locked
Management Account Password Change RRS feed

  • Question

  • The Password for the Domain User Account we used for Forefront was changed, and now the MOM Service on the server will not start... it starts then stops.

    When the user account password changed in AD, we also changed the password for all of the SQL services, and then the MOM Data Access Server Identity, and then went through the configuration in the forefront managment console to change the password there.

    The Event IDs that are reported are 9000 and 9029.

    I have tried resetting the action account using setactionaccount.exe as I saw in other threads, but I get a message saying "the configuration group is not configured to use a user account"

    I am stuck :(

    Tuesday, January 10, 2012 10:13 PM

Answers

  • Turns out that you may have to use PowerShell in Administrative tools to set the action account.  In my case I am running Windows Server 2008 in a virtualized environment using HyperV

     This thread indicates that another person may have been in the same situation, but it is not clear.  Shibu From Microsoft helped me identify what they were doing.

    I was not familiar with PowerShell so I had to learn that you cannot directly type in the change directory if it has spaces ie
    cd c:\Program Files

    instead you must type cd c:\Program and then hit the tab key until you get the folder you want.  then cd to the next directory and so on until you are here:

    PS D:\Program Files\Microsoft Forefront\Client Security\Server\Microsoft Operations Manager 2005>

    then type the Set Action Account command like this

    .\SetActionAccount.exe ForefrontClientSecurity -set YOURDOMAIN YOURUSERNAME

    at which point it will prompt you for your password.

     

    On another note, if your pass word has spaces in it, then you cannot just put it all in the command
    SetActionAccount.exe config -set domain username [password]

    instead you need to just use SetActionAccount.exe config -set domain username

    • Marked as answer by Rick Tan Thursday, January 19, 2012 9:25 AM
    Wednesday, January 18, 2012 7:46 PM

All replies

  • Hi,

    Thank you for your post.

    “The configuration group is not configured to use an user account for the Action Account.  Please run Setup to modify the action account settings.”

    You need to open FCS console and action menu run Config, input new password and complete FCS configuration Wizard. Here is a simliar thread you could take a reference.

    If there are more inquiries on this issue, please feel free to let us know.

    Regards,


    Rick Tan

    TechNet Community Support

    Thursday, January 12, 2012 5:12 AM
  • I have done this several times, and rebooted inbetween because I found a post that said they needed to reboot after running config.

    also if I simply -query the action account it says that it is not set.

    Thursday, January 12, 2012 2:42 PM
  • Hi,

    Since just your account password changed, the error may indicate your FCS ConfigurationGroup not input correctly.
    SetActionAccount.ext ForefrontClientSecurity -query
    By default the ConfigurationGroup value is ForefrontClientSecurity that you could confirm it in the FCS console configure wizard.

    I test the procedure below and the MOM service start successful:
    1. Change the MOM Action service account password from ADUC(The account is also used for Reporting/DAS/DTS service account). It result to MOM service couldn't start.
    2. Change the three SQL service password for the account:SQL server(FCS), SQL Server Agent(FCS), SQL server FullText Search(FCS)
    3. Change the password for Reporting/DAS/DTS account refer to About service accounts article.
    4. Run the FCS console configure wizard
    5. Run the command: SetActionAccount.ext ForefrontClientSecurity -set domain account password
    6. Start MOM service successful(service start with Network Service account)

    Furthermore, ensure the account is granted local admin rights to start MOM service(KB883347).

    Regards,


    Rick Tan

    TechNet Community Support

    Friday, January 13, 2012 2:32 AM
  • Rick, Thank you for your help.

    I have completed the steps that you suggested, many times infact.

    1. Changed the SQL Services Passwords now services are all running
    2. Changed both Reporting, DAS, DTS acording to the directions in the link
    3. Ran the FCS Console Configuration Wizard and everything completed successfully
    4. Attempted using SetActionAccount.exe but cannot get it to work.

    SetActionAccount.exe ForefrontClientSecurity -query
    Returns: "Action Account is not Configured.  It will default to running under the services process identity"

    SetActionAccount.exe ForefrontClientSecurity -set myDOMAIN myUSERNAME [my password]
    Returns: The usage instructions

    SetActionAccount.exe ForefrontClientSecurity -set myDOMAIN myUSERNAME
    Returns: "the configuration group is not configured to use an user account for the Action Account.  Please run Setup to modify the action account settings"

     


    • Edited by Pisteuon Monday, January 16, 2012 3:53 PM
    Monday, January 16, 2012 2:31 PM
  • Turns out that you may have to use PowerShell in Administrative tools to set the action account.  In my case I am running Windows Server 2008 in a virtualized environment using HyperV

     This thread indicates that another person may have been in the same situation, but it is not clear.  Shibu From Microsoft helped me identify what they were doing.

    I was not familiar with PowerShell so I had to learn that you cannot directly type in the change directory if it has spaces ie
    cd c:\Program Files

    instead you must type cd c:\Program and then hit the tab key until you get the folder you want.  then cd to the next directory and so on until you are here:

    PS D:\Program Files\Microsoft Forefront\Client Security\Server\Microsoft Operations Manager 2005>

    then type the Set Action Account command like this

    .\SetActionAccount.exe ForefrontClientSecurity -set YOURDOMAIN YOURUSERNAME

    at which point it will prompt you for your password.

     

    On another note, if your pass word has spaces in it, then you cannot just put it all in the command
    SetActionAccount.exe config -set domain username [password]

    instead you need to just use SetActionAccount.exe config -set domain username

    • Marked as answer by Rick Tan Thursday, January 19, 2012 9:25 AM
    Wednesday, January 18, 2012 7:46 PM