VMware Workspace ONE Community
cloudmaster2017
Enthusiast
Enthusiast
‎12-18-2019 04:23 AM

Service Account Password Change for On-Prem

So how does your company manage the password changes for your service accounts that manage the workspace one service?  Airwatch is telling me not to change the password or to reinstall all the software again.  They have a DB tool for SaSS customers, but not for on-prem AD accounts.  If something does need to be changed in the DB, you wouldn't' think it would be too hard for them to provide a script for this.  I assume I can't change the password and just the windows services, I' m assuing the hash of the password is somewhere in the SQL DB.  Anybody have any experience with this. 

Thanks
Labels (1)
Labels
0 Kudos
3 Replies
Vestengen
Enthusiast
Enthusiast
‎12-18-2019 06:42 AM

What kind of service account are you going to update ?
If it's the database user I'll probably do while upgrading.
I can't remember that I configured Windows services with service accounts. If you use service accounts for windows services I assume it only need rights to run the services.
0 Kudos
cloudmaster2017
Enthusiast
Enthusiast
‎12-18-2019 10:50 AM

So when you install airwatch you have a service account such as WorkspaceOneAdmin_Production.  Support says if the password changes the full workspace one software will have to be reinstalled.  I know the password is tied to quite a few windows servers, I assume I just can't change them, I assume its in the DB too.  Airwatch has a tool for SaSS customers to update the password with a utlity.  When your on prem their saying an AD account service account is NOT supported to be changed.  They recommend never changing the password (not an option that is against policy), or reinstalling the software.  Since this is a password change for the service that runs the whole thing having two sites in HA pair will be of little help. 

I know their are a bunch of customers on-prem still, how do they do this password change?

Thanks
0 Kudos
Vestengen
Enthusiast
Enthusiast
‎12-19-2019 12:53 AM

All  the Windows services are using Local System as default. This ' account'  is only to have access to run the service. If you're running Windows Services with service accounts you'll need to update the services when passwords are changed.
You have the DB user that gives Application servers access to the SQL DB. I will not change this password except when I do a version upgrade (you'll asked to enter password in the start of the upgrade).
The user running the upgrade/install itself is a account that have admin rights to the servers during setup. This could be a personal admin user that have password changed from time to time.
Reporting account can be updated in the console.
What other service accounts do we have ?

I have to admit that it's a while since last install, but upgrades are done all the time.
0 Kudos