Unable to Add Windows Server Update Services role
recently i was at a customer site to add the SUP role on a WS2012R2 box and when i was trying to add the Windows Server Update Services, it was failing.
every time i got the error
The request to add or remove features on the specified server failed.
The operation cannot be completed, because the server that you specified requires a restart.
The first couple of times, i rebooted as i tough that could be something related as i was doing some other changes, but after that i noticed that it was not it.
Event viewer, under Setup, was giving me the error:
Update UpdateServices of package UpdateServices-CoreService-Package failed to be turned on. Status: 0x80070bc9
And looking at the error, i discovered this: The requested operation failed. A system reboot is required to roll back changes made.
i did a bit of research, i discovered that the “Logon as a service” policy was being managed by GPO and the NETWORK, SERVICE, IIS_WPG (or IIS_IUSRS) were not there. adding it, performing a gpupdate /force and reboot did fix the problem
note: on iis7/8 the group you add should be IIS_IUSRS but older version may be IIS_WPG. For more info about this, check http://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis