Archive for July, 2012

WSUS breaks after update KB2720211

Another oops by MS…..

Console can’t connect to WSUS.  It errors out and tells you to look at the softwaredistribution.log file. (Where the f… is that???)  It’s in the c:\windows\program files\update servise\logfiles folder of course!  Look at the log and it shows that it can’t connect to susdb and reports Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’ and Cannot open database “SUSDB” requested by the login.


- Applied KB2720211 to a WSUS 3.0 SP2 server thats running on Windows 2008 64 bit server with local SQL db.

-Applied KB2720211 to Windows 2003 server running WSUS 3.0 SP2 and local SQL db.


1. Download the KB2720211 installer for your architecture from Microsoft (
2. Extract WUSSetup.msp from the installer by running the installer with the /extract parameter (example: “WSUS-KB2720211-x64.exe /extract”)
3. With 7-zip, open WUSSetup.msp and extract “PCW_CAB_SUS”.
4. With 7-zip, open “PCW_CAB_SUS” and extract “DbCert”, “DbCertDll”, and “DbCertSql”.
5. Rename those files to “WSUSSignDb.cer”, “WSUSSignDb.dll”, and “WSUSSignDb.sql”, respectively.
6. On your WSUS server, navigate to “C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\SchemaSig” and copy the extracted “WSUSSignDb.cer” and “WSUSSignDb.dll” to it. Make a backup copy of the two existing versions, just in case.
7. On your WSUS server, navigate to “C:\Program Files\Update Services\Database” and copy the extracted “WSUSSignDb.sql” to it. Make a backup copy of any existing versions of the file.
8. Reinstalled 2720211 - it runs successfully this time.

Don’t even have to reboot or restart anything on 2008 R2 server.

You do have to reboot Windows 2003 server before rerunning the update (step 8)

I’ll update this If microsoft every comes up with an official fix.