WSUS breaks after update KB2720211

Another oops by MS…..

Console can’t connect to WSUS.  It errors out and tells you to look at the softwaredistribution.log file. (Where the f… is that???)  It’s in the c:\windows\program files\update servise\logfiles folder of course!  Look at the log and it shows that it can’t connect to susdb and reports Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’ and Cannot open database “SUSDB” requested by the login.


- Applied KB2720211 to a WSUS 3.0 SP2 server thats running on Windows 2008 64 bit server with local SQL db.

-Applied KB2720211 to Windows 2003 server running WSUS 3.0 SP2 and local SQL db.


1. Download the KB2720211 installer for your architecture from Microsoft (
2. Extract WUSSetup.msp from the installer by running the installer with the /extract parameter (example: “WSUS-KB2720211-x64.exe /extract”)
3. With 7-zip, open WUSSetup.msp and extract “PCW_CAB_SUS”.
4. With 7-zip, open “PCW_CAB_SUS” and extract “DbCert”, “DbCertDll”, and “DbCertSql”.
5. Rename those files to “WSUSSignDb.cer”, “WSUSSignDb.dll”, and “WSUSSignDb.sql”, respectively.
6. On your WSUS server, navigate to “C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\SchemaSig” and copy the extracted “WSUSSignDb.cer” and “WSUSSignDb.dll” to it. Make a backup copy of the two existing versions, just in case.
7. On your WSUS server, navigate to “C:\Program Files\Update Services\Database” and copy the extracted “WSUSSignDb.sql” to it. Make a backup copy of any existing versions of the file.
8. Reinstalled 2720211 - it runs successfully this time.

Don’t even have to reboot or restart anything on 2008 R2 server.

You do have to reboot Windows 2003 server before rerunning the update (step 8)

I’ll update this If microsoft every comes up with an official fix.


  1. #1 by Nico on January 20th, 2014 - 6:33 am

    I had the same issue and your solution resolved it !
    Thank you so much for your help.

  2. #2 by Joe Habich on August 28th, 2012 - 7:03 am

    We had a similar issue. We found that if you applied KB2720211 to our WSUS it would no longer load the console. After much hand wringing we found out that this update changes the the SqlDatabseName key in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup back to the default SUSDB. In our case we had moved our SUSDB to a separate SQL server and renamed it to fit our naming convention. We changed that value to the new DB name and it worked fine, but after this update the name got reverted back to SUSDB and broke the connection to the DB. Thought I’d drop this in here in case anyone else has a similar issue.

  3. #3 by Tony O’Prey on July 16th, 2012 - 4:51 am

    Thanks a lot for this fix, worked a treat.
    Again many thanks

(will not be published)
Subscribe to comments feed
  1. No trackbacks yet.