Preparation Steps to Apply an Upgrade or Cumulative Release (CR) of the SSO Server by a Different User than the one who Initially Installed it.


Article ID: 51141


Updated On:


CA Single Sign-On




Typically all installation and update tasks are performed by the very same administrative user account.

This document is describing how to apply an update or a newer Cumulative Release to the SSO Server while being logged on to the local OS as a different user than the one who initially installed the SSO Server.


Make sure the new user is member of the "Domain Admins" and/or local "Administrators" group.

Add a synonym of this user account to the local Administrative Datastore in the SSO Server using the Policy Manager.

Ensure the following settings are met:

<Please see attached file for image>

Figure 1

<Please see attached file for image>

Figure 2

<Please see attached file for image>

Figure 3

If it is wanted to also logon with this user to the Policy Manager, also set the EAC password accordingly.

Alternatively it is also possible to submit these selang commands instead:

nu ("ACME\\SubAdmin") auth_type ("Method20") nonative
eu ("ACME\\SubAdmin") interval (0) grace- admin Password("ChangeThis") nonative
authorize TERMINAL ("") uid ("ACME\\SubAdmin") access ("a")
join ("ACME\\SubAdmin") group ("_ps-adms")
Adjust the relevant values for 
ACME = Windows Domain
SubAdmin = Login Name for the newly created administrative account
ChangeThis = Password to be used for this user

Next logoff from the SSO Server console and logon in this case as ACME\SubAdmin to perform the update.

Note that this procedure is valid only for SSO r8.1 CR 20, SSO r12.0 CR4 and SSO r12.0 GA and newer.


Release: SOASA199000-12.1-SOA Security Manager-w/ SOA Agent Addl CPUs




1558695262592000051141_sktwi1f5rjvs16mxu.gif get_app
1558695260714000051141_sktwi1f5rjvs16mxt.gif get_app
1558695258784000051141_sktwi1f5rjvs16mxs.gif get_app