Today I had to move the WSUS internal database to one of our backend database servers. Microsoft has a good instruction how to do this, nevertheless I ran into a problem.
Microsoft SQL Server 2008 did not allow me to add the machine account of our WSUS frontend server (let me call it WSUS-SRV), so I created a new Active Directory security group called WSUS Administrators containing the WSUS-SRV machine account. This security group I gave the permission to access the database.
After starting the IIS Admin Service and Update Services the database backend server showed the error Token-based server access validation failed with an infrastructure error (event-id 18456). Oops.
One workaround would have been to disable the UAC (http://blogs.msdn.com/b/sqlserverfaq/archive/2010/10/27/troubleshooting-specific-login-failed-error-messages.aspx). Not a solution I was very keen about.
I fixed the problem by creating a local security group on the database server and adding the maching account of WSUS-SRV into it.