Installing OpenVAS on Ubuntu 16.04

sudo apt update && sudo apt upgrade
sudo apt install software-properties-common
sudo add-apt-repository ppa:mrazavi/openvas
sudo apt update
sudo apt install openvas
sudo apt install sqlite3
sudo openvas-nvt-sync
sudo openvas-scapdata-sync
sudo openvas-certdata-sync
sudo service openvas-scanner restart
sudo service openvas-manager restart
sudo openvasmd --rebuild --progress
sudo openvasmd --user=admin --new-password=PASSWORD




PowerShell - Send email on behalf

$EmailFrom = "User One <user.one@example.com>"
$EmailTo = "Vyacheslav Fedenko <vyacheslav.fedenko@example.com>"
$Subject = "Email Subject"
$body = "Email Body"
$SmtpServer = "YOUR SMTP SERVER IP ADDRESS"
$Smtp = new-object Net.Mail.SmtpClient($SmtpServer)
$MailMessage = new-object Net.Mail.MailMessage($EmailFrom, $EmailTo, $Subject, $body)
$MailMessage.Sender = "User.Two@example.com"
$Smtp.Send($MailMessage)



Get Calendar Permissions report - Exchange 2010/2013/2016 and Exchange Online

This PowerShell script gets Calendar Permissions report within your Exchange organization. It also can get a report from Office 365.
Usage examples:
.\Get-CalendarPermissionsReport.ps1 -Version 2010
Exchange 2010 Calendar Permissions report.


.\Get-CalendarPermissionsReport.ps1 -Version 2010 -File FileName.csv
The same as above but the results will be exported to FileName.csv file. 


.\Get-CalendarPermissionsReport.ps1 -Version 2013-2016 -File FileName.csv
Gets calendar permissions report for Exchange 2013 or 2016 and exports the results to FileName.csv file. 


.\Get-CalendarPermissionsReport.ps1 -Version O365 -File FileName.csv
Gets calendar permissions report for Exchange Online and exports the results to FileName.csv file. It will ask an Office 365 admin credentials.


.\Get-CalendarPermissionsReport.ps1 -Version O365
Connects to Exchange Online and prints calendar permissions to console. 


The script can be downloaded from TechNet Gallery.


Ubuntu 16.04 - Failed to start LXD

root@hostname:~# systemctl status lxd-containers.service
● lxd-containers.service - LXD - container startup/shutdown
   Loaded: loaded (/lib/systemd/system/lxd-containers.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Tue 2017-03-21 13:33:45 EDT; 3min 15s ago
     Docs: man:lxd(1)
 Main PID: 852 (code=exited, status=1/FAILURE)

Mar 21 13:33:45 hostname systemd[1]: Starting LXD - container startup/shutdown...
Mar 21 13:33:45 hostname lxd[852]: error: open /var/lib/lxd/containers: no such file or directory
Mar 21 13:33:45 hostname systemd[1]: lxd-containers.service: Main process exited, code=exited, status=1/FAILURE
Mar 21 13:33:45 hostname systemd[1]: Failed to start LXD - container startup/shutdown.
Mar 21 13:33:45 hostname systemd[1]: lxd-containers.service: Unit entered failed state.
Mar 21 13:33:45 hostname systemd[1]: lxd-containers.service: Failed with result 'exit-code'.

The fix:
root@hostname:~# sudo su
root@hostname:~# service lxd restart
root@hostname:~# reboot

root@hostname:~# systemctl status lxd-containers.service
● lxd-containers.service - LXD - container startup/shutdown
   Loaded: loaded (/lib/systemd/system/lxd-containers.service; enabled; vendor preset: enabled)
   Active: active (exited) since Tue 2017-03-21 13:37:14 EDT; 2min 4s ago
     Docs: man:lxd(1)
 Main PID: 857 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/lxd-containers.service

Mar 21 13:37:13 hostname systemd[1]: Starting LXD - container startup/shutdown...
Mar 21 13:37:14 hostname systemd[1]: Started LXD - container startup/shutdown.

Exchange - Connect a disabled mailbox

Easy way to restore a mailbox if you accidentally removed it. Simply reconnect it back using steps described here.


But sometime a removed mailbox doesn't show up as a disconnected one. In this case you need to synchronize the mailbox state with its AD account using Update-StoreMailboxState cmdlet.

First of all find a MailboxGuid and Database name of removed mailbox:
Get-MailboxDatabase | Get-MailboxStatistics | Where { $_.DisplayName -eq "Display Name" } | ft DisplayName,Database,MailboxGuid 

Then update the mailbox state:
Update-StoreMailboxState -Database DBNAME -Identity MailboxGUID

Then the mailbox will show up in disconnected mailboxes as well as DisconnectReason attribute will be updated. The mailbox will be ready to reconnect.

Installing Hyper-V on ESXi

Validation Results: The validation process found problems on the server to which you want to install features. 
The selected features are not compatible with the current configuration of your selected 
server. Click OK to select different features.

Shutdown the VM.
Add vhv.allow = "TRUE" to vmx file of VM. 
Amend guest operating system string so it looks like - guestOS = "winhyperv"
Upgrade Virtual Hardware. 
Enable Intel VT-x/AMD-V for intrusion set virtualization in VM CPU Options.

Notes: Works with ESXi 5.1, ESXi can be installed as well, Hyper-V can be installed and run even with 1 vCPU. 

SMB v1 GPO adm

CLASS MACHINE

CATEGORY !!SMB_Version

POLICY !!SMB1
KEYNAME "SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
EXPLAIN !!SMB1Help
VALUENAME "SMB1"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY

POLICY !!SMB2
KEYNAME "SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"
EXPLAIN !!SMB2Help
VALUENAME "SMB2"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY

END CATEGORY

[strings]
SMB_Version="SMB Version"
SMB1="SMB v1"
SMB1Help="Enable/Disable SMB version 1 by changing the value of 'SMB1' REG_DWORD in SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters."
SMB2="SMB v2"
SMB2Help="Enable/Disable SMB version 2 by changing the value of 'SMB2' REG_DWORD in SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters. Caution - SMB v3 works on the same stack as v2 (don't touch it)."



adm file can be easilly converted to admx via ADMX Migrator

Exchange setup error

"A reboot from a previous installation is pending. Please restart the system and then rerun Setup." 

If you are getting the error again after reboot (do it twice), clean up the values in REG_MULTI_SZ below: 

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations 

Sure thing backup registry first.

RDS connection issue

"The task you are trying to do can't be completed because Remote Desktop Services is currently busy".

In this case you need to reset your session. 

Connect to remote server via psexec tool.
psexec \\Server1 cmd

Optionally you can connect with different credentials by specifying -u key. 

Find out your session ID by running:
query session

Reset your session
reset session ID

Now you should be able to logon with no issue.

Update 25/05/2017: No need to use psexec as query/reset commands have /server parameter. :/ 



Exchange 2013 - IMAP Health

Check components by running:
Get-ServerComponentState -Identity CASServer1

If ImapProxy component has inactive state run the command below:
Set-ServerComponentState -Identity CASServer1 -State Active -Requester HealthAPI -Component ImapProxy

For more deep troubleshooting you can refer to the following KB - Troubleshooting IMAP Health Set.

#Connection Closed Gracefully.

PRTG - VMware datastore latency monitoring

Here is an example how to monitor individual ESXi datastores read/write latency through vCenter and PRTG. Tested with PRTG V16.4.28.7421 and ESXi 5.1. "VMware vSphere PowerCLI" is required on Probe server.

# "DataStoreName - totalWriteLatency.ps1" file
Add-PSSnapin VMware.VimAutomation.Core
$a=Connect-VIServer vCenterServer -User "Domain\User" -Password "UserPassword" -WarningAction SilentlyContinue
$p=@()
$p=Get-Datastore DataStoreName | foreach {$dsName = $_.Name; $uuid = $_.ExtensionData.Info.Url.Split('/')[-2]; Get-VMHost -Datastore $_ | Get-Stat -Stat "datastore.totalWriteLatency.average" -Realtime | where {$_.Instance -eq $uuid} | sort Timestamp -descending | select -first 1 | select -expand Value}
echo $p':ok'

# "DataStoreName - totalReadLatency.ps1" file.
Add-PSSnapin VMware.VimAutomation.Core
$a=Connect-VIServer vCenterServer -User "Domain\User" -Password "UserPassword" -WarningAction SilentlyContinue
$p=@()
$p=Get-Datastore DataStoreName | foreach {$dsName = $_.Name; $uuid = $_.ExtensionData.Info.Url.Split('/')[-2]; Get-VMHost -Datastore $_ | Get-Stat -Stat "datastore.totalReadLatency.average" -Realtime | where {$_.Instance -eq $uuid} | sort Timestamp -descending | select -first 1 | select -expand Value}
echo $p':ok' 

Put both files into "PRTG Installation folder\Custom Sensors\EXE" and create EXE/Script sensors.

Get-UPDReport - User Profile Disks report

This PowerShell script generates a report about User Profile Disks including accounts information from Active Directory.

The report contains the following attributes:
FullName - full path to UPD file.
LastWriteTime - time when UPD was last modified.
Size - file size in MB.
SID - Active Directory account security identifier.
AD_Account_Name - Active Directory account name.
AD_Account_UPN - Active Directory account user principal name.
AD_User_Enabled - information if account is enabled or disabled.
AD_User_LastLogon - Active Directory account last logon time.

Requirements:
Access to UPD path and Active Directory PowerShell module.

Usage examples:
# Gets report where UPD files location is “\\Share\UPDs\”.
.\Get-UPDReport.ps1 -UPDPath "\\Share\UPDs\"

# The same as above but an output will be saved in Report.csv file.
.\Get-UPDReport.ps1 -UPDPath "\\Share\UPDs\" | Export-Csv Report.csv


Compare-GPOs.ps1 - comparing GPO version numbers across Domain Controllers

This PowerShell script compares Group Policy Objects versions between specified Domain Controllers. It is used to identify GPOs, which are not replicated properly or have versions mismatch.

As example I will use Active Directory domain called "AD.FEDENKO.INFO" and 2 domain controllers "DC01"and "DC02".

I will create a test Group Policy called "Test_GPO" shows below.

After some GPO settings amendments you can see that User and Computer versions are changed. 

To simulate replication issue I will go to second domain controller and remove GPT.ini file.

As result you will see User and Computer versions are not available in Group Policy Management console of DC02.

Compare-GPOs PowerShell script can help to identify such Group Policy objects.

.\Compare-GPOs.ps1 -FirstDC DC01.AD.FEDENKO.INFO -SecondDC DC02.AD.FEDENKO.INFO


DCName                : DC02.AD.FEDENKO.INFO
Id                    : c1acca94-7078-403b-b636-7f9916aa4665
DisplayName           : Test_GPO
Path                  : cn={C1ACCA94-7078-403B-B636-7F9916AA4665},cn=policies,cn=system,DC=AD,DC=FEDENKO,DC=INFO
Owner                 : AD\Domain Admins
CreationTime          : 7/24/2016 4:41:12 PM
ModificationTime      : 7/24/2016 5:04:34 PM
UserDSVersion         : 2
UserSysvolVersion     :
ComputerDSVersion     : 1
ComputerSysvolVersion :
GpoStatus             : AllSettingsEnabled

DCName                : DC01.AD.FEDENKO.INFO
Id                    : c1acca94-7078-403b-b636-7f9916aa4665
DisplayName           : Test_GPO
Path                  : cn={C1ACCA94-7078-403B-B636-7F9916AA4665},cn=policies,cn=system,DC=AD,DC=FEDENKO,DC=INFO
Owner                 : AD\Domain Admins
CreationTime          : 7/24/2016 4:41:12 PM
ModificationTime      : 7/24/2016 5:03:00 PM
UserDSVersion         : 2
UserSysvolVersion     : 2
ComputerDSVersion     : 1
ComputerSysvolVersion : 1
GpoStatus             : AllSettingsEnabled

Also there is optional "-DelayInMilliseconds" parameter, which can be used for CPU usage throttling. The script can be downloaded from TechNet Gallery.

Group Policy - Processing Order

I think one of the most important things in administering Active Directory (AD) is the understanding of Group Policy processing order. In this blog post I will highlight this process and provide some examples. Also it will include an explanation of Loopback processing and Group Policy enforcement. 

I will create the following Organizational Unit (OU) structure for tests.
AD.FEDENKO.INFO/TestOU/TestSubOU

There will be Group Policy objects (GPO's) for each Organizational Unit including Domain and Site.

As result TestSubOU Organizational Unit will have the following GPO's assigned. 

The client workstation will be located in TestSubOU and called CLIENT01. It will be located in Active Directory Site called Users. GPO will also be assigned to this AD Site.

Just to summarize the list of GPO's used:
TestGPO_Domain - policy which is assigned to the domain. 
TestGPO_TestOU - OU policy.
TestGPO_TestSubOU - child OU policy.
TestGPO_Site - AD Site policy.

The Group Policies are processed in the following order:
1. Local Computer Group Policy (can be edited by running Local Group Policy Editor - gpedit.msc) 
2. Site Policy.
3. Domain Policy.
4. Organizational Unit policy. 

According to that information GPO settings on our test workstation will be processed in the following order:
1. Local Policy of CLIENT01. Note: Processing of Local GPO's can be disabled by "Turn off Local Group Policy Objects processing" settings, which can be found under "Computer Configuration - Policies - Administrative Templates - System - Group Policy".
2. TestGPO_Site
3. TestGPO_Domain
4. TestGPO_TestOU
5. TestGPO_TestSubOU

It means if for example TestGPO_TestSubOU and TestGPO_TestOU (even if domain and site GPO's) have the same settings, TestGPO_TestSubOU will take precedence over all of them. One interesting fact that TestGPO_TestOU will be still listed in Applied GPOs output from Group Policy Results wizard even if no settings were applied form that GPO. 

GPO's have Computer and User configuration sections. You should remember that Computer settings from GPO's which are applied to User account never take effect. One exception can be User settings from GPO's which are applied to Computer account. By default they are not being applied. It can be changed by configuring Loopback Processing. 

Loopback processing allows controlling Group Policy settings depending on which computer user authenticates to. Loopback processing has two modes: Merge or Replace. In first mode it applies User settings from all GPO's which are assigned to both Computer and User accounts. You should remember that if there any GPO settings conflicts (the same user settings), settings from GPO which is assigned to Computer object will take precedence. Another mode is Replace. It means that User account GPO's are ignored completely and not being applied. 

Loopback processing can be enabled by amending "Configure user Group Policy loopback processing mode" settings in "Computer Configuration - Policies - Administrative Templates - System - Group Policy".

Another topic which I would like to highlight is Group Policy enforcement. It allows you to enforce GPO to be applied last and in fact have precedence over all GPO's. For example if I mark Enforced  TestGPO_Domain Group Policy. Its settings will have precedence over all GPO's. 

Something not obvious will happen if you Enforce AD Site Group Policy Object, In our case it is TestGPO_Site.

You will not see it in Group Policy Inheritance tab but it is Enforced and take precedence over all Group Policy Objects so pay attention here. 

Another not obvious thing will happen if you enforce all GPO's. Actually I expected to see TestGPO_TestSubOU with Precedence #1 but in fact I see the following picture. 

Yes, that's correct. In my opinion it is not logically but anyway pay attention on it as well. I have not highlighted blocking inheritance. I believe the screenshot below will explain it very well. 


Hyper-V Replica with self-signed certificates

I have two standalone non-domain joined Hyper-V servers - HV01 and HV02. I need to configure Hyper-V replica between them. Many blog post and guides provide syntax for MakeCert tool. Interesting thing is that MakeCert is deprecated and it is recommended to use New-SelfSignedCertificate cmdlet instead. Of course it is great but there are some limitations of this cmdlet in PowerShell 4.0. Actually there is huge difference between New-SelfSignedCertificate cmdlet in PowerShell 4.0 and 5.0. I will create self-signed certificate using new cmdlet that's why I use Windows 10 with PowerShell 5.0. The name of Windows 10 workstation will be ADMIN01.

1. Go to ADMIN01 and generate root certificate. It will be used to sign certificates for HV01 and HV02. Sure you can use -NotAfter setting to specify certificate expiration date but this property was omitted here:

New-SelfSignedCertificate -Type "Custom" -KeyExportPolicy "Exportable" -Subject "CN=www.fedenko.info" -CertStoreLocation "Cert:\LocalMachine\My" -KeySpec "Signature" -KeyUsage "CertSign"

    Directory: Microsoft.PowerShell.Security\Certificate::LocalMachine\My

Thumbprint                                Subject
----------                                -------
2752C9823DBE015B60F4C5558DBB7CFEF1FD80AB  CN=www.fedenko.info

2. Create and sign certificates for HV01 and HV02. Make sure that you specify thumbprint of certificate above. 

New-SelfSignedCertificate -type "Custom" -KeyExportPolicy "Exportable" -Subject "CN=HV01" -CertStoreLocation "Cert:\LocalMachine\My" -KeySpec "KeyExchange" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2") -Signer "Cert:LocalMachine\My\2752C9823DBE015B60F4C5558DBB7CFEF1FD80AB" -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider"

New-SelfSignedCertificate -type "Custom" -KeyExportPolicy "Exportable" -Subject "CN=HV02" -CertStoreLocation "Cert:\LocalMachine\My" -KeySpec "KeyExchange" -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2") -Signer "Cert:LocalMachine\My\2752C9823DBE015B60F4C5558DBB7CFEF1FD80AB" -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider"

As result you will see 3 certificates in Local Computer certification store.








3. Export certificates and copy to Hyper-V servers:
On HV01/02 click export - Yes, export the private key - Next (Unselect Include all certificates in the certification path if possible. We will copy root certificate manually) - Specify the password and click Next - Specify path location and click Next - Complete the certificate export wizard by clicking Finish.



















Repeat the same for HV02 certificate. Then export root certificate (www.fedenko.info in my case). With root certificate there is no need to export private key. 



















4. Import certificates to the Hyper-V servers. HV01/02 into personal store of Local Computer on each server respectively. And Root certificate into Trusted Root Certification Authorities store. Check the certificate status afterward.













5. Last trick with Certificate Revocation Lists. On each Hyper-V server add the following registry key:

REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization\Replication" /v DisableCertRevocationCheck /d 1 /t REG_DWORD /f

6. Once all certificates are imported on servers Hyper-V Replica can be configured. 











On second server PowerShell script can be used to achieve the same configuration as above. 

PS C:\> Get-ChildItem Cert:LocalMachine\My | fl Subject,Thumbprint

Subject    : CN=HV02
Thumbprint : A03A46DE4085F7EE53D5B3451363AE0B73328F43

Set-VMReplicationServer –ReplicationEnabled $true -AllowedAuthenticationType Certificate -CertificateThumbprint "A03A46DE4085F7EE53D5B3451363AE0B73328F43" –ReplicationAllowedFromAnyServer $true –DefaultStorageLocation "D:\Hyper-V\Virtual Hard Disks"

7. Then enable Replication on VM level. 


SQL Server 2016 - Always On Availability Groups

In this blog post I will provide basic step by step guide how to install and configure SQL Server 2016 with Always On Availability Groups. Migration WSUS from Windows Internal Database to Availability Group will be as example.

This guide has the following steps:
1. Preparation.
2. Installing SQL Server 2016 on both SQL servers.
3. Installing Failover Clustering Feature on SQL servers and enable AlwaysOn.
4. Working with WSUS.
5. Create Availability Group.
6. Create logins and grant permissions.
7. Create Availability Group Listener.
8. Finish WSUS server reconfiguration.


Preparation.
Two Windows Servers 2012 R2 - SQL01 and SQL02.

Each SQL server has the following drive mapping:
C - System
D - SQL Installation
E - Database volume
F - SQL Logs
G - Backups

WSUS server is Windows Server 2012 R2 with default configuration.

Dedicated Active Directory Organizational Unit for SQL servers computer objects.

Opened firewall TCP ports on both SQL servers - 1433, 1434, 5022.

Installing SQL Server 2016 on both SQL servers. 
From SQL Server Installation Center click Installation then "New SQL Server stand-alone installation or add features to an existing installation".


Enter Product Key or select Evaluation, then click Next.

Accept the license terms and click Next.


Select Microsoft Update options and click Next.


On Install Rules page check all warnings. Then click Next.



On Feature Selection page select "Database Engine Services" and "SQL Server Replication". In my case I changed Directories paths to dedicated D: drive. Click Next to Proceed.


Leave default instance name and click Next.


Specify service accounts and collation settings. In my case I left it default and clicked Next.


On "Database Engine Configuration" page specify SQL Server administrators. In my case I selected domain administrator account.


Go to "Data Directories" tab and specify paths. Then click Next.


On Ready to Install page click Install.


Repeat the same steps on second SQL server.

Installing Failover Clustering Feature on SQL servers and enable AlwaysOn.

Open Server Manager - Manage - Add Roles and Features - Next - Role-Based or feature-based installation - Next - Select a server from the server pool - Next - Next - Select "Failover Clustering" checkbox (It will popup with additional features required) - Add Features then Next - Install


Repeat the same steps on second SQL server.

Open Failover Cluster Manager, right click on it and "Create Cluster..."


On Before You Begin page click Next.


On Select Servers page add SQL01 and SQL02 servers. Click Next to proceed.


Run validation tests by clicking Next.


Run all tests then Next. Wait until validation completes. Once all tests are passed specify Cluster Name and IP, then click Next. In my case it is SQL-CL01 with 192.168.1.201 as IP.


Confirm configuration and click Next.


Then configure quorum settings.

Enable Always On Availability in SQL Server Configuration Manager on each SQL Server.


Restart SQL servers. Download and install SQL Server Management Studio.

Working with WSUS.

Download and install on WSUS server: "Microsoft® SQL Server® 2012 Native Client" and "Microsoft® SQL Server® 2012 Command Line Utilities".

Stop "IIS Admin Service" and "WSUS Service"

Run command line tool as administrator:
cd C:\Program Files\Microsoft SQL Server\110\Tools\Binn
sqlcmd -S \\.\pipe\MICROSOFT##WID\tsql\query
use master
alter database SUSDB set single_user with rollback immediate
go
sp_detach_db 'SUSDB'
go

Then copy SUSDB.mdf and SUSDB_log.ldf from "C:\windows\WID\Data" to SQL01.

Working with WSUS database: 
Attach database on SQL01.


Go to Database Properties - Options. Amend Recovery model to Full. Then backup the database, copy SUSDB.bak file to SQL02 and restore it with "RESTORE WITH NORECOVERY" option.


Create Availability Group on SQL01.

In SQL Server Management Studio - AlwaysOn High Availability - Availability Groups - New Availability Group Wizard... - Next.

Specify AG name and click Next. In my case it is WSUSAG.


Select SUSDB and click Next.


Add SQL02 as replica. Do not configure listener for now. Click Next and Yes on endpoint popup.


On Initial Data Synchronization page select Skip initial data synchronization and click Next. On validation page click Next then Finish.

Create logins and grant permissions.

On SQL01:
use master
CREATE LOGIN [AD\SQL02$] FROM WINDOWS
GO
GRANT CONNECT ON ENDPOINT::[Hadr_endpoint] TO [AD\SQL02$]
GO

On SQL02:
use master
CREATE LOGIN [AD\SQL01$] FROM WINDOWS
GO
GRANT CONNECT ON ENDPOINT::[Hadr_endpoint] TO [AD\SQL01$]
GO

Remove and add back SQL02 from replicas.



Create WSUSDB computer object in SQL OU and grant full access permissions to SQL-CL01 object.



Create Availability Group Listener.


Specify listener settings and click OK. In my case it is 192.168.1.202, 1433 port and WSUSDB (computer object which I created earlier).


On SQL02 join SUSDB to Availability Group.

The state of database will be changed to Synchronized.

Finish WSUS server reconfiguration.

Replace "MICROSOFT##WID" with "WSUSDB" in "SqlServerName" of in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup"

Change WSUS Service to logon as Local System and grant dbo rights on SUSDB for WSUS01 computer.

Start "IIS Admin Service" and "WSUS Service".

Uninstall WSUS and Windows Internal Database features:
Uninstall-WindowsFeature UpdateServices-WidDB
Uninstall-WindowsFeature Windows-Internal-Database

Restart WSUS server.
(c) 2016 www.fedenko.info - Vyacheslav Fedenko