File Sync Version Affected: Verified with FileSync Version 4.0.13 and 188.8.131.52
A randomized local service account created during installation of FileSync and you want to change the name and also the password of that account.
1. Stop FileSync service on all SecureAuth IdP servers of the cluster.
2. On Primary server, Under Computer Management --> Local Users and Groups --> Users
Re-name FileSync service account and Set the new password.
3. On Primary server, open Services.msc --> SecureAuth File sync service -->Re-add the service account in the "Logon" tab and re-type the new password ( Change the location to your Local Appliance and enter the service account name to find it ).
4. Repeat Steps 2 and 3 for all replica nodes.
5. On all SecureAuth IdP servers of the cluster, under Computer Management--> Shared Folders --> Shares--> Go to Properties of FileSync share --> verify that the FileSync service account name is changed under the "Shares permissions" and "Security" tab.
6. On all SecureAuth IdP servers of the cluster, Go to D:\SecureAuth --->Properties-->Security, verify that the service account name is changed here and also verify the required permission.
7. On all SecureAuth IdP servers of the cluster, open Group Policy Object Editor (gpedit.msc).
Computer Configuration --> Windows Settings --> Security Settings ---> Local Policies ---> User Rights Assignment.
Verify that the service account name is changed which is added under "logon as a service" and "Deny logon locally"
8. On all SecureAuth IdP servers of the cluster, open Registry ( regedit )--> HKEY_LOCAL_MACHINE\Systems\ControlSet001\Services\SecureAuthFileSyncServiceAllinOne
Verify that "ObjectName" is changed to the new name of the service account.
9. On all SecureAuth IdP servers of the cluster, open Registry ( regedit ) --> HKEY_LOCAL_MACHINE\Software\SecureAuth\FileSync
"Replication Account" name will not change here and needs to be changed manually.
As this registry is an informational registry so it's safe to change the name manually.
10. Start FileSync service on all IdP servers of the cluster.
11. Verify FileSync working by looking into the Event viewer and by making changes on Realm.
Note: If you are changing the name of the service account, it needs to have the new account permissions added at C:\Windows\System32\inetsrv\config\ApplicationHost.Config or it will error out on the secondary.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.