Change FileSync Service Account Name and Password

Follow
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Hybrid
  • On Premises
  • File Sync Version Affected:  Verified with FileSync Version 4.0.13 and 4.1.5.6

    Description:  

    A randomized local service account created during installation of FileSync and you want to change the name and also the password of that account. 

     

    Resolution:  

    1. Stop FileSync service on all SecureAuth IdP servers of the cluster.

    2. On Primary server, Under Computer Management --> Local Users and Groups --> Users
    Re-name FileSync service account and Set the new password.

    3. On Primary server, open Services.msc --> SecureAuth File sync service -->Re-add the service account in the "Logon" tab and re-type the new password ( Change the location to your Local Appliance and enter the service account name to find it ).

    4. Repeat Steps 2 and 3 for all replica nodes.

    5. On all SecureAuth IdP servers of the cluster, under Computer Management--> Shared Folders --> Shares--> Go to Properties of FileSync share --> verify that the FileSync service account name is changed under the "Shares permissions" and "Security" tab.

    6. On all SecureAuth IdP servers of the cluster, Go to D:\SecureAuth --->Properties-->Security, verify that the service account name is changed here and also verify the required permission.

    7. On all SecureAuth IdP servers of the cluster, open Group Policy Object Editor (gpedit.msc).
    Computer Configuration --> Windows Settings --> Security Settings ---> Local Policies ---> User Rights Assignment. 
    Verify that the service account name is changed which is added under "logon as a service" and "Deny logon locally"

    8. On all SecureAuth IdP servers of the cluster, open Registry ( regedit )--> HKEY_LOCAL_MACHINE\Systems\ControlSet001\Services\SecureAuthFileSyncServiceAllinOne

    Verify that "ObjectName" is changed to the new name of the service account.

    9. On all SecureAuth IdP servers of the cluster, open Registry ( regedit ) --> HKEY_LOCAL_MACHINE\Software\SecureAuth\FileSync

     "Replication Account" name will not change here and needs to be changed manually. 
     As this registry is an informational registry so it's safe to change the name manually.

    10. Start FileSync service on all IdP servers of the cluster.
    11. Verify FileSync working by looking into the Event viewer and by making changes on Realm.


    Note: If you are changing the name of the service account, it needs to have the new account permissions added at C:\Windows\System32\inetsrv\config\ApplicationHost.Config or it will error out on the secondary.

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.