How to inform CCS of a change in the Control Compliance Suite's service account, the service account's password, and or a change in the SQL Database Locations.
Last Updated October 31, 2016
Need to change the service account that the Application Server service, Encryption Management service, and Directory Server services run under or you need to change the password for the existing service account, or you need to inform CCS of a new location for the CCS SQL server databases.
The Configure Service Account utility must be run with an account that has
Local Administrator rights on the Application server (i.e.. has full rights in ADAM),
SysAdmin rights on the SQL server where the CCS databases are located. The original encryption passphrase that was used when installing the product (or if you have previously changed it then you will need to know the new one) will also be required to run the utility.
While logged in with the privileged account mentioned above, on the CCS Application Server, open the utility from the path:
C:\Program Files (x86)\Symantec\CCS\Reporting and Analytics\Application Server\Symantec.CSM.ConfigureServiceAccount.exe
Click NEXT on banner page (if present) then Select "Change Service Account" radial button under Options.
Make Sure that the port number is 3890 in "ADAM/ADLDS Port Number" Column, enter the Directory Server name (or if local then enter "localhost") and click Next.
NOTE: Only NetBIOS name of Directory Server, no FQDN
If you are changing both the Encryption Management service and the Application server service service accounts then check both the Encryption Management Service and Application Server Service checkboxes, answer YES to any message about being an ADAM administrator and having sysadmin rights in SQL (as you have ensured this prior to running utility) and click Next.
On the "Specify Username and Password for Encryption Management Service" screen (or if you selected only application server you will see that page):
Enter the new account in Domain\user ID format then enter the password (and confirm) for the new account.
To only update the password (i.e. you are not changing the account), enter the existing service account ID (Domain\user ID) and then enter the new password for this account.
Click NEXT then repeat for the Application Server service (if previously selected to be changed).
On the "Specify the passphrase for Symantec Services" screen, enter the encryption passphrase you used for the Application Server Service and Encryption Management Service during install (or the one you updated it to at a later time). Click NEXT....the screen may take a moment to change or an error will appear if the passphrase supplied cannot decrypt the existing account info.
NOTE: Often the same encryption passphrase was used for both services, although not necessarily.
On the "Specify SQL Server Connection Details" page.
Enter the SQL Server name (or Browse to select), instance name (if not default), and port if other than 1433.
If you are wanting to inform CCS that you have moved the CCS databases to a new machine, enter the new SQL server information here.
If the same SQL Server instance holds the Management_Reports database as well then select the checkmark "Use Same for Reporting" which is at the bottom of the page. If not, click NEXT and enter the information for the CSM_Reports database.
Click Next and Finish the wizard. You should receive a success message.
Once the above steps are completed, update the Logon account (if changed) and passwords in the services.msc on the CCS component servers for any Symantec CCS service that uses the service account to run under. Normally these are the Directory Server service, Encryption Management Server service, and the Application Server service. Change the accounts and restart the services in the order listed.
Imported Document ID: TECH203138
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe