After changing the AppID password, the Altiris Account keeps locking up.

book

Article ID: 161516

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

After changing the password for the Application Identity (AppID), the Altiris account keeps locking up constantly without a specific reason. There is no specific errors in the Event logs and Notification Server logs that points to the specific application or process that is causing it.

Cause

There are multiple reasons for such problem. Some of the most common are:
1. There are some Scheduled Tasks and Active Directory Imports that may be using the AppID as user but having the old password still associated to them.
2. There are services outside the SMP where the customer is using the same AppID account, such as the SQL service account and still the account is not updated

Resolution

  1. Make sure that you followed the suggestions on the following KB Articles:
    • KB TECH194254 "How to change the password of the Application Identity account"
    • KB HOWTO1065 "Application Identity—how to change the password"
    • KB HOWTO10009 "How to change the Notification Server's Application Identity"
    • KB TECH44284 "AeXConfig.exe /svcid command does not set application id or service credentials"

  2. Verify that there are not Scheduled Tasks running under the Altiris account. Usually you can identify those tasks by looking on those that have a Status saying "Could Not Start" or "Never". By default those should be running under NT AUTHORITY\SYSTEM. Try to change the "Run As" account under the Properties of those Scheduled Tasks that are not running or add the new password to those tasks that are using the Altiris account.
  3. Verify that you don't have Active Directory Import Rules that are using the Altiris Account with the old password. It is recommended to use the "Use Application Credentials" for authentication.
  4. Verify you don't have another service outside SMP that uses the same AppID account to run the service, such as the SQL service account on your SQL server.
  5. You may need to check any other configuration that uses Authentication processes. Some of them could be:
    • Package Servers (under Settings> All Settings> Notification Server> Site Server Settings> Package Service> Advanced> Package Servers Settings).
    • Symantec Management Agent Installation Settings (under Settings> All Settings> Agents/Plug-insSymantec Management Agent> Settings> Agent Install> Install Agent> Settings button).
    • Hierarchy Credentials (under Settings> All Settings> Notification Server> Hierarchy and Replication> Hierarchy> Hierarchy Management> Edit the corresponding Child connection).
    • Database Settings (under Settings> All Settings> Notification Server> Database Settings> General tab or Reports tab)
    • Agent Connectivity Credentials (aka ACC) (under Settings> All Settings> Agents/Plug-insSymantec Management Agent> Settings> Authentication tab).
       

Note: Most cases you should be using "Use Application Credentials" to facilitate the change of the Altiris account password.

 


Applies To

Symantec Management Platform 7.1 SP1 and later
Symantec Management Platform 7.5 and later