How to Move the WSUS Database

 

I ran into an issue where a customer needed to move the WSUS Database to a different SQL server.  In my research I found most of the information below.  In testing I added a few pieces to it since my customer was using a remote SQL server.  To move your WSUS Database to another SQL  server just follow these steps, this should work with SQL 2005 or SQL 2008:

1. In the Services tool Right-click IIS Admin Service, and then click Stop.  It will stop other services (WWW Publishing, Windows Remote, and HTTP SSL).

2. In the Services tool, Right-click Update Services, and then click Stop.

3. On the old SQL server, DETACH the SUSDB database.  You can do this by right clicking the SUSDB, choosing Task and then choose detach.  You get the "Detach Database" wizard.  You should be able to just choose "OK" and it will start the detach process.  You may need to choose the "Drop Connections" box.

4. Copy the database files (MDF and LDF) from the old SQL server to the new SQL server. (Make a backup copy of these files as well.)  Most of the time these files will be in the MSSQL\Data directory.

5. Attach the database files as SUSDB to the new SQL server.  Right click Databases and choose Attach.  Point to the place where you copied the files and choose "OK".

a. Verify permissions on the SQL Server instance. In SQL Server Management Studio, open the instance and select Security, then Logins. The NT AUTHORITY\NETWORK SERVICE account should be listed as a login. If not listed, add the account as a login.  If the SQL server is a remote box then add the WSUS server's machine account to the permissions.

b. Verify permissions on the database. Right-click the database, select Properties and then click Permissions. The NT AUTHORITY\NETWORK SERVICE account should be listed as a login. If not listed, add the account as a login.  If the SQL server is a remote box then add the WSUS server's machine account to the permissions.

c. Verify members of the webService role. Under the WSUS database, select Security, select Roles, select Database Roles, then right-click webService and select Properties.  The NT AUTHORITY\NETWORK SERVICE account should be listed as a member of this role. If it is not, it should be added.   If the SQL server is a remote box then add the WSUS server's machine account to the permissions.

6. Back on the WSUS server, open the registry editor: Click Start, click Run, type regedit, and then click OK.

7. Browse to HKLM\SOFTWARE\Microsoft\UpdateServices\Server\Setup\SqlServerName, and in the Value box, type [ServerName]\[InstanceName],and then click OK. If the instance name is the default instance, then simply type [ServerName].

8. Click Start, point to Programs, point to Administrative Tools, and then click Services.

9. Restart the following services:   IIS Admin, HTTP SSL, WWW Publishing, and the Updates Services.

10. To verify that everything is working run the Update Services Console.

Comments

  • Anonymous
    January 04, 2012
    Thanks for the article - very concise and easy to follow.

  • Anonymous
    April 23, 2013
    Thanks a lot - move was simple and successful.

  • Anonymous
    August 01, 2013
    The comment has been removed

  • Anonymous
    September 06, 2013
    @Sam - on the SQL Server login property, you should be able to add the computer account. In the Security>logins>New Login dialog, new Login Name: specify DomainWSUSServerName$ then the appropriate User Mapping.

  • Anonymous
    March 20, 2014
    I also had to set the registry value "SqlInstanceIsRemote" to 1. With an internal DB setup it's defaulted to 0.

  • Anonymous
    March 31, 2014
    The comment has been removed

  • Anonymous
    February 04, 2015
    Thanks! Well written.

  • Anonymous
    November 19, 2015
    Very Nice document, simple and super