WSUS: WSUS should be installed on a non-domain controller

Applies To: Windows Server Update Services, Windows Small Business Server 2011 Standard, Windows Server 2008 R2, Windows Server 2003 with SP2, Windows Server 2012, Windows Server 2008 R2 with SP1

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Windows Server Update Services (WSUS) Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about Best Practices Analyzer and scans, see Best Practices Analyzer on Microsoft TechNet.

Operating System Windows ServerĀ® 2008 R2, Windows Server 2012
Product/Feature Windows Server Update Services 3.0 SP2 (WSUS 3.0 SP2)
Severity Informational
Category Configuration

Issue

WSUS is installed on a domain controller.

Impact

If WSUS is installed a domain controller, this will cause database access issues due to how the database is configured.

Installing WSUS on a domain controller can also cause problems upgrading or installing WSUS in the future.

Resolution

Uninstall WSUS from the domain controller, demote the server to a non-domain controller, and reinstall WSUS.

Alternately, you can install WSUS on a different non-domain controller machine.

For detailed instructions about how to remove WSUS 3.0 SP2, see the Removal section in the Microsoft Support Article 972455: Description of Windows Server Update Services 3.0 Service Pack 2.