Update ICA services credentials and data source credentials
search cancel

Update ICA services credentials and data source credentials

book

Article ID: 226575

calendar_today

Updated On:

Products

Information Centric Analytics

Issue/Introduction

The nature of Information Centric Analytics' (ICA) architecture requires multiple identities to be defined across Microsoft Internet Information Services (IIS), SQL Server, and SQL Server Analysis Services (SSAS), though the same identity may be used in all cases. Additional credentials may be used with integration packs and in the Integration Wizard (IW) for data source queries. In some environments, the passwords of one or more identities may periodically change, necessitating an update of the passwords used for ICA and data source integrations.

NOTE: The ICA service account should be configured to use a persistent or semi-persistent password in accordance with your organization's security policies. Password rotations on 24-hour cycles will necessitate following these procedures daily; a failure to do so will result in the failure of one or multiple components of ICA.

This article does not address changes to ICA portal user account credentials.

Environment

Release : 6.x

Component : Credentials

Resolution

Microsoft Internet Information Services (IIS)

To update the password of the application pool identity used by IIS for the ICA application, follow this procedure:

  1. On the ICA application server, open the Internet Information Services (IIS) Manager
  2. In the Connections pane, expand the server hosting the ICA application and select Application Pools
  3. On the Application Pools page, right-click the RiskFabricAppPool and select Advanced Settings
  4. In the Advanced Settings window, locate the Process Model heading
  5. Under the Process Model heading, select Identity and click on the ellipsis next to the credential name
  6. In the Application Pool Identity window, click the Set... button next to Custom Account
  7. In the Set Credentials window, enter the user name and new password
  8. Click the OK button to close the Set Credentials window
  9. Click the OK button to close the Application Pool Identity window
  10. Click the OK button to close the Advanced Settings window
  11. On the Application Pools page, right-click the RiskFabricAppPool and select Recycle...

Microsoft SQL Server

To update the password used by SQL Server to execute queries against the RiskFabric cube hosted by Analysis Services, follow this procedure:

  1. Using SQL Server Management Studio (SSMS), connect to the Database Engine hosting the RiskFabric database
  2. In Object Explorer, navigate to Server Objects > Linked Servers
  3. Right-click the RiskFabric_ASDB linked server and select Properties
  4. In the Linked Server Properties window, select the Security page
  5. Update the remote login (if needed) and password for the setting Be made using this security context
  6. Click the OK button to save the setting and close the Linked Server Properties window

To update the password used by SQL Server Agent proxies (e.g., Bay Dynamics AD Connector Proxy, RiskFabric Nightly Processing, RiskFabric Proxy), follow this procedure:

  1. Using SSMS, connect to the Database Engine hosting the RiskFabric database
  2. In Object Explorer, navigate to Security > Credentials
  3. Right-click the RiskFabric Nightly Processing credential and select Properties
  4. In the Credential Properties window, update the Identity (if needed) and password
  5. Click the OK button to save the credentials and close the Credential Properties window
  6. Repeat steps 1 through 5 for the Bay Dynamics AD Connector Credential (if using the Active Directory integration)

Microsoft SQL Server Analysis Services (SSAS)

To update the password used by SSAS to connect to the RiskFabric database hosted by SQL Server, follow this procedure:

  1. Using SQL Server Management Studio (SSMS), connect to the Analysis Services server hosting the RiskFabric cube
  2. In Object Explorer, navigate to Databases > RiskFabric
  3. Right-click RiskFabric and select Properties
  4. In the Database Properties window under the Security Settings heading, edit the Data Source Impersonation Info
  5. In the Impersonation Information window, update the Password
  6. Click the OK button to save the password
  7. Click the OK button to close the Database Properties window
  8. In Object Explorer, navigate to Databases > RiskFabric > Data Sources
  9. Right-click RiskFabric and select Properties
  10. In the Data Source Properties window under the Security Settings heading, edit the Impersonation Info
  11. In the Impersonation Information window, select the Inherit impersonation option
  12. Click the OK button to close the Impersonation Information window
  13. Restart the SQL Server Analysis Services (msmdsrv) service using either of the following methods:
    1. In SSMS Object Explorer, right-click the SSAS hostname and select Restart
    2. From the Windows menu, open Services (services.msc), right-click the service SQL Server Analysis Services (<Instance Name>), and select Restart

Active Directory

To update the password used by the Active Directory Connector Utility to query Active Directory domain controllers, follow this procedure:

  1. Using SQL Server Management Studio, connect to the database engine hosting the ActiveDirectoryDW data warehouse
  2. In Object Explorer, navigate to Databases > ActiveDirectoryDW > Tables
  3. Right-click the table dbo.Server and select Select Top 1000 Rows
  4. Note the ServerID of the AD server(s) to be updated
  5. In Object Explorer, navigate to SQL Server Agent > Jobs
  6. Right-click the Bay Dynamics AD Connector Job and select Properties
  7. In the Job Properties - Bay Dynamics AD Connector Job window, select the Steps page
  8. In the Steps page, select the Edit button
  9. In the Command window, note the path to the ImportADUsersAndComputers.exe executable
  10. From a command prompt, navigate to the path identified in step 9
  11. Edit the following command to use the ServerID from step 4 and the new password for the account: 
    ImportADUsersAndComputers.exe -setapipassword <ServerID> <new password>

    Note: If the AD password contains special characters, enclose the password in double quotation marks (i.e., "new_password")

  12. Execute the command

Integrations

To update the password(s) used to connect to data sources through integration packs or via custom integrations, follow this procedure:

  1. Open the ICA console
  2. Navigate to Admin > Integration > Data Sources
  3. From the Choose Data Source menu, select the integration to be updated (e.g., Symantec Data Loss Prevention)
  4. If the data source is connected via an integration pack, select the contact card icon next to the server to be updated*
  5. Follow the prompts in the Edit Connection Settings window to update the credentials of the data source connection
  6. If the data source is User Defined, right-click the datasource name and select Edit Data Source
  7. On the Create Data Source page, update the password used for the data source connection
  8. Repeat applicable steps 3 through 7 for each data source connection to be updated
Powered by Wolken Software