How to change the Application Identity in NS7

book

Article ID: 178205

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

Question

How to reset the stored credentials for the Application Identity

Answer

If the Symantec Management Console will not load , Active Directory cannot be accessed or  other possible credential issues while running Notification Server occur you may have to reset the stored credentials for the Application Identity.

For example, when you change the Application Identity in Active Directory, the Notification Server services will continue running under old Application Identity credentials and will lock the account trying to authenticate with old Application Identity credentials. An account will be locked only if system's security policy is set to lock it after a few failed login attempts.

NOTE: It is recommended to log into the Notification Server (SMP) as the Application ID while performing any form of maintenance, updates, upgrades, or repairs. On installation, the AppID is listed as the owner of the Altiris Service found in Services.msc.

There are multiple methods that could be used to resolve these problems (if this is related to Notification Server 6 use Method 1):

 

METHOD 1: Use the AexConfig.exe utility and use the /svcid switch to reset this Identity. 

  1. Open a Windows Command Prompt (Right Click and Run as Administrator) directly from the NS7 server
  2. Browse to \Program Files\Altiris\Notification Server\Bin
  3. Substitute the appropriate domain, username and password into the syntax below and run this command in the DOS window:
    AeXConfig.exe /svcid user:<domain\username> password:<password>

In some circumstances the command line in number three above will give you an error stating the following:  “The system cannot find the file specified”

If that is the case, please try enclosing the password in quotation marks.  Example:  AeXConfig.exe /svcid user:<domain\username> password:"<password>"

In some instances the above method will not work correctly.  The steps below will work if the above process fails: 

  1. Open the Windows Registry editor
  2. Browse to the registry key:
    HKLM\SOFTWARE\Altiris\express\Notification Server\AppIdentity
  3. Delete the items:
    "user"
    "pwd"
  4.  Run:
    AeXConfig.exe /svcid user:<domain\username> password:<password>
    • In one instance we had to reboot the server after deleting these reg keys.

To run the command as a batch file:

"C:\Program Files\Altiris\Notification Server\Bin\AeXConfig.exe" /svcid user:<domain\username> password:<password>

For additional information about the various command line switches available, from the DOS prompt run "aexconfig.exe /?"

METHOD 2: Use Symantec Installation Manager (SIM) to repair the credentials

If Method 1 fails, make sure you are running the latest version of SIM and use SIM to repair the the Symantec Management Platform. If this second method fails, confirm the version of SIM being used as there was a known issue in previous builds of SIM that would prevent this from working properly. (See article TECH41586 for more details on the problem that was resolved in SP2).

METHOD 3:  If you can load the console:

Create a service account in Active Directory and get the AD SID.

Click on Settings >All Settings>Notification Server> Notification Server Setting > Processing and change to the desired credentials to the NS service account created above and click OK

Update the [SecurityTrustee] table in the Symantec_CMDB database.