How to reset the passphrases in CCS

book

Article ID: 225122

calendar_today

Updated On:

Products

Control Compliance Suite Control Compliance Suite Standards Server

Issue/Introduction

Control Compliance Suite (CCS)

You have forgotten the original passphrases used when CCS was installed, and you would like to reset new passphrases.

Environment

Release : 12.5.x

Component : CCS Application Server

Resolution

Steps on how to reset the service passphase in CCS:

  1. Log into the Application Server as the CCS services account.
  2. Go to the Program Files (x86)\Symantec\CCS\Reporting and Analytics\Application Server folder and run the Symantec.CSM.ConfigureServiceAccount utility (right click and 'Run As Administrator').
  3. At the 'Welcome to Service Account Configuration Wizard' screen, click 'Next' to continue.
  4. Select the third bullet point 'Reset service passphase'.  NOTE: Once the passphrase is changed, ALL credentials in CCS will need to be deleted and then reentered.
    For the 'Directory server host:' field, put in 'localhost'.  Hit 'Next'.
  5. Enter in the new passphrase for the Encryption Management Service.  Use the CCS Service account as the user and put it in the password.  Click 'Next'. 
    NOTE: Before you precede to the next step, stop and restart the 'Symantec Encryption Management Service' service.  Once the Encryption Management Service is re-started, the passphrase for Encryption Management Server is reset, and can not be rolled back during the current session of the tool.
  6. Enter in the new passphrase for the Application Server Service.  Use the CCS Service account as the user and put it in the password.  Click 'Next'.
  7. Specify the SQL database connection details for the CSM_DB database.  NOTE: If you have a 'Instance Name', leave the 'Port Number' field blank.  Click 'Next'.
  8. Specify the SQL database connection details for the CSM_Reports database.  NOTE: If you have a 'Instance Name', leave the 'Port Number' field blank.  Click 'Next'.
  9. Make note of the users that have their passwords stored in CCS.  Those users will need to have to go into the CCS console and re-enter their passwords for Scheduled jobs to run. (Admin -> Scheduled Job Management - Store Password with CCS and enter in the password).  Click 'Next'.
  10. Make note of the list of data collectors and data collector sites. Click 'Next'
  11. Finish screen, click 'Next'.  
  12. Stop and restart the 'Symantec Application Server Service' 

When you reset the passphrases, there is a blob in ADAM that stores all the passwords this will become inaccessible to CCS after the passphrases are reset. To get around this you simply need to delete all configured credentials.  Once they are all deleted, a new blob will be created after you create the first new credential.  You will also need to reset the password for any Data Locations that are configured. For any user that schedules jobs will also need to go back in to the "Scheduled Job Management" and set their password again. After all the credentials have been deleted and the new blob created.