Prior to making any changes, please refer to the Required Steady State Privileges section of the Symantec ICA Administrator Guide to ensure the account used as the ICA service account identity has been granted sufficient privileges to perform each of its functions.
Microsoft Internet Information Services (IIS)
To update the password of the application pool identity used by IIS for the ICA application, follow this procedure:
- On the ICA application server, open the Internet Information Services (IIS) Manager
- In the Connections pane, expand the server hosting the ICA application and select Application Pools
- On the Application Pools page, right-click the RiskFabricAppPool and select Advanced Settings
The Advanced Settings window opens
- In the Advanced Settings window, locate the Process Model heading
- Under the Process Model heading, select Identity and click on the ellipsis next to the credential name
The Application Pool Identity window opens
- In the Application Pool Identity window, click the Set... button next to Custom Account
the Set Credentials window opens
- In the Set Credentials window, enter the user name and new password
- Click the OK button to close the Set Credentials window
- Click the OK button to close the Application Pool Identity window
- Click the OK button to close the Advanced Settings window
- Recycle the RiskFabricAppPool using either of the following methods:
- On the Application Pools page, right-click the RiskFabricAppPool and select Recycle...
- From a command prompt run as an administrator, execute the following command:
"%WinDir%\System32\inetsrv\appcmd.exe" recycle APPPOOL RiskFabricAppPool
Microsoft SQL Server
NOTE: If Kerberos is used for brokering authentication to the RiskFabric_ASDB
linked server (RiskFabric
OLAP cube), skip the RiskFabric_ASDB procedure in this section and follow the SQL Server Agent Proxies procedure.
RiskFabric_ASDB
To update the password used by SQL Server to execute queries against the RiskFabric
OLAP cube hosted by Analysis Services, follow this procedure:
- Open SQL Server Management Studio (SSMS)
- Connect to the Database Engine hosting the
RiskFabric
relational database
- In Object Explorer, navigate to Server Objects > Linked Servers
- Right-click the RiskFabric_ASDB linked server and select Properties
The Linked Server Properties window opens
- In the Linked Server Properties window, select the Security page
- Update the remote login (if needed) and password for the setting Be made using this security context
- Click the OK button to save the setting and close the Linked Server Properties window
SQL Server Agent Proxies
To update the password used by ICA's SQL Server Agent proxies (Bay Dynamics AD Connector Proxy
, RiskFabric Nightly Processing
, RiskFabric Proxy
), follow this procedure:
- Open SSMS
- Connect to the Database Engine hosting the
RiskFabric
relational database
- In Object Explorer, navigate to Security > Credentials
- Right-click the RiskFabric Nightly Processing credential and select Properties
The Credential Properties window opens
- In the Credential Properties window, update the Identity (if needed) and password
- Click the OK button to save the credentials and close the Credential Properties window
- Repeat steps 1 through 6 for the Bay Dynamics AD Connector Credential (if using the Active Directory integration)
Microsoft SQL Server Analysis Services (SSAS)
To update the password used by SSAS to connect to the RiskFabric
relational database data source, follow this procedure:
- Open SSMS
- Connect to the Analysis Services server hosting the
RiskFabric
OLAP cube
- In Object Explorer, navigate to Databases > RiskFabric
- Right-click RiskFabric and select Properties
The Database Properties window opens
- In the Database Properties window under the Security Settings heading, edit the Data Source Impersonation Info
The Impersonation Information window opens
- In the Impersonation Information window, update the Password
- Click the OK button to save the password and close the Impersonation Information window
- Click the OK button to close the Database Properties window
- In Object Explorer, navigate to Databases > RiskFabric > Data Sources
- Right-click RiskFabric and select Properties
The Data Source Properties window opens
- In the Data Source Properties window under the Security Settings heading, edit the Impersonation Info
The Impersonation Information window opens
- In the Impersonation Information window, select the Inherit impersonation option
- Click the OK button to close the Impersonation Information window
- Restart the SQL Server Analysis Services (
msmdsrv
) service using any of the following methods:
- In SSMS Object Explorer, right-click the SSAS hostname and select Restart
- From the Windows menu, open Services (
services.msc
), right-click the service SQL Server Analysis Services (<Instance-Name>
), and select Restart
- From a command prompt run as an administrator, execute the following commands:
net stop MSSQLServerOLAPService[$instancename]
net start MSSQLServerOLAPService[$instancename]
Active Directory
To update the password used by the Active Directory Connector Utility to query Active Directory (AD) domain controllers, follow this procedure:
- Open SSMS
- Connect to the Database Engine hosting the
ActiveDirectoryDW
relational database
- In Object Explorer, navigate to Databases > ActiveDirectoryDW > Tables
- Right-click the table dbo.Server and select Select Top 1000 Rows
- Note the
ServerID
value of the AD server(s) to be updated
- In Object Explorer, navigate to SQL Server Agent > Jobs
- Right-click the Bay Dynamics AD Connector Job and select Properties
The Job Properties - Bay Dynamics AD Connector Job window opens
- In the Job Properties - Bay Dynamics AD Connector Job window, select the Steps page
- In the Steps page, select the Edit button
- In the Command window, note the path to the
ImportADUsersAndComputers.exe
executable
- From a command prompt, navigate to the path identified in step 10
- Edit the following command, passing the
ServerID
from step 5 and the new password for the account:
ImportADUsersAndComputers.exe -setapipassword <ServerID> <new-password>
NOTE: If the AD password contains special characters, enclose the password in double quotation marks (for example, "new_password"
)
- Execute the command
Integrations
To update the password(s) used to connect to data sources through integration packs or via custom integrations, follow this procedure:
- Open the Risk Fabric console
- Navigate to Admin > Integration > Data Sources
- From the Choose Data Source menu, select the integration to be updated (for example, Symantec Data Loss Prevention)
- If the data source is connected through an integration pack, select the contact card icon next to the server to be updated
- Follow the prompts in the Edit Connection Settings window to update the credentials of the data source connection
- If the data source is User Defined, right-click the datasource name and select Edit Data Source
- On the Create Data Source page, update the password used for the data source connection
- Repeat applicable steps 3 through 7 for each data source connection to be updated