How to reset the stored credentials for the Application Identity
If the Symantec Management Console will not load , Active Directory cannot be accessed or other possible credential issues while running Notification Server occur you may have to reset the stored credentials for the Application Identity.
For example, when you change the Application Identity in Active Directory, the Notification Server services will continue running under old Application Identity credentials and will lock the account trying to authenticate with old Application Identity credentials. An account will be locked only if system's security policy is set to lock it after a few failed login attempts.
NOTE: It is recommended to log into the Notification Server (SMP) as the Application ID while performing any form of maintenance, updates, upgrades, or repairs. On installation, the AppID is listed as the owner of the Altiris Service found in Services.msc.
There are multiple methods that could be used to resolve these problems (if this is related to Notification Server 6 use Method 1):
METHOD 1: Use the AexConfig.exe utility and use the /svcid switch to reset this Identity.
Open a Windows Command Prompt (Right Click and Run as Administrator) directly from the NS7 server
Browse to \Program Files\Altiris\Notification Server\Bin
Substitute the appropriate domain, username and password into the syntax below and run this command in the DOS window: AeXConfig.exe /svcid user:<domain\username> password:<password>
In some circumstances the command line in number three above will give you an error stating the following: “The system cannot find the file specified”
If that is the case, please try enclosing the password in quotation marks. Example: AeXConfig.exe /svcid user:<domain\username> password:"<password>"
In some instances the above method will not work correctly. The steps below will work if the above process fails:
Open the Windows Registry editor
Browse to the registry key: HKLM\SOFTWARE\Altiris\express\Notification Server\AppIdentity
For additional information about the various command line switches available, from the DOS prompt run "aexconfig.exe /?"
METHOD 2: Use Symantec Installation Manager (SIM) to repair the credentials
If Method 1 fails, make sure you are running the latest version of SIM and use SIM to repair the the Symantec Management Platform. If this second method fails, confirm the version of SIM being used as there was a known issue in previous builds of SIM that would prevent this from working properly. (See article TECH41586 for more details on the problem that was resolved in SP2).
METHOD 3: If you can load the console:
Create a service account in Active Directory and get the AD SID.
Click on Settings >All Settings>Notification Server> Notification Server Setting > Processing and change to the desired credentials to the NS service account created above and click OK.
Update the [SecurityTrustee] table in the Symantec_CMDB database.
Imported Document ID: HOWTO10009
Subscribing will provide email updates when this Article is updated. Login is required.