April 21, 2015 at 10:53 am
I have been tasked with changing the password for our SQL Clusters, running Win2008R2 \ SQL2008R2 SP2
I have seen different opinions on how to do this. Some say you must use the Config Manager for the active node then update it on the passive node via the Services panel. Some simply use the services panel on both nodes.
Our security team has a password vault application/software that keeps track of all service ID/passwords and you can have it update the services automatically which doesn't cause an outage on Win2008. I am assuming it changes the password in the services panel but doesn't really take effect until you restart SQL Server.
What have other folks done in Clusters for changing just the password for existing Win2008\SQL2008R2 clusters service ID?
April 23, 2015 at 9:16 am
We have routine password changes every few months which we tie in with when we are doing windows OS patching as more often than not we need to restart the servers post patching. This is how we do it.
1. Change the password for the service account in AD.
2. Change the password on the passive node in services and then failover to this node
3. Change the password on what was the active node in services
4. Patch what is now the passive node.
5. Failback the next day
4. Patch what is now the passive node.
I know Microsoft advise that you should not change the password in services, for reasons I'll let you read up on. It does not cause any issues with the way our system is setup.
MCITP SQL 2005, MCSA SQL 2012
April 23, 2015 at 9:22 am
Great. Thank You for the response.
May 12, 2015 at 6:56 am
RTaylor2208, we just did the change early this morning on a Non Prod Cluster and it worked just fine as you stated.
Thanks.
May 12, 2015 at 7:19 am
Your welcome, thanks for the update.
MCITP SQL 2005, MCSA SQL 2012
May 13, 2015 at 4:17 am
Markus (4/21/2015)
Some say you must use the Config Manager for the active node
Correct
Markus (4/21/2015)
then update it on the passive node via the Services panel.
Incorrect and I'll tell you why.
The registry hive and settings for the clustered SQL server role are replicated between the nodes. Updating the password on the active node successfully will replicate to the partner.
Markus (4/21/2015)
Our security team has a password vault application/software that keeps track of all service ID/passwords and you can have it update the services automatically which doesn't cause an outage on Win2008. I am assuming it changes the password in the services panel but doesn't really take effect until you restart SQL Server.
All changes to the sql server config should be done via config manager and not services.msc, this is not recommended by Microsoft.
Markus (4/21/2015)
What have other folks done in Clusters for changing just the password for existing Win2008\SQL2008R2 clusters service ID?
As above , top
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply