|
Below are documented procedures for changing the password of most any
MOM or MOM infrastructure-related service, task or data access account.
Enjoy!
MOM DAS Account
Changing the DAS Account Password
- Change the account’s password on the local
computer or the domain. If this is a local account you can do this
using the Local Users and Groups snap-in. If this is a domain
account, you can use the Active Directory Users and Computers
snap-in.
- Update the password for the Identity for the
Microsoft Operations Manager Data Access Server COM+ application.
You can do this in the Component Services snap-in.
- Stop the COM+ application and then restart it.
MOM Server Action Account
Changing the Management Server Action Account Password
- Change the account’s password on the local
computer or the domain. If this is a local account you can do this
using the Local Users and Groups snap-in. If this is a domain
account, you can use the Active Directory Users and Computers
snap-in.
- Change the password that MOM uses by using the
SetActionAccount.exe utility. Directions for this utility are listed
below:
Syntax:
SetActionAccount.exe [options]
Options:
-query
//returns the current Action Account settings for the specified
management group.
-set
//sets the Action Account for the specified management group. Note - the
tool will prompt you for the new password.
Note - the management group must be specified, even if the agent is not
multihomed
Example:
SetActionAccount.exe AKOSMG
AKOSDOMAIN svc_momaction
- Restart the MOM Service on the Management
Server.
MOM Agent
Action Account (single managed computer)
Changing the MOM Agent Action Account Password
- Change the accounts password on the local
computer or the domain. If this is a local account you can do this
using the Local Users and Groups snap-in. If this is a domain
account, you can use the Active Directory Users and Computers
snap-in.
- Change the password that MOM uses by using the
SetActionAccount.exe utility (syntax illustrated above). Directions
for this utility are in the “Action Account Password Changes”
section of this guide.
- Restart the MOM Service on the managed
computer.
MOM
Agent Action Account (group of managed computers)
- Launch the MOM Administrator Console
- Navigate to Agent-managed computers.
- Highlight the agents (some or all) for which
you will be changing the Action Account.
- Right-click on the highlighted selection.
Choose All Tasks > Update Agent Settings.
- Specify to use the default Management Server
Action Account or specify an Action Account specific for the agent
(or group of agents).
DTS Task Account
To
change the password in the MOM Reporting Scheduled Task
- Click on Start, select Settings, Control
Panel, Scheduled Tasks, and then click SystemCenterDTSPackage Task.
- In the SystemCenterDTSPackage Task properties
dialog, on the Task tab, enter the new account domain\name in the
Run as textbox.
- Click the Set password button.
- In the Set Password dialog enter and confirm
the password, and then click OK.
- Click OK to complete the change.
MOM Service Account
(management server
and agent)
The MOM service (management server or agent machine) can run
only as Local System or Network Service (Windows 2003 only), the
passwords for which are maintained automatically. If not configured to
use one of these values, the service will not start.
MOM Reporting Access Account
To
change the password in SCDW Data Source
- In the MOM Reporting Console, on the Home
page, click SCDW.
- On the Properties page, make sure that the
Credentials stored securely in the report server option and that the
Use Windows credentials when connecting to the data source checkbox
are both selected.
- Type the new domain\username in the User name
textbox and type the password in the Password textbox.
- Click Apply.
ReportServer Service Account
This
should run as Local System on Windows 2003 per MS recommendations, so
password changes are no necessary.
Should it be necessary to run this service as a domain account in your
environment, changing the password varies from the procedure used for
other services.
Changing the ReportServer service account differs from a standard
service because a ReportServer symmetric key is encrypted and stored in
the ReportServer database using the user that the ReportServer Windows
service is running under. If you change the ReportServer service account
won’t be able to decrypt this key unless you follow the procedure below.
- Delete the references to the old key:
rskeymgmt -r (the installation ID can be found in the
rsreportserver.config file)
- Stop IIS and the Report Server windows service
- Change the account service runs under to a
domain account that can log in to your reporting database.
- Start IIS and the Report Server windows
service
- Reapply the encryption key: rskeymgmt -a -f
-p.
SQL Reporting
Services DB Access Account
On a
MOM 2005 Reporting Server running Windows 2003, this should be the
account used to run the ReportServer service. Since ReportServer service
should run as Local System on Windows 2003, no password changes should
be necessary. However, should you need to change the db access account
to run as a domain account, do so with the rsconfig utility as follows:
rsconfig -c -s <SQLSERVERNAME> -d reportserver -a
Windows -u <MYDOMAIN\MYACCOUNT> -p <PASSWORD>
and
to change it back to a built-in account such as Local System or Network
Service as follows:
rsconfig -c -s <SQLSERVERNAME> -d reportserver -a Windows "NT
AUTHORITY\SYSTEM"
rsconfig -c -s <SQLSERVERNAME> -d reportserver -a Windows "NT AUTHORITY\NETWORKSERVICE"
Cluster Service Account
While not technically a MOM 2005 account, an operations or reporting
database running on a clustered SQL instance may require the cluster
service account password be changed, depending on the password policies
in your environment.
To
change the password for a Cluster service account in a Windows Server
2003 cluster, the following requirements must be met:
- Mixed clusters with Windows 2000 are not
supported; all nodes must be running Windows Server 2003 or later.
- All nodes must be using the same domain
account for the Cluster service.
- All nodes must be online or in a paused state.
- The update mechanism is not transactional; if
the password change is not completed on all nodes, there may be a
partial downtime in getting the passwords updated.
- You must be logged on to an account that has
domain access to change the Cluster service account password on the
domain controller. You must have local administrator rights to each
node to change the Local Service account passwords. This account
must also have the ability to traverse directories in the cluster
domain. (Note: This privilege is given to every user in the domain
by default.)
To
change the Cluster service account password for a single cluster, use
the following syntax in which the password for EASTCLUSTER would be
changed to NEWpassword from OLDpassword:
cluster /cluster:EASTCLUSTER /changepassword:NEWpassword,OLDpassword
SQL Service Account on
MSCS Cluster
If
the MOM Operations or Reporting database is running in a clustered SQL
instance, use SQL Enterprise Manager as documented in KB239885.
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239885#XSLTH3127121122120121120120
Notification Workflow
Service Account
Resetting the password for the NS$NotificationWorkflow service installed
by the Notification Workflow Solution Accelerator is just like changing
the service account on any standard Windows service.
- Launch the Computer Management mmc snap-in.
- Navigate to the Services node within the
Services and Applications tree view.
- Right-click the NS$NotificationWorkflow
service and select Properties.
- Click the ‘Log On’ tab, change the password of
the account accordingly, and then click OK. Then restart the
NS$NotificationWorkflow service.
|