And if you were going to say that the link provided was for the WID only...
You cannot run the SQL Server service under a local non-system account or by using SQL Server authentication. WSUS supports Windows authentication only.
WSUS SQL permissions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 15%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Stephen Skwierawski
36
Reputation points
Hi , I have a standalone WSUS server in a workgroup - I've attempted to migrate the WID database to a standard SQL server but am having connection issues.
One of the steps on the migration document ( https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/manage/wid-to-sql-migration#detach-susdb-from-the-windows-internal-database ) is to add the server name and domain as a security login [FQDN][WSUSComputerName]$ however the WSUS server is not on a domain but rather a workgroup and I can't add this entry in.
Without this i am seeing the error below when connecting to the SQL server from the WSUS server process and the WSUS console doesn't load.
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. Reason: Could not find a login matching the name provided. [CLIENT:CLIENTIP )
Am I missing a permission here ?
Windows for business | Windows Server | User experience | Other
Answer accepted by question author
Adam J. Marshall
10,786
Reputation points MVP
6 additional answers
Sort by: Most helpful
-
Stephen Skwierawski 36 Reputation points
2022-01-19T03:03:30.923+00:00 Thank you the links are at least helpful to understand the official stance. A similar post while old here https://blog.vittoriopavesi.com/2006/02/wsus-with-sql-authentication.html?m=1 again references the same keys. I will mark your answer correct though.
-
Nickp 1 Reputation point2022-01-23T23:15:21.33+00:00 Stephen,
Did you ever get this to work?
If you did can you share how you made it work...
Sign in to comment -
-
Adam J. Marshall 10,786 Reputation points MVP
2022-01-19T00:36:11.733+00:00 Read Lawrence's response.
Security implications for the very least.
-
Stephen Skwierawski 36 Reputation points
2022-01-19T01:07:01.053+00:00 lol , while I have no previous communications with Lawrence I didn't know he was the ultimate authority on this type of scenario hence why I have asked the question here. In any event I found his response dismissive instead of helpful.
Sign in to comment -
-
Adam J. Marshall 10,786 Reputation points MVP
2022-01-19T00:12:26.713+00:00 No it is not.
-
Stephen Skwierawski 36 Reputation points
2022-01-19T00:22:57.317+00:00 Can I ask why not ? There is a registry key for SQL authentication mode.
Sign in to comment -
-
Adam J. Marshall 10,786 Reputation points MVP
2022-01-18T23:11:47.487+00:00 WSUS in Workgroup mode, CANNOT use a dedicated Remote SQL Server and must use the WID. You can use a LOCAL SQL Server though.
The reason: WSUS only supports Windows Authentication. Windows Authentication can't happen across workgroup nodes.
-
Stephen Skwierawski 36 Reputation points
2022-01-18T23:29:44.427+00:00 That is really annoying - is this an option ? https://social.technet.microsoft.com/Forums/lync/en-US/552b14bf-1d26-4a8f-8e06-5b39ec0783d8/wsus-database-susdb-authentication-via-sql?forum=winserverwsus
Sign in to comment -