cancel
Showing results for 
Search instead for 
Did you mean: 

Service account change for Windows AD Authentication

Former Member
0 Kudos
154

Team,

we are planning to change the service account which we are using for windows AD authentication and we have Enterprise alias for every windows AD user so no issues with data.

Please, let me know what is the best process to make the changes and provide the documentation if there is any.

Thanks,

Srikanth

Accepted Solutions (0)

Answers (1)

Answers (1)

BasicTek
Advisor
Advisor
0 Kudos

The standard KBA 1631734 shows there are 3 primary places for a service account

1) running the SIA (added to local admin group)

2) in the CMC (AD plugin administration account)

3) In the web/app java options (as password) or in the global.properties (as password or keytab)

Check all the locations you will need to update them all. It's possible that the account could be used for non auth related functions such as scheduling to a file location but wouldn't be covered under the authentication config.

-Tim

Former Member
0 Kudos

Hello Tim,

Thank you for the details. Here, I did below changes in my environment.

1. Updated the new service account details for Tomcat and SIA.

2. Replaced the keytab file.

3. Updated the required details in war files.

Then I started the Tomcat and SIA, it's showing that as running and when i try to login to environment using enterprise authentication. it is not allowing me to login.

I have not made any changes to bscLogin.conf and krb5.ini and not changed details for the windows AD under the Authentication in CMC. Why it is not allowing me to login using the enterprise credentials when Tomcat and SIA is up & running?

Thanks

Srikanth

BasicTek
Advisor
Advisor
0 Kudos

nothing about the AD account would affect enterprise unless the CMS did not start. Sometimes the SIA starts and CMS does not (check in windows task manager). Typo of password could be the fault or look at the microsoft security and ysstem logs.