Forum Discussion

Scott__Hastings's avatar
12 years ago

ADSynchroniser.exe causing failed logins on CA server

Sometime back I changed the VSA Password and since that time, out security team has been opening events for failed logons for the VSA. It specifically points to the ADSynchroniser.exe on the CA Server. Does anyone have some guidance on what I might have missed. CA is working fine.

 

thanks..

  • Scott,

    Please take a look in the CA Client, Configuration tab, Account Information sub-tab.  Check to see if you have the VSA specified for any domain that may be defined.  It could be that someone populated one or more domains in this sub-tab and used the VSA credentials for the account to use to synchronize accounts.

    If you find any domain configured in this sub-tab AND the VSA was specified as the synchronization account, you'll need to update the VSA password for that domain in this sub-tab.

    FYI, if you only have one domain with which to synchronize, you should not need this sub-tab populated with anything as the VSA should already have the necessary permissions within the domain to perform the synchronization operations.

    I know you said CA is working and you're not getting any errors in the event log, so this may just be an exercise in a double check of a configuration setting.

    If you don't find any domain specified in this sub-tab, you can try to re-upload the reports using the current VSA credentials and see if you get any error.  If you do get any error, you'll need to check the SQL Reporting Service configuration to see if the VSA credentials are specified anywhere there, and update as appropriate.

     

  • So you changed the password for the Accelerator services and restarted it?  (just being thorough wink)

    Are there any errors in the EV Log on the CA server?

  • I did Tony.... I also enabled (uploaded) CA Reports.... I just wonder if the password is cached somewhere?

     

    I can't get security to leave me alone   ;-)

  • Scott,

    Please take a look in the CA Client, Configuration tab, Account Information sub-tab.  Check to see if you have the VSA specified for any domain that may be defined.  It could be that someone populated one or more domains in this sub-tab and used the VSA credentials for the account to use to synchronize accounts.

    If you find any domain configured in this sub-tab AND the VSA was specified as the synchronization account, you'll need to update the VSA password for that domain in this sub-tab.

    FYI, if you only have one domain with which to synchronize, you should not need this sub-tab populated with anything as the VSA should already have the necessary permissions within the domain to perform the synchronization operations.

    I know you said CA is working and you're not getting any errors in the event log, so this may just be an exercise in a double check of a configuration setting.

    If you don't find any domain specified in this sub-tab, you can try to re-upload the reports using the current VSA credentials and see if you get any error.  If you do get any error, you'll need to check the SQL Reporting Service configuration to see if the VSA credentials are specified anywhere there, and update as appropriate.

     

  • Kenneth, I unchecked the use specific account. I'll see where it goes from there.

     

    I already re-uploaded the Report. If you guys don'y mind, I'm going to leave this as unsolved and wait and see if secuity opens another ticket.

     

    TY!!

  • Ken, I removed the check from the "use specified account" checkbox and the error came back from our security group today.

     

    Do you have anything else up you sleeve?

     

    Thanks!!

  • Scott,

    I presume the security folks are seeing these logon failures in the Security Event Log on the CA server.  Would it be possible for you to post the information about one of those failed logons?  Replace the domain and account name and any SID information to ensure you keep your account information internal, of course.

    I have another idea, but it's rather drastic.  You can uninstall CA and EV from the CA server.  To do that, you would need to:

    1. Ensure all registry entries, IIS Application Pool and virtual directories, and disk based folders are removed.
    2. Boot the server.
    3. Logon as the local Administrator.
    4. Delete the profile for the Vault Service Account (VSA).
    5. Boot the server again.
    6. Log on as the VSA to establish a new profile.
    7. Install the EV binaries,
    8. Boot the machine again.
    9. Log on as the VSA again.
    10. Install CA and configure it to use the existing configuration database.

    The removal and re-install using these steps should remove all traces of the VSA from the CA server, then create new entries with the new VSA password.

     

  • Hi,

    Do you have any updates on this thread? Do you need more assistance regarding this topic?

    If not then please mark the post that best solves your problem as the answer to this thread.

  • This ended up being a task that triggered these events. Since they events were logged on the DC I didn't have access to the time.

    I re-entered the password for the task (even though it was already correct)

     

    I don't know if there is a resolution, but since you want this closed, I'll close an give credit.