There is a need to change the password of the Application Identity (AppID) that the Symantec Management Platform (SMP) runs under.
Method 1: Using Temporary Account. This is the most commonly used.
- Create a new temporary account for use during this password change process.
NOTE: The temporary account needs to have equivalent writes as the application identity account to both active directory rights and SQL rights. (An existing account with these rights can be used.)
- In the console, navigate to: Settings > All Settings > Notification Server > Notification Server Settings. Under the Processing tab, enter the temporary account and password in the Application Identity field. Click the save changes.
- In active directory, Change the permanent Application Identity password.
- Again navigate to: Settings > All Settings > Notification Server > Notification Server Settings. Under the Processing tab, change the temporary account back to the permanent account and enter the new password in the Application Identity field. Save the changes.
Method 2: IIS Session Cache/Persistence. Only use this method if you are confident in IIS cache and session persistence not being interupted from start to finish. Before the AppID password has changed and access to SMP console is still available. If this method fails, method 3 will be required to be followed.
(If access is no longer possible, you will need to use the command line tool listed in Method 2, below.)
- Before changing the AppID password in Active Directory (AD):
- Log into the SMP console with an account that is assigned to the Symantec Administrator role that is not the AppID
- Navigate to: Settings > All Settings > Notification Server > Notification Server Settings
- Leave this page open in the web browser and make the changes in AD for the AppID.
- After the changes to AD have propagated to all Domain Controllers:
- Return to the SMP console and update the fields for the AppID
- Click "Save Changes"
- Click on "Restart Services"
- Restart IIS by running IISRESET from an administrator command prompt window.
- Manually update the credentials for any task, job, or policy that was set to the AppID when created. (By default there are none, but it is possible to manually set this when editing the item).
Note: You will need to manually update the WMI protocol credentials (or you will get audit failures) which can be found in the management console under Settings, All Settings, Monitoring and Alerting, Protocol Management, Connection Profiles, Manage Connection Profiles, select the Default Connection Profile, edit the profile, and go down to the WMI section. Alternatively, you can use a domain account that has local admin rights on your systems or disable the WMI section altogether if you are not using components like the power on computers if necessary feature, Network Discovery, Inventory for Network Devices (agent-less inventory), Monitor Solution, Real-Time System Manager, etc.
Method 3: Command line or recovery option:
Command line tool if access to the SMP console is no longer possible, or a need to script the task is needed.
The aexconfig.exe utility can be used to set the AppID and/or AppID password. (from \Notification Server\bin directory and run aexconfig /? to see additional options).
- To change the AppID setting use the /svcid switch. This switch will require a user name and password. Substitute the appropriate domain, username and password into the syntax below and run it from an administrator command prompt. You should run it from the directory where you have installed the Symantec Management Platform. By default this is C:\Program Files\Altiris\Notification Server\Bin.
- AeXConfig.exe /svcid user: password:
Example: AeXConfig /svcid user:OurDomain\administrator password:pw.
- Restart IIS.
Note: If the Password contains special characters include the password in quotes. password:"p@ssw0rd". Also avoid using the "!" charter if possible. This tool is a command line tool, and that character can be difficult for the command line to ignore even within quotes.
Also Remember: If you are using IT Analytics you will need to update the password for the Reporting Services Data Source using the steps found in TECH200790.
Imported Document Id