Monday, July 04, 2005

Assign new logon service account for SharePoint services

Following are the steps for changing a SharePoint logon service account. You may find theses steps useful if you need to change the SharePoint services domain account for some reason after completing the configuration. Please create the new account by performing the following steps:

Reset the index for Portal_Content and Non_Portal_Content.

Enable advanced search administration mode, this will create an additional section called Content Indexes on the Configure Search and Indexing page. The steps are:

  • On the Site Settings page, in the Search Settings and Indexed Content section, click Configure search and indexing
  • On the Configure Search and Indexing page, in the General Content Settings and Indexing Status section, click Enable advanced search administration mode.
  • On the Enable Advanced Search Administration Mode page, click OK.

Then perform the following steps to reset the index:

  • On the Site Settings page, in the Search Settings and Indexed Content section, click Configure search and indexing.
  • On the Configure Search and Indexing page, in the Content Indexes section, click Manage content indexes.
  • On the Manage Content Indexes page, rest the pointer on the index name, and then click the arrow that appears.
  • On the menu that appears, click Reset Content Index.
  • On the message box that appears, click OK.Resetting the index stops any updates that are in progress and empties the index completely.In a server farm configuration, the old index exists on the search servers until you force propagation.
  • After you reset a content index, you must perform a full update. (Wait till you complete the rest of the steps.).To do this:1. On the Manage Content Indexes page, rest the pointer on the index name, and then click the arrow that appears.2. On the menu that appears, click Full Update.


Create a Domain Logon Name 'SPSAdmin' with Password Never Expires

Join the domain name in Local Administrator, IIS_WPG,STS_WPG,SPS_WPG,SPS-Query Groups.

Add the 'SPSAdmin' in SQL Enterprise Manager with Server roles as Database Creators, Security Administrator, System Administrator.

  • Start SQL Server Enterprise Manager.
  • Expand Microsoft SQL Servers, expand the server group, expand the appropriate server, and then expand Security.
  • Right-click Logins, and then click New Login.
  • Type the account name in the Name box. Use the following format for the account name:
  • DomainName \ AccountName
  • Note If SQL Server is installed on a separate computer and you want to run the application pool as the Network Service account, the computer that is running Windows SharePoint Services must have permissions to access the remote computer that is running SQL Server. On the remote computer that is running SQL Server, add the DomainName \ ServerName $ account to the Database Creators role and to the Security Administrators role.
  • Click the Server Roles tab.
  • In the Server Role list, click to select the Security Administrators check box, and then click to select the Database Creators, Security Administrator and System Administrator check boxes. Click OK.

Assign the 'SPSAdmin' in Server Farm Account Settings.

  • On the SharePoint Portal Server Central Administration for server_name page, in the Server Configuration section, click Configure Server Farm Account Settings.
  • On the Configure Server Farm Account Settings page, in the Default Content Access Account section, do the following:
  • Select the Specify account check box.
  • In the User name (DOMAIN\user name) box, type the user name in the format DOMAIN\user_name.
  • In the Password box, type the password for the account.
  • In the Confirm Password box, type the password again.
  • On the Configure Server Farm Account Settings page, in the Configuration Database Administration Account section, do the following:
  • Select the Specify account check box.
  • In the User name (DOMAIN\user name) box, type the user name in the format DOMAIN\user_name.
  • In the Password box, type the password for the account.
    In the Confirm Password box, type the password again.
  • If you don’t do this step, you will receive (The gatherer index was not initialized. The content index must be remounted. If the index is still not initialized, remove it.) error message.
  • Click OK.

Assign the 'SPSAdmin' in for the Application Pools used for the portal sites.

  • On the Configure Server Farm Account Settings page, in the Portal Site Application Pool Identity section, do the following:
  • Select the Specify account check box.
  • In the User name (DOMAIN\user name) box, type the user name in the format DOMAIN\user_name.
  • In the Password box, type the password for the account.
    In the Confirm Password box, type the password again.

Once all steps are performed please don't forget to replace the logon details (username / password) for the 'SPSAdmin' account for each SharePoint service (before reboot).

5 Comments:

At 1:38 AM, Anonymous Lorna said...

We are required to change passwords on all of our accounts every 120 days. When we did this we haven't been able to reset to the Configuration database and indexes aren't working. We have changed the AppPool, the service accounts, the scheduled jobs the WPG'S, SPS-Query Groups and checked the SQL Server login, and our third party software DocAve and Nintex. Do you have any other suggestions.

 
At 2:27 PM, Anonymous steveg said...

Firstly try change your policy on the 120 day thing. Argue passionately that the risk of downtime (as exhibited) exceeds the risk of anything bad happening. If it's a business critical system that's down, tack on a $ figure. You'll need to state the account you're using is locked-down, appropriate-privilge etc.

I'm currently fixing up exactly the same sort of problem with a changed password (made a bit worse because I went in gung-ho).

 
At 10:50 PM, Blogger Malcolm said...

Commenters may find this MS Support article useful:

http://support.microsoft.com/kb/837813

 
At 3:15 AM, Anonymous Anonymous said...

"In the Server Role list, click to select the Security Administrators check box, and then click to select the Database Creators, Security Administrator and System Administrator check boxes. Click OK. "

Why would you need to check other server roles, if you are checking sysadmin?

2nd, why does DocAve require SysAdmin?

 
At 10:28 AM, Blogger markeiben said...

How do you change the spsadmin password in mssql manager? I changed the password in windows and in the service but do not know how to change it in mssql manager. Can someone please help me?

 

Post a Comment

<< Home