locked
Healthservice.exe - cached account credentials RRS feed

  • Question

  • Hello,

    We used a standard Active Directory account as a temporary authentication for our AD connector.  This has worked fine for months until the account password was changed as it is also being used for something else.  The AD connector is now working correctly using a service account (as it should have been in the first place!) however the original AD account is now getting account lockouts because the healthservice.exe on our SCSM server is still 'checking' these credentials against AD.

    Is there a simple way to remove where these credentials have been stored?

    Thanks in advance for any assistance.

    Paul

     

    Wednesday, January 18, 2012 11:51 AM

Answers

  • I opened a case with Microsoft and we have solved our incident:

    The user account was linked to the database of Service Manager, so we proceeded to remove.

    In our particular case It listed the user to perform this query on the db ServiceManager

    select * from CredentialManagerSecureStorage

    Dnd then delete the registry and reboot the services and everything went back to work.

    Friday, April 27, 2012 10:07 PM

All replies

  • Hello,

    We used a standard Active Directory account as a temporary authentication for our AD connector.  This has worked fine for months until the account password was changed as it is also being used for something else.  The AD connector is now working correctly using a service account (as it should have been in the first place!) however the original AD account is now getting account lockouts because the healthservice.exe on our SCSM server is still 'checking' these credentials against AD.

    Is there a simple way to remove where these credentials have been stored?

    Thanks in advance for any assistance.

    Paul

     

    I have the same problem, someone has been able to fix it? Any changes made on the service manager console generates a security event as follows:
    Nombre de registro:Operations Manager
    Origen:        HealthService
    Fecha:         4/19/2012 6:43:33 PM
    Id. del evento:7000
    Categoría de la tarea:(1)
    Nivel:         Error
    Palabras clave:Clásico
    Usuario:       No disponible
    Equipo:        SERVER.example.local
    Descripción:
    The Health Service could not log on the RunAs account EXAMPLE\user for management group .  The error is Logon failure: unknown user name or bad password.(1326L).  This will prevent the health service from monitoring or performing actions using this RunAs account
    Friday, April 20, 2012 11:49 AM
  • I opened a case with Microsoft and we have solved our incident:

    The user account was linked to the database of Service Manager, so we proceeded to remove.

    In our particular case It listed the user to perform this query on the db ServiceManager

    select * from CredentialManagerSecureStorage

    Dnd then delete the registry and reboot the services and everything went back to work.

    Friday, April 27, 2012 10:07 PM
  • Wow... Query to databse.. Why you've just not to remove it from Administration -> Security -> Run as Accounts using SCSM console?

    http://www.scsmsolutions.com/ freemanru (at) gmail (dot) com

    Tuesday, May 1, 2012 3:27 PM
  • I have sam eissue, but the erroneous account is not listed under "Administration -> Security -> Run as Accounts" but it is displayed with "select * from CredentialManagerSecureStorage"!

    Shall I simply delete it from the database?

    Thursday, June 14, 2012 12:59 PM