How to update the Vault Service account password from the EVBAAdmin page
Article ID: 100061624
Updated On:
Description
Description
This article contains the steps to update the Vault Service account password from the EVBAAdmin page.
Updating the Vault Service account password from the EVBAAdmin page
- Open the EVBAAdmin page with admin privileges.
- Click on the Service Account tab.
- In the Update Accelerator Service Account section:
- Enter the username (domain/username format) and the password in the respective fields.
- Click Update.
- Reboot the Accelerator server.
Possible Warnings in the Application Event Log for Event ID 1309 and Event ID 1310:
Log Name: Application
Source: ASP.NET 4.0.30319.0
Event ID: 1309
Task Category: Web Event
Level: Warning
Keywords: Classic
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: ...
Event time (UTC): ...
Event ID: ...
Event sequence: ...
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/...
Trust level: Full
Application Virtual Path: /
Application Path:
Machine name:
Process information:
Process ID: X
Process name: w3wp.exe
Account name: IIS APPPOOL\SupervisionApi
Exception information:
Exception type: HttpException
Exception message: Login failed for user '
at System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app)
at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
Login failed for user '
at Symantec.EnterpriseVault.DatabaseAccess.EVSqlBase.Do[T](Func`1 action)
at Symantec.EnterpriseVault.DatabaseAccess.EVSqlBase.Do(Action action)
at Symantec.EnterpriseVault.DatabaseAccess.EVSqlConnection.Open()
at KVS.Accelerator.Common.ConfigurationDBUtils.GetConfigSetting(String configKey)
at KVS.Accelerator.Common.ConfigurationDBUtils.GetProductType()
at KVS.Accelerator.Common.TasksModuleInfo.get_ProductTypeInstalled()
at Veritas.Supervision.ApiEndpoint.Web.FilterConfig.RegisterGlobalFilters(HttpFilterCollection filters)
at Veritas.Supervision.ApiEndpoint.Web.WebApiApplication.Application_Start()
Request information:
Request URL: http://localhost:82/api/appsettings/producttype
Request path: /api/appsettings/producttype
User host address: 127.0.0.1
User:
Is authenticated: False
Authentication Type:
Thread account name: IIS APPPOOL\SupervisionApi
Thread information:
Thread ID: X
Thread account name: IIS APPPOOL\SupervisionApi
Is impersonating: False
Stack trace: at System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app)
at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
Log Name: Application
Source: ASP.NET 4.0.30319.0
Event ID: 1310
Task Category: Web Event
Level: Warning
Keywords: Classic
Description:
Event code: 3008
Event message: A configuration error has occurred.
Event time: ...
Event time (UTC): ...
Event ID: ...
Event sequence: ...
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/...
Trust level: Full
Application Virtual Path: /
Application Path:
Machine name:
Process information:
Process ID: X
Process name: w3wp.exe
Account name:
Exception information:
Exception type: ConfigurationErrorsException
Exception message: An error occurred executing the configuration section handler for system.web/identity.
at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'The user name or password is incorrect.
' (
at System.Web.Configuration.IdentitySection.InitializeToken()
at System.Web.Configuration.IdentitySection.get_ImpersonateToken()
at System.Web.Configuration.IdentitySection.ValidateCredentials()
at System.Web.Configuration.IdentitySection.GetRuntimeObject()
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObjectWithRestrictedPermissions(ConfigurationSection section)
at System.Configuration.RuntimeConfigurationRecord.GetRuntimeObject(Object result)
Request information:
Request URL: http://localhost:82/api/appsettings/producttype
Request path: /api/appsettings/producttype
User host address: 127.0.0.1
User:
Is authenticated: False
Authentication Type:
Thread account name:
Thread information:
Thread ID: X
Thread account name:
Is impersonating: False
Stack trace: at System.Web.HttpRuntime.FirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context)
at System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context)
Possible entries in a DTrace log of the W3WP process:
[1234] (w3wp) <5678> EV-L {EVSqlBase.ShouldExcludeSqlException} Error 'Login failed for user '
[1234] (w3wp) <5678> EV-L {EVSqlBase.ShouldRetry} Error 'Login failed for user '
[1234] (w3wp) <5678> EV-H {EVSqlBase.LogFailureAndThrow} Failed to execute 'EVSqlConnection: DB: Data Source=
How to manually update the VSA credentials for Thin Client/Web UI access from CFT-5521
1. Open an administrative/elevated command prompt at the root of the newest .NET Framework folder on the Accelerator server (.NET Framework 4 is used in the example):
1.1. Click Start | Right-click Command Prompt | Click Run as administrator.
1.2. Change directory to the %Windir%\Microsoft.NET\Framework\v4.x folder.
2. Decrypt the existing Vault Service Account (VSA) credentials:
2.1. Confirm the path of the Accelerator Server installation folder. The default path is C:\Program Files (x86)\Enterprise Vault Business Accelerator. The file needing to be decrypted is in this path under \SupervisionApi\ for Compliance Accelerator/Surveillance (CA) or \AuditingApi\ for Discovery Accelerator/eDiscovery (DA).
2.2. At the command prompt, enter and execute the following command with the correct path (default path used in the example).
2.2.1. For CA:
aspnet_regiis.exe -pdf "system.web/identity" "C:\Program Files (x86)\Enterprise Vault Business Accelerator\SupervisionApi"
2.2.2. For DA:
aspnet_regiis.exe -pdf "system.web/identity" "C:\Program Files (x86)\Enterprise Vault Business Accelerator\AuditingApi"
A successful decryption will list the following message:
Decrypting configuration section...
Succeeded!
2.3. Leave the command prompt open.
3. Edit the VSA credentials:
3.1. Open the web.config file under \SupervisionApi\ for CA or \AuditingApi\ for DA using Notepad. The user credentials will be listed in plain text in the
3.2. Edit the VSA password as needed.
3.3. Save and close the web.config file.
4. Encrypt the existing Vault Service Account (VSA) credentials:
4.1. At the command prompt, enter and execute the following command with the correct path (default path used in the example).
4.1.1. For CA:
aspnet_regiis.exe -pef "system.web/identity" "C:\Program Files (x86)\Enterprise Vault Business Accelerator\SupervisionApi"
4.1.2. For DA:
aspnet_regiis.exe -pef "system.web/identity" "C:\Program Files (x86)\Enterprise Vault Business Accelerator\AuditingApi"
A successful encryption will list the following message:
Encrypting configuration section...
Succeeded!
4.2. Verify the credentials are encrypted by opening the web.config file using Notepad and reviewing the
4.3. Close the Command Prompt window.
5. Complete the credentials edit:
5.1. Update the services in the Services.msc console, if not already done:
5.1.1. Right-click the Enterprise Vault Accelerator Manager Service, click on Properties, then update the VSA credentials in the Log On tab and click on OK.
5.1.2. Right-click the Enterprise Vault IR Classifier Service (CA 14.3 and newer), click on Properties, then update the VSA credentials in the Log On tab and click on OK.
5.1.3. Right-click the Enterprise Vault IR Model Builder Service (CA 14.3 and newer), click on Properties, then update the VSA credentials in the Log On tab and click on OK.
5.2. Either reboot the Accelerator server (recommended) or restart the services from the Services.msc console as follows:
5.2.1. Stop the Enterprise Vault Accelerator Manager Service.
5.2.2. Stop the Enterprise Vault IR Classifier Service (CA 14.3 and newer).
5.2.3. Stop the Enterprise Vault IR Model Builder Service (CA 14.3 and newer).
5.2.4. Restart the IIS Admin Service.
5.2.5. Start the Enterprise Vault Accelerator Manager Service.
5.2.6. Start the Enterprise Vault IR Classifier Service (CA 14.3 and newer).
5.2.7. Start the Enterprise Vault IR Model Builder Service (CA 14.3 and newer).
Issue/Introduction
Additional Information
