Environment
Situation
Some security policies will not allow you to have service account password set to never expire. When this is the case; please follow the steps to change the domain account or SQL account passwords.
Resolution
Please use the following steps to update Domain and SQL Account Passwords for Services and Adapters in a NetIQ Aegis environment:
1.Change Windows Domain Accounts and SQL Account Passwords in AD & SQL.
2.Change the configured Windows and SQL Account Passwords for Adapters and Databases in the NetIQ Aegis Adapter Configuration Utility. These changes will
not be picked up by the Aegis Services until those services are re-started during Step 7 (below).
3.Stop & Disable all NetIQ Aegis Services in the following specific order:
a.NetIQ Aegis Activity Broker (dependency on the NetIQ Aegis Engine)
b.NetIQ Aegis Correlation Engine (dependency on the NetIQ Aegis Engine)
c.NetIQ Aegis Engine
d.NetIQ Aegis Namespace Provider
e.NetIQ Aegis Namespace Provider (pre-2.2)
f.NetIQ Aegis Resource Management Namespace Provider
g.NetIQ Aegis Business Service
NOTE: The NetIQ Aegis Business Service can be stopped at any time, as it operates independently of any of the other core Aegis services.
4.Change the Service Account Passwords for all NetIQ Aegis Services (which should all be stopped by this point).
5.Change the Password for IQSCH SQL Authentication in the Registry (the following key):
NetIQ\AegisIQConnect73\providers\IQSCH -> databasePassword
This is the only component whose password has to be changed in this manner. If the NetIQ Scheduler service is connecting using a Windows account, rather
than a SQL account, this registry key will not exist and thus this step may be skipped.
If you are using SQL authentication for the NetIQ Scheduler service (IQSCH), so you WILL need to make this change. It is easiest to do so from a Command
Prompt (making sure that the command prompt is running ‘As Administrator’):
C:\Program Files(x86)\NetIQ\Aegis\IQConnect73\bin\cryptreg.exe encryptitem AegisIQConnect73\providers\IQSCH databasePassword Control123
Note that you should replace Control123 with whatever your new SQL Authentication password is for the desired SQL Server Account. If you are unsure what SQL
Server Account you are changing the password for, the Account will be listed in the following registry key:
NetIQ\AegisIQConnect73\providers\IQSCH -> databaseUser
6.Clear cached info from the <install path>\NetIQ\Aegis\IQConnect73\data directory, by deleting all Files and Sub-Directories from the ‘data’ directory,
EXCEPT the PG directory (the PG sub-directory and its contents should NOT be deleted).
7.Enable & Start Aegis Services in the following specific order. Some services may take several seconds to start, this is normal:
a.NetIQ Resource Management Namespace Provider
b.NetIQ Aegis Namespace Provider
c.NetIQ Aegis Namespace Provider (pre-2.2)
d.NetIQ Aegis Engine
e.NetIQ Aegis Activity Broker (dependency on the NetIQ Aegis Engine)
f.NetIQ Aegis Correlation Engine (dependency on the NetIQ Aegis Engine)
g.NetIQ Aegis Business Services
NOTE: One of more of the NetIQ Aegis services may start automatically once the NetIQ Aegis Engine has started, this is OK. Just start the remaining services
in the order they are listed above.
8.Verify that all services are started and that none of them are erroring out.
If you encounter any issues relating to authentication after stepping through this process, please contact NetIQ Technical Support for assistance.