ServiceDesk no longer works after changing the service account's Active Directory password
Last Updated October 20, 2011
After changing the service account's Active Directory password, trying to open Process Manager fails. Or, it opens but other issues occur, such as trying to create a new ticket.
Opening ServiceDesk may result in the error "Service Unavailable". This refers to being unable to access the SQL Server due to credentials being changed there and will appear instead of the normal ServiceDesk login window.
IIS and Windows Services can be hardcoded with the service account's credentials. If the account's password changes, these must be manually changed on the ServiceDesk server, SQL Server, and possibly the Notification Server 7 and its SQL Server too.
The following are best practices to help prevent changed AD passwords from interfering with ServiceDesk:
Arrange, if possible, with the network administrator to obtain a service account with a password that does not change. This enables business critical services and applications to continue running uninhibited. If this cannot be done, several manual changes will need to be performed upon changing a service account's domain password. (See the below list of instructions.)
Service accounts should be named appropriately and documented where they are used at.
Service accounts should not be shared between multiple servers or applications. For example, the Notification Server service account should not be the same account as the ServiceDesk service account.
If the service account requires a password change in AD, this will also require many manual changes in IIS and Windows Services. These include:
On the ServiceDesk server, change the following:
In Windows, go to Start > Administrative Tools > Services.
Right Click on the Workflow service. For version 7.0 it is called 'Logicbase 2006 Server Extensions' for version 7.1 it is called 'Symantec Workflow Server'
Change the Log On tab's Password and Confirm Password fields to be the new password.
Click on the OK button.
Restart any services that had their passwords changed.
Back in Administrative Tools on the ServiceDesk server, go to Internet Information Services (IIS) Manager.
Go to Application Pools > DefaultAppPool.
Right click on DefaultAppPool and go to the Identity tab.
Change the Password field to be the new password.
Click on the OK button. Re-enter the password to confirm it and click on the next OK button.
For the Notification Server 7, change the passwords for any Windows Services that have hardcoded service accounts. Also change any Windows Services that are for its SQL Server, whether on or off box. The IIS DefaultAppPool's credentials may also need to be changed. Afterwards, restart the services and IIS. Afterwards, ensure that the Notification Server Console and SQL Server used by the NS can be accessed without error.
IIS and Server Extensions may need to be restarted one final time on the ServiceDesk server.
Ensure that the DefaultAppPool is started. After making credential changes, it may go back offline.
If errors or other issues still occur, review the ServiceDesk server logs from the <ServiceDesk_installation_drive>:\Program Files (x86)\Altiris\Workflow Designer\Logs folder, sorting by most recent date/time, next.
Imported Document ID: TECH137961
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe