EV Admin Service's password automaticaly changed ?!? (V5 SP3) - Veritas

This is a discussion on EV Admin Service's password automaticaly changed ?!? (V5 SP3) - Veritas ; Dear All, I'm running all EV Services under dedicated AD service account which has the Admin rights to Exchange server and KVS/SQL server - I suppose this is usual situation. Every 3 months I restart the KVS/SQL server and there ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: EV Admin Service's password automaticaly changed ?!? (V5 SP3)

  1. EV Admin Service's password automaticaly changed ?!? (V5 SP3)


    Dear All,

    I'm running all EV Services under dedicated AD service account which has
    the Admin rights to Exchange server and KVS/SQL server - I suppose this is
    usual situation.

    Every 3 months I restart the KVS/SQL server and there is an recurring problem
    with startup of all services because the: Enterprise Vault Admin Service
    service failed to start due to the following error: The service did not start
    due to a logon failure.

    The team who is repsonsible for this AD account says that they didn't change
    the password. In addition they say that this is the fault of KVS which somehow
    changes the password in the Windows Services tab so the the service is not
    able to autenticate.

    Do you have any idea/experiene regarding such a problem?

    Kind Regards,
    Blaze


  2. Re: EV Admin Service's password automaticaly changed ?!? (V5 SP3)


    Does your service account have special characters in it? Try taking any special
    characters out, you will probably find it doesnt happen again.

    Rumour has it its some sort of undocumented bug that is fixed in a later
    service pack.

    "Blaze" wrote:
    >
    >Dear All,
    >
    >I'm running all EV Services under dedicated AD service account which has
    >the Admin rights to Exchange server and KVS/SQL server - I suppose this

    is
    >usual situation.
    >
    >Every 3 months I restart the KVS/SQL server and there is an recurring problem
    >with startup of all services because the: Enterprise Vault Admin Service
    >service failed to start due to the following error: The service did not

    start
    >due to a logon failure.
    >
    >The team who is repsonsible for this AD account says that they didn't change
    >the password. In addition they say that this is the fault of KVS which somehow
    >changes the password in the Windows Services tab so the the service is not
    >able to autenticate.
    >
    >Do you have any idea/experiene regarding such a problem?
    >
    >Kind Regards,
    >Blaze
    >



  3. Re: EV Admin Service's password automaticaly changed ?!? (V5 SP3)


    Hi MB,

    do you mean a bug in AD? I'm not aware of any EV code that attempts to change
    service account passwords? I agree re avoid special characters though.

    Blaze - is the account locked out? If you unlock it then can you log in
    using the old password? My guess would be yes and yes, if so then check
    the account hasn't got a password expiry timeout on it. Sound like you have
    an AD policy to require password changs very 90 days.

    David
    http://messy.bravehost.com/


    "MB" wrote:
    >
    >Does your service account have special characters in it? Try taking any

    special
    >characters out, you will probably find it doesnt happen again.
    >
    >Rumour has it its some sort of undocumented bug that is fixed in a later
    >service pack.
    >
    >"Blaze" wrote:
    >>
    >>Dear All,
    >>
    >>I'm running all EV Services under dedicated AD service account which has
    >>the Admin rights to Exchange server and KVS/SQL server - I suppose this

    >is
    >>usual situation.
    >>
    >>Every 3 months I restart the KVS/SQL server and there is an recurring problem
    >>with startup of all services because the: Enterprise Vault Admin Service
    >>service failed to start due to the following error: The service did not

    >start
    >>due to a logon failure.
    >>
    >>The team who is repsonsible for this AD account says that they didn't change
    >>the password. In addition they say that this is the fault of KVS which

    somehow
    >>changes the password in the Windows Services tab so the the service is

    not
    >>able to autenticate.
    >>
    >>Do you have any idea/experiene regarding such a problem?
    >>
    >>Kind Regards,
    >>Blaze
    >>

    >



  4. Re: EV Admin Service's password automaticaly changed ?!? (V5 SP3)


    this account is called: "s-kvsaccount" - so I don't see any special letters
    in it
    in addition it has the option "password never expires" in AD

    are we talking about the bug in AD or KVS?
    my AD experts advised me to get in touch with Symantec in order to fix this
    issue,
    but I still can't believe that this service would be able to change this
    automaticaly

    it's really strange for me...


    "David" wrote:
    >
    >Hi MB,
    >
    >do you mean a bug in AD? I'm not aware of any EV code that attempts to

    change
    >service account passwords? I agree re avoid special characters though.
    >
    >Blaze - is the account locked out? If you unlock it then can you log in
    >using the old password? My guess would be yes and yes, if so then check
    >the account hasn't got a password expiry timeout on it. Sound like you

    have
    >an AD policy to require password changs very 90 days.




  5. Re: EV Admin Service's password automaticaly changed ?!? (V5 SP3)


    Blaze,

    Are there any spcial characters in the password rather than the account name?
    If so, I'd take them out.

    Next time you restart your server, check all the EV services are running
    OK, then set the EV services all to disabled. Once the server is back up
    try loggining in to it with s-kvsaccount. Ifyou get on to the box ok then
    try to start the EV Admin Service (un-set disabled first). If it does not
    start then it's account permissions on the Services have indeed been changed
    but I'd be surprised if EV did it.

    By the way - I restart all my EV services every day. MAPI is pretty famous
    for nasty memory leaks.


    David
    http://messy.bravehost.com/

    "Blaze" wrote:
    >
    >this account is called: "s-kvsaccount" - so I don't see any special letters
    >in it
    >in addition it has the option "password never expires" in AD
    >
    >are we talking about the bug in AD or KVS?
    >my AD experts advised me to get in touch with Symantec in order to fix this
    >issue,
    >but I still can't believe that this service would be able to change this
    >automaticaly
    >
    >it's really strange for me...
    >
    >
    >"David" wrote:
    >>
    >>Hi MB,
    >>
    >>do you mean a bug in AD? I'm not aware of any EV code that attempts to

    >change
    >>service account passwords? I agree re avoid special characters though.
    >>
    >>Blaze - is the account locked out? If you unlock it then can you log in
    >>using the old password? My guess would be yes and yes, if so then check
    >>the account hasn't got a password expiry timeout on it. Sound like you

    >have
    >>an AD policy to require password changs very 90 days.

    >
    >



  6. Re: EV Admin Service's password automaticaly changed ?!? (V5 SP3)


    Blaze,

    thinking on I might be being an idiot here. If your SQL is on the same server
    and you are rebooting is it possible that EV is trying to start before the
    SQL service is fully up? If so, it won't be able to log in to SQL and get
    it's configuration.

    If following a reboot nothing is locked out and if you wait 10 minutes and
    try to start the EV services (Admin first) then this could be it. With Windows
    2000 onwards you can place a dependency in the EV Admin service so it won't
    start until the SQL is up. I've never done this myself but the theory looks
    sound.


    David
    http://messy.bravehost.com/

  7. Re: EV Admin Service's password automaticaly changed ?!? (V5 SP3)


    Sorry I did mean special characters in the password, not the account name.
    I have definately seen similar issues with special characters in the password.

    "David" wrote:
    >
    >Blaze,
    >
    >thinking on I might be being an idiot here. If your SQL is on the same

    server
    >and you are rebooting is it possible that EV is trying to start before the
    >SQL service is fully up? If so, it won't be able to log in to SQL and get
    >it's configuration.
    >
    >If following a reboot nothing is locked out and if you wait 10 minutes and
    >try to start the EV services (Admin first) then this could be it. With

    Windows
    >2000 onwards you can place a dependency in the EV Admin service so it won't
    >start until the SQL is up. I've never done this myself but the theory looks
    >sound.
    >
    >
    >David
    >http://messy.bravehost.com/



  8. Re: EV Admin Service's password automaticaly changed ?!? (V5 SP3)


    which characters are special?

    as the matter of fact this account is not under my resp. (there is a separated
    Exchange team in my company) so I would advise them which characters they
    should avoid

    "MB" wrote:
    >
    >Sorry I did mean special characters in the password, not the account name.
    >I have definately seen similar issues with special characters in the password.
    >
    >"David" wrote:
    >>
    >>Blaze,
    >>
    >>thinking on I might be being an idiot here. If your SQL is on the same

    >server
    >>and you are rebooting is it possible that EV is trying to start before

    the
    >>SQL service is fully up? If so, it won't be able to log in to SQL and

    get
    >>it's configuration.
    >>
    >>If following a reboot nothing is locked out and if you wait 10 minutes

    and
    >>try to start the EV services (Admin first) then this could be it. With

    >Windows
    >>2000 onwards you can place a dependency in the EV Admin service so it won't
    >>start until the SQL is up. I've never done this myself but the theory

    looks
    >>sound.
    >>
    >>
    >>David
    >>http://messy.bravehost.com/

    >



  9. Re: EV Admin Service's password automaticaly changed ?!? (V5 SP3)


    Blaze,

    the only bug I've seen in AD was if you used Alt+number combinations to produce
    "very special" characters. e.g. right-alt plus 234 is (Euro). You'd have
    to be pretty paranoid to start putting these in your passwords (but I've
    seen people who do!)

    I don't think you have answered the Qs though. Is the account atually getting
    locked out?


    David
    http://messy.bravehost.com/



+ Reply to Thread