Cao (MSFT) <feicao@online.microsoft.com> said in a
related article to unistall wsus3.0 which was successful:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup], change
the value for "wYukonInstalled" from 1 to 0, then run the unstall --you need
to choose to leave Database behind on the first page of uninstall wizard.

Problem: The Windows Internal Database is still in the add/remove programs
and will not allow me to remove it with a fatal error and when I reinstall
wsus3 it tries to connect to the Windows Internal Database but fails.

Any other ideas? I really dont want to flatten the box and start over. It is
in production because it was working fine untill I promoted it to a DC..
Thanks,
Jim

"Jim" <jim@camden.lib.nj.u$> wrote in message
news:%23D5AKTLxHHA.4592@TK2MSFTNGP05.phx.gbl...
> Well I actually set up wsus3.0 using the WSUS3Setupx86.exe which installed
> the Windows Internal Database on it's own so I don't have a Windows
> Internal Database.msi. Thats My problem. Where is and which .msi am I
> looking for?
> Jim
>
>
> "Myweb" <meiweb@gmx.de> wrote in message
> news:ff16fb664022d8c992d9b0876b78@msnews.microsoft .com...
>> Hello Jim,
>>
>> That's your installation file either on your server cd or sql cd. So
>> search on your disks for .msi files.
>>
>> Best regards
>>
>> Myweb
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>>
>>> Hello,
>>>
>>> I read the KB article below for the fix BUT where is the
>>> <MSI_File_Name> the article is asking for? How can I download the job?
>>>
>>> http://support.microsoft.com/kb/929665
>>>
>>> Msiexec <MSI_File_Name> CALLERID=OCSetup.exe REINSTALL=ALL
>>> REINSTALLMODE=omus /qn REBOOT=ReallySupress /l*v <Log_File_Path>
>>>
>>> Thanks,
>>>
>>> Jim
>>>
>>
>>
>
>

Oh by the way I ran also:
"msiexec /x {CEB5780F-1A70-44A9-850F-DE6C4F6AA8FB} CALLERID=ocsetup.exe" and
this uninstall operation failed with a fatal error.

"Lawrence Garvin (MVP)" <onsitech@community.nospam> wrote in message
news:uOJti5PxHHA.4476@TK2MSFTNGP06.phx.gbl...
> "Jim" <jim@camden.lib.nj.u$> wrote in message
> news:%23D5AKTLxHHA.4592@TK2MSFTNGP05.phx.gbl...
>> Well I actually set up wsus3.0 using the WSUS3Setupx86.exe which
>> installed the Windows Internal Database on it's own so I don't have a
>> Windows Internal Database.msi. Thats My problem. Where is and which .msi
>> am I looking for?
>
> Jim, can you please clarify your subject line...
>
> Re: Windows Internal Database will not start after Install Active
> Directory
>
>
> Did you run dcpromo on this system *after* installing IIS/WSUS???
>
>
> --
> Lawrence Garvin, M.S., MCTS, MCP
> Independent WSUS Evangelist
> MVP-Software Distribution (2005-2007)
> https://mvp.support.microsoft.com/pr...2-D095EB07B36E
>
> Everything you need for WSUS is at
> http://www.microsoft.com/wsus
>
> And, almost everything else is at
> http://wsusinfo.onsitechsolutions.com
> ....
>

Well after all the mombo jumbo typed below. I changed the service startup
for WID from network service to local system account and the WID started. I
was now able to reinstall WSUS3 and it connected to the database.
Jim
"Jim" <jim@camden.lib.nj.u$> wrote in message
news:uHyqynKxHHA.1164@TK2MSFTNGP02.phx.gbl...
> Hello,
>
> I read the KB article below for the fix BUT where is the <MSI_File_Name>
> the article is asking for? How can I download the job?
>
>
>
> http://support.microsoft.com/kb/929665
>
>
>
> Msiexec <MSI_File_Name> CALLERID=OCSetup.exe REINSTALL=ALL
> REINSTALLMODE=omus /qn REBOOT=ReallySupress /l*v <Log_File_Path>
>
>
>
> Thanks,
>
> Jim
>
>
>
>

"Jim" <jim@camden.lib.nj.u$> wrote in message
news:OJSSZqUxHHA.4352@TK2MSFTNGP05.phx.gbl...
> Lawrence,
> It was a WSUS member server. Then I dcpromo it up to a DC.

Well.. that's the FIRST thing that broke the box.

You *cannot* dcpromo an IIS server. Period.

Uninstall WSUS. Uninstall IIS. Reinstall IIS. Reinstall WSUS.

--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/pr...2-D095EB07B36E

Everything you need for WSUS is at
http://www.microsoft.com/wsus

And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....

Of course you can dcpromo an IIS box

Cheers
Ken

"Lawrence Garvin (MVP)" <onsitech@community.nospam> wrote in message
news:ecpgi6axHHA.3400@TK2MSFTNGP03.phx.gbl...
>
> "Jim" <jim@camden.lib.nj.u$> wrote in message
> news:OJSSZqUxHHA.4352@TK2MSFTNGP05.phx.gbl...
>> Lawrence,
>> It was a WSUS member server. Then I dcpromo it up to a DC.
>
> Well.. that's the FIRST thing that broke the box.
>
> You *cannot* dcpromo an IIS server. Period.
>
> Uninstall WSUS. Uninstall IIS. Reinstall IIS. Reinstall WSUS.
>
> --
> Lawrence Garvin, M.S., MCTS, MCP
> Independent WSUS Evangelist
> MVP-Software Distribution (2005-2007)
> https://mvp.support.microsoft.com/pr...2-D095EB07B36E
>
> Everything you need for WSUS is at
> http://www.microsoft.com/wsus
>
> And, almost everything else is at
> http://wsusinfo.onsitechsolutions.com
> ....
>
>

"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:u0BtjmfxHHA.1184@TK2MSFTNGP04.phx.gbl...
> Of course you can dcpromo an IIS box

Only if you friggin want to break IIS!

Trust me, Ken.. I've seen several *hundred* attempts of people running
dcpromo on an IIS-installed box, and every one of them *breaks* IIS.

Here's exactly what happens:

When you install IIS on a non-DC server, it creates LOCAL accounts:
IUSR_machinename and IWAM_machinename, which are stored in the local SAM.
Everything that accesses IIS anonymously goes through the IUSR_machinename
account.

When you run dcpromo on such a system, it wipes out the SAM. Anonymous users
then try to find the IUSR_machinename account and it doesn't exist. Nothing
will work.

That's just the *basic* stuff! The complex stuff is even more complicated.

A similar problem occurs if you run dcpromo on a Domain Controller with IIS
installed. In this case the IUSR_machinename and IWAM_machinename accounts
are stored in Active Directory. Demoting the machine then makes all IIS
requests try to find the IUSR_machinename and IWAM_machinename accounts in
the local SAM -- but they don't exist.

Can you "fix" the scenario without uninstalling IIS. Sure you can. Microsoft
documented it a KB article for all those people who tried to dcpromo their
IIS box.

First option is to manually recreate the accounts in the domain, and
properly reassign *ALL* necessary permissions across the web server to those
domain accounts. This is not as simple as it might seem.

http://support.microsoft.com/kb/300432/en-us

This article used to be much more complicated that it is now (the article
used to explain how to 'reassign' all of the necessary permissions), and
really only applies to IIS5 on Windows 2000 -- which is a much less
complicated beast than IIS6 on Windows Server 2003.

But the problem also is that the local SAM is not the only thing dcpromo
messes with on an IIS-installed system:

http://support.microsoft.com/kb/332097/en-us


The *BEST* solution is to not run IIS on a Domain Controller at all.

The next *best* solution, if it becomes necessary to run dcpromo on a
machine with IIS installed is to:
[a] Uninstall all web applications.
[b] Uninstall IIS.
[c] Run dcpromo.
[d] Install IIS.
[e] Reinstall all web applications.


--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/pr...2-D095EB07B36E

Everything you need for WSUS is at
http://www.microsoft.com/wsus

And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....

"Lawrence Garvin (MVP)" <onsitech@community.nospam> wrote in message
news:%23Hxol$jxHHA.3956@TK2MSFTNGP06.phx.gbl...
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:u0BtjmfxHHA.1184@TK2MSFTNGP04.phx.gbl...
>> Of course you can dcpromo an IIS box
>
> Only if you friggin want to break IIS!

I've been doing this for a long time [1]. I can assure that there is no
issue running dcpromo to make the machine a Domain Controller. It certainly
doesn't break IIS per se

Running dcpromo does change a few things:
a) local account become domain accounts
b) a different security template is applied
So, if you app depends on any of these things you may have some issue that
you need to work around.

But IIS itself does not break just because you run dcpromo.

> Trust me, Ken.. I've seen several *hundred* attempts of people running
> dcpromo on an IIS-installed box, and every one of them *breaks* IIS.

I would suggest you try this again. Install IIS on a vanilla Windows server
box, then dcpromo it.

"Trust me" is all well and good, but being an IIS MVP, I'm sure I have
looked at more IIS scenarios than you have :-)


> When you run dcpromo on such a system, it wipes out the SAM. Anonymous
> users then try to find the IUSR_machinename account and it doesn't exist.
> Nothing will work.


IIS will logon the new domain IUSR_<servername> account instead.


> A similar problem occurs if you run dcpromo on a Domain Controller with
> IIS installed. In this case the IUSR_machinename and IWAM_machinename
> accounts are stored in Active Directory. Demoting the machine then makes
> all IIS requests try to find the IUSR_machinename and IWAM_machinename
> accounts in the local SAM -- but they don't exist.

There can be issues running DCPromo to remove AD on a machine that is
running IIS (I didn't consider this scenario in my original statement).
Effects vary depending on whether this is last DC in the domain or not.

I'm happy to discuss these as well, depending on the scenario that is being
faced.

Cheers
Ken

[1] I've been an IIS MVP for nearly 5 years now, I've written books and MS
TechNet articles on IIS, reviewed IIS MOCs, presented at over half a dozen
TechEds on IIS etc.

"Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
news:unCxCKpxHHA.536@TK2MSFTNGP06.phx.gbl...

>>> Of course you can dcpromo an IIS box
>>
>> Only if you friggin want to break IIS!
>
> I've been doing this for a long time [1]. I can assure that there is no
> issue running dcpromo to make the machine a Domain Controller. It
> certainly doesn't break IIS per se

I may concede this semantical argument, but a very simple application, like
WSUS, which pretty much runs as a anonymous access resource, gets totally
broken.

> Running dcpromo does change a few things:
> a) local account become domain accounts
> b) a different security template is applied
> So, if you app depends on any of these things you may have some issue that
> you need to work around.
>
> But IIS itself does not break just because you run dcpromo.

Riddle me this, then. :-)

If IIS wasn't broken in such a scenario, then one should only need to
uninstall the =APP=, and reinstall the =APP, and no changes on IIS would be
required at all. But several dozens of peoples, perhaps a hundred or more,
have personally observed the ramifications of running dcpromo on a WSUS
Server, and the *only* functional fix requires the uninstallation of IIS.

> I would suggest you try this again. Install IIS on a vanilla Windows
> server box, then dcpromo it.

You know.. I'll concede *this* scenario doesn't break anything.

But IIS is merely a *platform*. Now put an application on top of that
platform -- something simple like WSUS. Run dcpromo on a WSUS server. WSUS
breaks. Uninstall WSUS. Reinstall WSUS. WSUS is still broken? Why? Because
IIS needs to be reinstalled. Why does IIS need to be reinstalled if it's not
broken?

> IIS will logon the new domain IUSR_<servername> account instead.

Which is a *real* problem when all of the NTFS ACLs have the
MACHINE\IUSR_<servername> SIDs in them!


--
Lawrence Garvin, M.S., MCTS, MCP
Independent WSUS Evangelist
MVP-Software Distribution (2005-2007)
https://mvp.support.microsoft.com/pr...2-D095EB07B36E

Everything you need for WSUS is at
http://www.microsoft.com/wsus

And, almost everything else is at
http://wsusinfo.onsitechsolutions.com
.....

"Lawrence Garvin (MVP)" <onsitech@community.nospam> wrote in message
news:%23s2Z2npxHHA.1484@TK2MSFTNGP06.phx.gbl...
> "Ken Schaefer" <kenREMOVE@THISadOpenStatic.com> wrote in message
> news:unCxCKpxHHA.536@TK2MSFTNGP06.phx.gbl...
>
>>>> Of course you can dcpromo an IIS box
>>>
>>> Only if you friggin want to break IIS!
>>
>> I've been doing this for a long time [1]. I can assure that there is no
>> issue running dcpromo to make the machine a Domain Controller. It
>> certainly doesn't break IIS per se
>
> I may concede this semantical argument, but a very simple application,
> like WSUS, which pretty much runs as a anonymous access resource, gets
> totally broken.
>
>> Running dcpromo does change a few things:
>> a) local account become domain accounts
>> b) a different security template is applied
>> So, if you app depends on any of these things you may have some issue
>> that you need to work around.
>>
>> But IIS itself does not break just because you run dcpromo.
>
> Riddle me this, then. :-)
>
> If IIS wasn't broken in such a scenario, then one should only need to
> uninstall the =APP=, and reinstall the =APP, and no changes on IIS would
> be required at all. But several dozens of peoples, perhaps a hundred or
> more, have personally observed the ramifications of running dcpromo on a
> WSUS Server, and the *only* functional fix requires the uninstallation of
> IIS.
>
>> I would suggest you try this again. Install IIS on a vanilla Windows
>> server box, then dcpromo it.
>
> You know.. I'll concede *this* scenario doesn't break anything.
>
> But IIS is merely a *platform*. Now put an application on top of that
> platform -- something simple like WSUS. Run dcpromo on a WSUS server. WSUS
> breaks. Uninstall WSUS. Reinstall WSUS. WSUS is still broken? Why? Because
> IIS needs to be reinstalled. Why does IIS need to be reinstalled if it's
> not broken?

Well, I have not run into this scenario. What the specific fix is will
depend on what the specific error is. I will give this a go and see what
shakes loose.


>> IIS will logon the new domain IUSR_<servername> account instead.
>
> Which is a *real* problem when all of the NTFS ACLs have the
> MACHINE\IUSR_<servername> SIDs in them!

Which resource's access control lists (ACL)s have the SID for
machine\iusr_<machinename>?

All critical resources that IIS needs have ACEs for either the IIS_WPG or
the Users group, or are never touched by IUSR_<machinename> in the first
place (e.g. IUSR_<machinename> is not used by .NET applications). That is
why IIS continues to work even after DCPromo and making the box a DC.

Cheers
Ken