I am trying to add WSUS role on a server 2012 r2 server, but wsus installation failed with message:
The request to add or remove features on the specified server failed.
The operation cannot be completed, because the server that you specified requires a restart.
restart the server and do it again, same failure.
Found in system log, there is a service control manager error 7041 which says:
The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
Service: MSSQL$MICROSOFT##WID
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
This service account does not have the required user right "Log on as a service."
User Action
Assign "Log on as a service" to the service account on this computer. You can use Local Security Settings (Secpol.msc) to do this. If this computer is a node in a cluster, check that this user right is assigned to the Cluster service account on all nodes in the cluster.
If you have already assigned this user right to the service account, and the user right appears to be removed, check with your domain administrator to find out if a Group Policy object associated with this node might be removing the right.
It seems the WID causes the trouble.
I checked in GPO, "NETWORK Service" has logon as service rights and when trying to add NT SERVICE\MSSQL$MICROSOFT##WID it says the account cannot be validated.
The strange thing is in the wizard I removed "WID database" and selected "Database" but in the "confirm installation selections" I can still see "Windows Internal Database" listed.
I am not sure whether some other people encountered this issue and what is the solution.
Thanks for help.