Description:
The Technical document shows how to reset the PSA_PS_ServerName users encrypted password that is randomly generated when installing the PSA on a Domain Controller. This command will help you reset the password to your desire or anyway you won't have to reinstall the PSA in case of appearing authentication issues.
Solution:
Back Ground on PSA:
When the PSA is installed on the Domain Controller an internal user named PSA_PS_ServerName is created in the SSO Server to which the PSA then sends password change information. The PSA_PS_ServerName account is used by the PSA to authenticate against this SSO Server. The installer generates a password for this User and stores it in the Domain Controller registry.
For some reason it may become necessary to change the password of the PSA_PS_ServerName account. This has to be done on the Domain Controller the PSA is installed on and on the SSO Servers the PSA sends password change information to. Note to put the very same password in both places to keep them in sync.
Error Situation:
You may see this error in the PSA logs (WinPSAFilter.log) as follows in Image 1.
Error: Admin authentication failed, error: rc = 256 (ETWAC_API_FAIL)
Image 1
<Please see attached file for image>
Since we don't know the password that was generated we need to set the password on both ends to be the same (DC and Policy Server).
To set the password on the Domain Controller (DC) do the following:
<Please see attached file for image>
<Please see attached file for image>
<Please see attached file for image>
Image 5.
<Please see attached file for image>