Windows Server 2022 WSUS Fatal Error: The schema version of the database is from a newer version of WSUS

Question

Hi,
I recently upgraded Windows Server from 2016 to 2022!
In post-install processes, I receive the following error for the WSUS service:

Log file is located at C:\Users\m-alizadeh\AppData\Local\Temp\\WSUS_PostInstall_20220223T152505.log
Post install is starting
Fatal Error: The schema version of the database is from a newer version of WSUS 
than currently installed.  You must either patch your WSUS server to at least 
that version or drop the database.

Furthermore, in the WSUS console there is the following error:

The WSUS administration console was unable to connect to the WSUS Server via the remote API. 

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

The WSUS administration console was unable to connect to the WSUS Server via the remote API. 

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

System.Net.Sockets.SocketException -- No connection could be made because the target machine actively refused it 192.168.0.1:8530

Source
System

Stack Trace:
   at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
   at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
** this exception was nested inside of the following exception **


System.Net.WebException -- Unable to connect to the remote server

Source
Microsoft.UpdateServices.Administration

Stack Trace:
   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.GetUpdateServer(PersistedServerSettings settings)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()

***I did the following actions, which were unsuccessful:

• I removed the WSUS service, deleted the updates storage folder!
• I renamed SUSDB.MDF in the "WID\Data" folder
• I restarted the IIS Service as well as the application pool of WSUS
• I re-installed the WSUS service but it did not work!

It would be highly appreciated if anybody could help me.
Thanks in advance***

Answer 1

1) Go to C:\Program Files\Update Services\Database

2) Take ownership of VersionCheck.sql from "TrustInstall"

3) Open file in notepad

4) On line 3 change "DECLARE @scriptMinorVersion int = (11)" to "DECLARE @scriptMinorVersion int = (51)"
the "11" is a typo

5) Restore ownership, if cant the make "Everyone" owner

6) Re-run post install config

7) Have a beer.

Answer 2

I've written a blog on how to fix this.

https://www.ajtek.ca/wsus/wsus-post-deployment-configuration-failed-windows-server-2022/

Hope this helps the next person who has this problem.

Answer 3

Hi,

Thanks for your posting in Q&A.

Agree with AJTek-Adam-J-Marshall, the issue may be WSUS is not removed completely.

We need to:

Remove WSUS Role and Windows Internal Database (WID) Feature.

Remove C:\WSUS or where ever the WSUSContent folder resides.

Remove C:\Windows\WID (specifically: delete the SUSDB.mdf and SUSDB_log.ldf in C:\Windows\WID\Data). If you don't remove the WID role and its files on a reinstall, it will re-attach to the same database.

In IIS, remove the 'WSUS Administration' website and the 'WsusPool' Application Pool if they still exist.

Restart the server and re-add the WSUS And WID Roles. Let it install, and then restart the server again.

Now try to do the post-installation configuration.

If this doesn't work, disjoin the server from the domain, and restart. Try the post-installation steps again. If it works, the issue is a policy on your domain that is causing the issues. You can then rejoin the server to the domain.

After you've removed WSUS completely following the instructions above, you can then go ahead and install it again if you so choose.

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 4

Follow my guide to remove WSUS fully and reinstall. It sounds like you didn't fully remove it.

https://www.ajtek.ca/wsus/how-to-remove-wsus-completely-and-reinstall-it/

Answer 5

This is why Microsoft does not recommend installing WSUS on a Domain Controller. What you've done is against recommendations and what has happened is the groups WSUS needs to operate are no longer 'local' because a DC does not have any 'local' groups.

You cannot disjoin a domain controller from a domain unless you are demoting it to a member server first and then disjoining it.

You are better to try to fix this problem than to disjoin it.

Create 2 Domain Local groups

Name: WSUS Administrators
Description: Members of this group can administer the Windows Server Update Services role.
Name: WSUS Reporters
Description: Members of this group can generate reports but cannot approve updates or configure the Windows Server Update Services role.

Then try to run the postinstall again.