How to reset the stored credentials for the Application Identity
If the Symantec Management Console will not load , Active Directory cannot be accessed or other possible credential issues while running Notification Server occur you may have to reset the stored credentials for the Application Identity.
For example, when you change the Application Identity in Active Directory, the Notification Server services will continue running under old Application Identity credentials and will lock the account trying to authenticate with old Application Identity credentials. An account will be locked only if system's security policy is set to lock it after a few failed login attempts.
NOTE: It is recommended to log into the Notification Server (SMP) as the Application ID while performing any form of maintenance, updates, upgrades, or repairs. On installation, the AppID is listed as the owner of the Altiris Service found in Services.msc.
There are multiple methods that could be used to resolve these problems (if this is related to Notification Server 6 use Method 1):
METHOD 1: Use the AexConfig.exe utility and use the /svcid switch to reset this Identity.
In some circumstances the command line in number three above will give you an error stating the following: “The system cannot find the file specified”
If that is the case, please try enclosing the password in quotation marks. Example: AeXConfig.exe /svcid user:<domain\username> password:"<password>"
In some instances the above method will not work correctly. The steps below will work if the above process fails:
To run the command as a batch file:
"C:\Program Files\Altiris\Notification Server\Bin\AeXConfig.exe" /svcid user:<domain\username> password:<password>
For additional information about the various command line switches available, from the DOS prompt run "aexconfig.exe /?"
METHOD 2: Use Symantec Installation Manager (SIM) to repair the credentials
If Method 1 fails, make sure you are running the latest version of SIM and use SIM to repair the the Symantec Management Platform. If this second method fails, confirm the version of SIM being used as there was a known issue in previous builds of SIM that would prevent this from working properly. (See article TECH41586 for more details on the problem that was resolved in SP2).
METHOD 3: If you can load the console:
Create a service account in Active Directory and get the AD SID.
Click on Settings >All Settings>Notification Server> Notification Server Setting > Processing and change to the desired credentials to the NS service account created above and click OK.
Update the [SecurityTrustee] table in the Symantec_CMDB database.