Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Patching a passive cluster node using a Configuration Manager 2007 Software Update fails with exit code -2068578304

Patching a passive cluster node using a Configuration Manager 2007 Software Update fails with exit code -2068578304

Symptoms

When patching a passive cluster node using a System Center Configuration Manager 2007 Software Update task sequence, the following error message is reported in the summary log file:

Final result: The patch installer has failed to update the shared features. To determine the reason for failure, review the log files.
Exit code (Decimal): -2068578304 
Exit facility code: 1204 
Exit error code: 0 
Exit message: The SQL Server failover cluster instance <name> was not correctly detected. The instance was discovered on the local node but it was not found to be active. To continue, confirm the state of the instance installed on all applicable nodes of the cluster and the state of the failover cluster resources. 

↑ Back to the top

Cause

This can occur if you are using a Software Update to patch a passive cluster node. When deploying a Software Update, Configuration Manager leverages the WUA agent using the local system account. By default that account does not have the permissions needed to access the remote registry for the partner node and thus the active node cannot be detected. Since the active node cannot be detected the patch cannot be applied.

↑ Back to the top

Workaround

There are three optional workarounds for this issue:

Option 1: Use Configuration Manager to install the patch on the ACTIVE cluster node first.

Option 2: Use Configuration Manager and choose the Software Distribution method rather than the Software Update method. See http://technet.microsoft.com/en-us/library/bb680550.aspx for more information.

NOTE: Please make sure that the “Program can run:” setting is configured for “Only when a user is logged on” and the “Run mode” setting is configured as “Run with user’s rights”.

Option 3: Grant the appropriate computer account (e.g. NTADMINcomputername$) read permissions to the following registry key on every node of the cluster:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg

↑ Back to the top

More Information

This issue is by design as we cannot specify another account when performing a Software Update. Configuration Manager 2007 (ConfigMgr 2007) cannot guarantee that all machines will have a particular user-defined user account that can launch the update so it is hard coded to use the built-in account called “NT AUTHORITY\SYSTEM”. All machines must have this account by default and it has local admin permissions. 

↑ Back to the top

Keywords: kb

↑ Back to the top

Article Info
Article ID : 2855474
Revision : 1
Created on : 1/7/2017
Published on : 6/10/2013
Exists online : False
Views : 82