WSUS event ID 12072 access to storage RRS feed

  • Question

  • From

    What are the credentials to enter in the case of a non-domain connected nas? I'll explain. The WSUS is not under domain and the moving of the contents to a folder on the NAS was successful through "wsusutil postinstall". Also successfully created registry keys and changes on IIS correctly.
    I also get error ID 12072 on the WSUS as it does not recognize the credentials that I set on "Physical Path Credentials" in IIS.
    nas ip address \ username is correct? the username is the one set on the NAS shared folder and has full controll.
    Thank you all who can help me

    Wednesday, June 1, 2022 9:19 AM

All replies

  • Hi Marino,
    Try uses in "Physical Path credentials" this value ".\" before your user credential, for example when to local user in NAS is "usernas":


    I use this type of authentication for local user at remote NAS.

    Hope this helps

    Christian Yukio Aiko Cloud Solution Architect MCT | MD-100 | MD-101 | MS-100 | MS-101 | AZ-104 | AZ-303 | AZ-304 | AZ-500

    Thursday, June 2, 2022 12:42 PM
  • Thanks for the reply Christian

    I'm sorry I tried to enter the credentials: .\user.nas but it didn't work. In IIS I got authentication error with code 0x8007052E
    Sunday, June 5, 2022 6:45 AM
  • Marino,

    What username do you use to services IIS, in services.msc?

    Because, maybe the user to start services is member of System Account or Network Account, and is possible with the account don´t have permission to uses this resources (If you want see this permission, uses "gpedit.msc" and go to "Computer Configuration\Windows Configurations\Security Configuration\Local Polices\Security Options").

    Try to use (in services IIS) a local account with same username/password, at your NAS.

    Hope this help.

    Christian Yukio Aiko Cloud Solution Architect MCT | MD-100 | MD-101 | MS-100 | MS-101 | AZ-104 | AZ-303 | AZ-304 | AZ-500

    Monday, June 6, 2022 12:13 PM
  • Tried the solution but unfortunately without success.
    I try to explain myself better hoping for a solution:
    The NAS is connected on a domain, and obviously with local accounts in the administrators group of the NAS itself I can reach it, read it and write it even from workgroups.
    The workgroup is justified by the fact that the WSUS role server is not on the domain.
    I also performed the procedure of creating a local admin user on the NAS and another local admin user on the WSUS Server. Obviously they both have the same name and password. In fact, the server accesses from the explorer without requiring any type of access and this is also verified by the NAS logs with the relative possibility of reading and writing. So I also tried removing the role and installing it again. When it asks me for the path and I insert the NAS resource it goes on without delay. Once approved only one update I get a series of logs on the wsus server with id 10012 wrong authorization and the famous id 12072 WSUS directory not accessible.
    I also tried to take a look at the Group policy and I also reached the desired folder but I didn't quite understand which items I need to check. Finally on the IIS server the user configured in the virtual directory entry of "Content" is pass-through. When I try these settings I get this error message "The server is configured to use pass-through authentication with a default account to access the specified physical path. However, IIS Manager cannot check if the default account has the logon. Verify that the application pool identity has read access to the physical path. If this server is joined to a domain and the application pool identity is NetworkService or LocalSystem, verify that domaincomputer_name $ has access reading to the physical path, then retry these settings. "
    Just like she said. I await and thank those who are collaborating on the resolution
    Tuesday, June 7, 2022 8:26 AM