I performed an upgrade on a domain controller from Windows 2003 Std x64 to Windows 2008 Std R2. Everything smooth. The only problem is that I am unable to run Windows Updates. When I try I get the following: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Windows could not search for new updates An error occured while checking for new updates for your computer. Error(s) found: Code 80070005 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Any ideas? Thanks, Chris

What groups is your account member of? Is Software Restriction Policy configured? What system-related software (not business applications) is installed?MCITP: Enterprise Administrator; MCT; Microsoft Security Trusted Advisor

My account is a member of Domain Admins, the server is in the Domain Controllers OU, we don't define any software restriction policies and the following are installed on the domain controller in question: Active Directory Services DNS File Services Web Server (IIS) BioChris

Hello, stop the windows update service, then delete the c:\softwaredistribution folder and start the service again. Now try again to connect to Windows update. This folder will be rebuilt when the service is restarted so there is no problem with it.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Ok , I just did what you suggested but still exactly the same error. However I just discovered something new: The same error I get on the upgraded Domain Controller I also get on a different Domain Controller that was build fresh with Win 2008 R2 Std. So it must not be the upgrade process that broke something in Windows Updates but rather Active Directory on a Windows 2008 DC. Functional levels are still 2003 by the way as I still have three more 2003 DCs to be upgraded. Well, I am still open to any suggestions while I am researching myself...thanks for your input Meinolf, I had really hoped that would do the trick... It's weird though everything else works fine, AD replication flows smoothly between the 2003 and 2008 DCs, FRS, DNS etc... Also both servers give the same error code: 80070005 BioChris

Hi, Please refer to the following article: http://support.microsoft.com/kb/968003/en-us Meanwhile, please check whether your account belongs to an impropriate group such as Builtin\Guests Tim Quan

Tim, Thanks for the reply. I have done some search on the error myself and for the most part the recommendations are the same. Domain Admins and Domain Users are not members of the Domain Guests account. I can't believe this is happening on upgrades and fresh installs alike. The last two things I am trying are: this http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/4222edeb-7068-4913-9de9-286cfc906dc4 and this http://support.microsoft.com/kb/968003/en-us but I am very sceptical about this resolutions. I will leave this thread open in case someone else has some additional ideas. Thanks, BioChris

Could it be that the upgraded Domain Controller was NOT the FSMO role holder of the domain? And if that's the case then why the freshly build new 2008 Domain Controller giving the same issue? BTW, the changing permissions links above have not helped at all. Plus they looked pretty scary to me when they were running. BioChris

Hello, to check the DCs please use the support tools: dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)] dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Roger that Sir, will do at the end of the day today. Thank you. Still no luck by the way...BioChris

check ths two steps . Removed the Administrator from the Domain Guests Group and remove the Domain guests group from any account. Open the Default domain controller policy -> Computer configuration -> Security settings ->Local policies -> User right assignment -> Under Log on as a service properties add Network Service, Local Service, System.

Did the above, same error code. I am currently working with MS support but they also have a hard trying to figure out what's going on. Interesting. BioChris

The AD account Systems was a member of the account Buildin/Guests and that was automatically making the Domain Controller's computer account to be a member of the Guests group which was causing Windows Updates to fail. Apparently, this does not affect Windows 2003 Domain Controllers but the moment you go to Windows 2008 boom! SO, do the following and you are done: - Remove SYSTEM from Buildin/Guests Members. - Reboot the Domain Controller. - Run Windows Updates!BioChris