Edge case to be sure but this is an SBS2003 that has been mostly decommissioned except for one SQL application that we can't migrate at this time. As such pretty much everything on the server has been disabled or uninstalled. Update Services is installed but disabled. SQL ##SSEE is still running however. The event was preceeded by event id 421.
In our case it's just log noise we don't need and won't fix WSUS on this machine. May uninstall it. But on a live server if it came up someone might want to know what to do.
You can resolve this issue (identify what's causing it) from the log file. Go to your SQL Server C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_175.trc
When you open the log_175.trc it will open SQL Server Profiler. Once opened look under the Event Class column for "Audit Login Failed". NT UserName should be Network Service. Then look under the Application Name column. This name in this column is the source of the Audit Login Failed for Error: 18456 Severity 14 State 16. This is the source identified as the issue.
Mysteriously appeared along with event 17204 (access denied). The WSUS service database would not start because the Network Service account did not have file permission to the WSUS directory. This in turn kept WSUS from running. I did not change any file persmissions and WSUS had successfully been deployed and running for 4 months prior to this error.
Fix: add Network Service account with full access rights to the WSUS directory and restart the Windows Internal Database service.