How to update the service account password for Symantec Control Compliance Suite (CCS) using the CCS console

book

Article ID: 156140

calendar_today

Updated On:

Products

Control Compliance Suite Exchange Control Compliance Suite Windows

Issue/Introduction

You want to know how to change the Service Account password used by the Symantec Application Server service in CCS. 

The steps below outline a procedure that can be used if you can preplan and can make changes dynamically in the CCS console immediately upon having changed the Active Directory password for the service account.

NOTE: The Configure Service Account tool (ConfigureServiceAccount.exe), whose use is outlined in other technical documents,  is only required to be used if the password has been changed and the application server service will not start. It can also be used if the steps below fail to change the password for any reason.

 

 

 

Cause

 

 

Environment

CCS 11.x and 12.x

 

Resolution

Use the following steps to change Symantec Application Server Service account password (not the account name itself):

  1. Before changing the AD password for the service account, restart the Symantec Application Server service to renew the authentication token.
  2. Remote Desktop or Console into the local machine that the Application Server is installed on. Login with an account that is a CCS Administrator (the service account can be used).
  3. Launch the CCS console and ensure it loads.
  4. Reset the password in Active Directory using either Active Directory Users and Computers utility or other internal method you have in place.  Ensure your AD domain controllers will replicate the change quickly.
  5. Immediately upon changing the password in AD, in the CCS console navigate to:
    •   Settings >Secure Configuration >Application Server Credentials (CCS 11.x)        or to 
    •   Admin > Application Server Credentials  (CCS 12.x)
  6. Ensure that the correct service account is listed here in the User Name box.  If so, then enter the new password for this account and click the Update Password button.  Wait till you see a line message indicating that it was successfully updated.
  7. Close the CCS Console.
  8. Open the Services.msc on the application server and stop the:
    • Symantec Application Server service
    • Symantec Directory Support service
    • Symantec Encryption Management service (if it uses the same account that you changed the password for...if not then leave this service running).
  9. For each of these services that you stopped, change the LOG ON tab to have the new password for the service account.
  10. Restart the services in REVERSE order as they are listed above (i.e. Encryption first, then Directory, then application server)
  11. Once the CCS services have started, launch the CCS Console.
  12. If CCS is configured to store the password for scheduled jobs and you have created scheduled jobs while logged in with the service account, then navigate to:
    • Home>User Preferences (CCS 11.x)    or to
    • Admin > Scheduled Job Credentials      and enter the new password for the service account. 
      • NOTE: This step (12) can be skipped if controlled delegation is being used since CCS only needs to store the passwords for scheduled jobs when controlled delegation is not used.  However it will not hurt to enter the new password here in either case.

Note: In addition, if the same service account is also used for LDAP asset imports, data locations, CSV data collection, ODBC data collection or other credentials used in data collections, you will need to update those setups as well with the new password.  Again, this is only required if you have used the same service account for other connections or in other credentials within CCS.