How to Change SharePoint 2013 Farm Account Password

 SharePoint Farm Account

SharePoint farm account is a service account which manages farm services. It is also used as application pool identity for Central Administration and used for accessing database. In some conditions, you may have to change the password of SharePoint farm account due to security policies.

Steps to change Farm Account Password using Central Administration

In this blog, we will update SharePoint farm password from SharePoint Central Administration which means we don't have to change the password in Active Directory. When we change the password using below steps, password in AD will be automatically updated.
  1. Go to SharePoint Central Administration
  2. Click on Security 
  3. Under General Security header, click on "Configure managed accounts"
  4. Click on Edit icon against the respective service account for which you want to change the password
  5. Tick "Change password now" check box
  6. Select "Set account password to new value" option
  7. Enter the new password and click OK to save the password to the managed account


When you click Change password now, it will give three options as shown in above screenshot. These options are elaborated below:

Generate new password - This will auto generate new password and assign it to the managed account, it will remain abstracted from the user, who changed the password. There is no way to know the new password.

Set account password to new value - This will create a new password and update it back to the Active Directory.

Use existing password - This option is used to update the AD password of the account to SharePoint managed account. In this way, the AD password is synchronized with the managed account.

Note: 
The benefit of changing password from managed accounts is that SharePoint can automate some of the actions across the farm like changing windows service registrations and IIS pool registrations.

Warning

If you are using same service account in an ERP like Dynamics AX which is integrated with your SharePoint, then Dynamics AX may stop working after password change (SharePoint will work normally). 

You may face below errors:
 "Exception has been thrown by the target of an invocation"

Solution:
Update log on credentials of AOS service because AOS service will not update the new password for the service account automatically.
Steps:
  • Open Services.msc on Dynamics AX server
  • Select the AOS service, the default name usually is "Microsoft Dynamics AX Object Server ** - MicrosoftDynamicsAX" abd stop the service.
  • Right click the service and select properties
  • Click Log on tab and update credentials for service account 
  • Click Apply and OK and Start the service

After following above steps, error "Exception has been thrown by the target of an invocation" will be gone and Dynamics AX will be working.

Here, game is not over!

When user tries to access Dynamics AX and clicks on any report. For example, in my case, when I run Employee Wise Consolidated Report, I got an error again:
"The logon attempt failed"


Solution:
Update log on credentials of SSRS (SQL Server Reporting Services) service because SSRS service will not update the new password for the service account automatically.

Steps:
  • Open Services.msc on server where SQL server is installed
  • Select "SQL server reporting services"
  • Right click the service and select properties
  • Click Log on tab and update credentials for service account 
  • Click Apply and OK and Start the service


After following above steps, error "The logon attempt failed" will be gone and Dynamics AX will be working.

Final Note:
  • Manually change the User Profile Service password.  As required by SharePoint, this service uses the farm administrator account, however SharePoint 2013 does not treat this account as a managed account so it must be changed manually. 
  • Check if any applications in the Secure Store service use the farm administrator account, and if they do change the password there.
    • Go to Central Administration -> Application Management ->  Manage Service Applications -> Secure Store Service Application -> Select Target Application ID -> Update Credentials



 References:


 

Comments

Post a Comment

Popular posts from this blog

SharePoint 2013: How to replace expired WorkFlow Manager Certificates - Solution for Service bus error

Image
 Problem The Workflow Manager suddenly stopped working in my SharePoint 2013 with Workflow 2013. All the workflows associated with lists and libraries were not working. when I tried to manually start the workflows, I got below error message: The reason behind this issue was that Service Bus Gateway and Service Bus Message Broker Services were not running. When I tried to run those services, I got below error: After that I used Event Viewer to troubleshoot the service bus for server and found that the certificate requested with thumbprint XYZ is expired. Solution Solution for above problem is to replace expired workflow manager certificates. Below are steps for WFM farm using WFM.SB certificate generation key - resetting expired certificate process: Step 1 In order to reset generation key for WFM and SB the following steps needs to be done on the WFM node(s): System date and clock of WFM node must be set back before certificate expiration date (step needs to be done if multiple WFM ...
Read more

Service Bus Gateway service struck in starting State after installing security updates on SharePoint Servers

Image
 Problem background When you install updates on SharePoint Servers, things may get chaotic sometimes. In my case, when I installed security updates for SharePoint Servers, SharePoint 2013 workflows stopped working. First, I checked all service bus services. I figured out that Service bus Gateway was stuck in starting state. When I tried to manually start it, below error popped up: After checking logs in ULS viewer and Event Viewer, I found below messages: "  Service cannot be started. Microsoft.ServiceBus.Commands.Common.Exceptions.HostNotConfiguredException: Entry for host XYZAPPServer is not present in Service Bus farm management database. ---> System.Data.SqlClient.SqlException: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 -...
Read more