After changing the AppID password, the Altiris Account keeps locking up.
search cancel

After changing the AppID password, the Altiris Account keeps locking up.

book

Article ID: 161516

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

After changing the password for the Application Identity (AppID), the Altiris account keeps locking up without a specific reason. There are no specific errors in the Event logs and Notification Server logs that points to a specific application or process that could be causing this.

Environment

ITMS 8.x

Cause

There are multiple reasons where this could occur and some of the most common causes are:
1. There are some Scheduled Tasks or Active Directory Imports that may be using the AppID as a user having the old password still associated to them.
2. There are services outside the SMP where the user is using the same AppID account, such as the SQL service account that is not updated

Resolution

Some things to check are:

  1. Make sure that you followed the suggestions in the following KB Article:  Changing the Application Identity account password
  2. Verify that there are not Scheduled Tasks running under the Altiris account. Usually you can identify these tasks by looking for those that have a Status saying "Could Not Start" or "Never". By default those should be running under NT AUTHORITY\SYSTEM. Try to change the "Run As" to  an account under the Properties of those Scheduled Tasks that are not running or add the new password to those tasks that are using the Altiris account.
  3. Verify that you don't have Active Directory Import Rules that are using the Altiris Account with the old password. It is recommended to use the "Use Application Credentials" for the authentication.
  4. Verify you don't have another service outside SMP that uses the same AppID account to run the service, such as the SQL service account on your SQL server.
  5. You may need to check any other configuration that use the Authentication processes. Some of these could be:
    • Package Servers (under Settings> All Settings> Notification Server> Site Server Settings> Package Service> Advanced> Package Servers Settings).
    • Symantec Management Agent Installation Settings (under Settings> All Settings> Agents/Plug-insSymantec Management Agent> Settings> Agent Install> Install Agent> Settings button).
    • Hierarchy Credentials (under Settings> All Settings> Notification Server> Hierarchy and Replication> Hierarchy> Hierarchy Management> Edit the corresponding Child connection).
    • Database Settings (under Settings> All Settings> Notification Server> Database Settings> General tab or Reports tab)
    • Agent Connectivity Credentials (aka ACC) (under Settings> All Settings> Agents/Plug-insSymantec Management Agent> Settings> Authentication tab). 

NOTE: Most cases you should be using "Use Application Credentials" to facilitate the change of the Altiris account password.