setup of IIS Anonymous Access app pool execute permissions

John Lenz 1,716 Reputation points
2022-09-06T15:59:45.51+00:00

I am re-installing WSUS Role 0n a Hyper-V server2012R2 Instance. The architecture is Hyper-V SQLServer as DB. I am working through AJTek how to set WSUS permissions and need help on the last step.

WSUS has GPO, product classifications and computers setup. Permissions on remote and SQLServer access appear to be OK. unapproved updates appear in my update types in WSUS, e.g. Tools. I accepted one test update for a Windows10 client and got failed to download ( 0x80d02002 )- The last step in the WSUS permissions checklist is to set IIS settings on the WSUS server. It calls for Anonymous Access enabled with certain execute permissions. Since my Hyper-V Server2102R2 running SQLServer 2012 is operational, I do not want to change authentication unless I know exactly what to do ( I am not a trained DBA). The permissions are to be applied to the IIS in the WSUS server.

Here are the App Pools:
238264-wsus-iis-app-pools.jpg

For a site folder I am suppose to enable Anonymous access AND Execute permissions, e.g. Scripts Only.

Here is the default look at one to the settings I have to make:

238274-wsus-iis-authentication-default.jpg

If I edit, I get the following:

238244-wsus-iis-authentication-app-pool-identity.jpg

At this point, what do I do to set:

WSUSPool security:Anonynous access enabled, Execute permissions Scripts only.

I do not want to mess up the SQLserver Instance or WSUS IIS.

One more data point. On the Windows 10 client, WSUS fails to download; however. "Check online for updates from Microsoft Update" works, updates identified, downloaded and installed.

There must be a configuration or permission issue stopping WSUS from working.

Windows10 troubleshooter results are as follows for troubleshoot Windows Update:

Problem with BITS service : The requested service has already been started. System.Management.Automation.RemoteException More help is available by typing NET HELPMSG 2182. System.Management.Automation.RemoteException
Service Status
Problem with BITS service : The requested service has already been started. System.Management.Automation.RemoteException More help is available by typing NET HELPMSG 2182. System.Management.Automation.RemoteException

Internet Information Services
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,930 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Bruce (SqlWork.com) 53,426 Reputation points
    2022-09-08T20:09:25.863+00:00

    as it is an asp.net site, the app pool account is used for anonymous requests handled by the asp.net framework. the IUSER account is used by the IIS static file handler (and others). It is usually best to set to the anonymous identity to app pool account.

    1 person found this answer helpful.

  2. John Lenz 1,716 Reputation points
    2022-09-08T03:33:35.227+00:00

    GPO Location different in Win10. Found it in User Configuration. Tried a server format but it did not work. Will try again and report back.

    Any idea on anonymous access permissions?

    0 comments No comments

  3. John Lenz 1,716 Reputation points
    2022-09-08T18:03:49.823+00:00

    The set intranet u[pate service location did not work. Now I get error 0x802441c. This is:

    Error 0x8024401c occurs when Windows cannot download and install Windows updates because it cannot connect to Microsoft's Windows Update servers. This can be caused by Internet connection issues or server timeouts.

    What do I have to do to get clients connected to WSUS server?

    0 comments No comments