How to Solve: Service Accounts Losing Passwords?
Points of My Scenario
1. I am admin of a Windows Server 2003 domain.
2. Member servers use domain accounts to run services for various enterprise applications.
3. Whenever a server restarts, services that depend on a domain account fail to start automatically - eventhough they are configured to start automatically.
4. To temporarily fix this issue, the password for the account has to be re-entered in the "Log On" tab of the service's properties.
How can I ensure that services using these domain accounts automatically start when the relevant member server restarts?
1. I am admin of a Windows Server 2003 domain.
2. Member servers use domain accounts to run services for various enterprise applications.
3. Whenever a server restarts, services that depend on a domain account fail to start automatically - eventhough they are configured to start automatically.
4. To temporarily fix this issue, the password for the account has to be re-entered in the "Log On" tab of the service's properties.
How can I ensure that services using these domain accounts automatically start when the relevant member server restarts?
Last Comment
I would make sure those accounts have non-expiring passwords and that those specific accounts cannot, themselves, change the password.
ASKER
To Aquatone:
1. These accounts do have non-expiring passwords.
2. These accounts were NOT configured to prevent users from changing passwords.
3. However, I know that the passwords were not changed because: the original passwords always work when re-entered in the service's "Log On" properties.
Any thoughts - especially on point #3?
1. These accounts do have non-expiring passwords.
2. These accounts were NOT configured to prevent users from changing passwords.
3. However, I know that the passwords were not changed because: the original passwords always work when re-entered in the service's "Log On" properties.
Any thoughts - especially on point #3?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Yes: these accounts do have the "Log on as a service" right (configured by Group Policy). Thanks, though.
What groups are these accounts member of? AD or local accounts?
ASKER
To Aquatone: They are members of the local administrators group for the member server on which the relevant app is deployed.
Ok. That is usually all that is needed but does the app access directory resources? It may need to be a part of the domain for this purpose.
ASKER
To Aquatone:
1. The apps do not access directory resources.
2. Nonetheless, the service accounts are all domain accounts.
3. I place these domain accounts into the local Administrators group of each app server.
4. Remember that the service and application works - as long as the server does not restart.
5. When a restart causes the service to fail, the only action that is required is to re-enter the same password of the service account into the service's properties "Log On" tab.
1. The apps do not access directory resources.
2. Nonetheless, the service accounts are all domain accounts.
3. I place these domain accounts into the local Administrators group of each app server.
4. Remember that the service and application works - as long as the server does not restart.
5. When a restart causes the service to fail, the only action that is required is to re-enter the same password of the service account into the service's properties "Log On" tab.
ASKER
To Aquatone: The accounts did not have the "Log on as a service" right due to cascading GPOs assigned at differing levels of OU. Once this right was set to "Unconfigured" for all cascading OUs, everything worked.
Many thanks, Aquatone - you were right!
Many thanks, Aquatone - you were right!
Windows Server 2003
Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
