Control Compliance Suite (CCS)

The original passphrases used when CCS was installed have been lost or forgotten, and you need to reset new CCS passphrases.

CCS 12.6.1

CCS 12.7

Component : CCS Application Server

Steps on how to reset the service passphase in CCS:

1. Log into the Application Server as the CCS services account.
   
   
2. Go to the Program Files (x86)\Symantec\CCS\Reporting and Analytics\Application Server folder and run the Symantec.CSM.ConfigureServiceAccount utility (right click and 'Run As Administrator').
   
   
3. At the 'Welcome to Service Account Configuration Wizard' screen, click 'Next' to continue.
   
   
4. Select the third bullet point 'Reset service passphase'. NOTE: Once the passphrase is changed, ALL credentials in CCS will need to be deleted and then reentered.
   For the 'Directory server host:' field, put in 'localhost'.  Hit 'Next'.
5. Enter in the new passphrase for the Encryption Management Service.  Use the CCS Service account as the user and put it in the password.  Click 'Next'. 
   NOTE: Before you precede to the next step, stop and restart the 'Symantec Encryption Management Service' service.  Once the Encryption Management Service is re-started, the passphrase for Encryption Management Server is reset, and cannot be rolled back during the current session of the tool.
   
   
6. Enter in the new passphrase for the Application Server Service.  Use the CCS Service account as the user and put it in the password.  Click 'Next'.
   
   
7. Specify the SQL database connection details for the CSM_DB database.  NOTE: If you have a 'Instance Name', leave the 'Port Number' field blank.  Click 'Next'.
   
   
8. Specify the SQL database connection details for the CSM_Reports database.  NOTE: If you have a 'Instance Name', leave the 'Port Number' field blank.  Click 'Next'.
   
   
9. Make note of the users that have their passwords stored in CCS.  Those users will need to have to go into the CCS console and re-enter their passwords for Scheduled jobs to run. (Admin -> Scheduled Job Management - Store Password with CCS and enter in the password).  Click 'Next'.
   
   
10. Make note of the list of data collectors and data collector sites. Click 'Next'
    
    
11. Finish screen, click 'Next'.
      
12. Stop and restart the 'Symantec Application Server Service' 
13. Reset the password for any Data Locations that are configured (Settings -> Application Settings -> Data Locations).
    
    
14. Make sure for any user that is used to run scheduled jobs (from Step 9 above) as they will also need to go back in to the 'Scheduled Job Management' and set their password again, as all the credentials have been deleted and the new blob created.
    
    

Explanation on why all of the CCS credentials need to be deleted and recreated:

When you reset the passphrases, there is a blob in ADAM that stores all the passwords this will become inaccessible to CCS after the passphrases are reset. To get around this you simply need to delete all configured credentials.  Once they are all deleted, a new blob will be created after you create the first new credential.