SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Best practices Password Change - SQL Failover cluster (3 or 4 node cluster)


Best practices Password Change - SQL Failover cluster (3 or 4 node cluster)

Author
Message
Jayakumar Krishnan
Jayakumar Krishnan
Ten Centuries
Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)

Group: General Forum Members
Points: 1392 Visits: 809
What are the best practice steps to change password for 3 or 4 node (A/A/P or A/A/A/P) SQL failover cluster environments?

I did few times in the following order,


1. change password for are cluster services.
2. In SQL Server Configuration Manager Change the Pwd for SQL services. Start from Active node.
3. Change 1st Active instance and change its other passive nodes
4. Once done on all nodes, failover the instances to another nodes and make the pwd get effected.
5. Do the same for 2nd and 3rd Active instances.
6. Restart the Cluster services one by one to make the pwd get effected.

But still i've questions like ,
Did i do the change in a right order?
Still can we reduce the down time of the resource failure when you do pwd change in the passive nodes?

Or I'm following an incorrect order of pwd change?

Please update your feedback on this.

Jay.

Thanks
Jay
http://www.sqldbops.com
Timothy Ford-473880
Timothy Ford-473880
SSCommitted
SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)SSCommitted (1.7K reputation)

Group: General Forum Members
Points: 1653 Visits: 446
Please confirm that we're discussing AD domain login passwords for the service owners of the various SQL services. I assume so, but need confirmation before we can formulate suggestions for you.

- Tim Ford, SQL Server MVP
http://www.sqlcruise.com
http://www.thesqlagentman.com
http://www.linkedin.com/in/timothyford
Jayakumar Krishnan
Jayakumar Krishnan
Ten Centuries
Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)

Group: General Forum Members
Points: 1392 Visits: 809
Yes, I'm talking about periodic Cluster and SQL Service Account pwd Change (Domain account).

Thanks
Jay
http://www.sqldbops.com
Rudyx - the Doctor
Rudyx - the Doctor
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10732 Visits: 2503
Step 3 is not needed since Cluster Services replicates the change to the other nodes.

Regards
Rudy Komacsar
Senior Database Administrator

"Ave Caesar! - Morituri te salutamus."
Rudyx - the Doctor
Rudyx - the Doctor
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10732 Visits: 2503
Hit the wrong button ...

Let me clarify - Step 3 is needed. However the second part about changing the passive nodes is not needed since cluster services should replicate the changes across the inactive nodes.

Regards
Rudy Komacsar
Senior Database Administrator

"Ave Caesar! - Morituri te salutamus."
Jayakumar Krishnan
Jayakumar Krishnan
Ten Centuries
Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)

Group: General Forum Members
Points: 1392 Visits: 809
Thanks Rudy.

As per you, my understanding is below, pls correct if anything wrong.

Which means after changing the SQL services pwd in Active node the new pwd will be replicated to other passive nodes (NO manual changes required on each passive nodes).

Then if you failover to any of the other nodes it will failover without any issues?

also as per you, whatever sql related services in the SQLcluster Group for an instance, those will be replicated to all other passive nodes by cluster services, am i right?

Thanks
Jay
http://www.sqldbops.com
Rudyx - the Doctor
Rudyx - the Doctor
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10732 Visits: 2503
Here are the instructions that we use:


Note – before you begin

The following instructions are for changing service account password ONLY.

These instructions work for Active/Passive clusters and n+1 clusters as well.

If you need to change to a new service account, and hence a new password,
You will have to use the following supplied programs:
• SQL 2000 – Enterprise Manager
• SQL 2005 - SQL Server Configuration Manager

This is necessary since these applications perform a number of functions other than just changing the service account user account and password. This software also:
• Grants the appropriate Local Policy Rights based on the service
• Grants the needed file and directory security permissions
• Grants the needed registry security permissions


How to

Use RDP to log into each physical node of the cluster.

On one node of the cluster only:

Open up the Cluster Administrator via the shortcut on the Desktop.
If there is not a shortcut on the Desktop it can be found at:
Start|Programs|Administrative Tools
Or executed directly by:
Start|Run and entering cluadmin.exe

If the Cluster Administrator does not take you into a cluster immediately,
Go to File|Open Connection
Enter a period in the Open Connection to Cluster dialog box for
the Cluster name or server name


How to

If this is an Active/Passive cluster:
Navigate to the Groups folder in the Cluster Administrator
Navigate to the SQL group and double click on it.
(The right hand pane contains the SQL Server services in the cluster)
Right click on SQL Server Fulltext and select Bring Offline
Right click on SQL Server Agent and select Bring Offline
Right click on SQL Server and select Bring Offline
Note: For a named instance the SQL Services will look like:
SQL Server Service Name (Instance Name)

On each node of the cluster bring up the Services Management.

Open up the services.msc via the shortcut on the Desktop.
If there is not a shortcut on the Desktop it can be found by:
Start|Programs|Administrative Tools
Or from the Desktop
Right click on My Computer and select Manage
Double click on the left pane on:
Computer Management (Local)|Services and Applications|Services
Or executed directly by:
Start|Run and entering services.msc

Tip: Double click on the Log On As column in the right pane and the SQL Server Service Account should ‘float’ up to the top of the list (or very near to it).

For the Active Node of the cluster:
For each SQL Server service account password to change:
Select the SQL Server service to be changed
Right click and select Properties
Select the Log On tab
Modify the password of the selected SQL Server service
For the Passive Node of the cluster:
For each SQL Server service account password to change:
Select the SQL Server service to be changed
Right click and select Properties
Select the Log On tab
Modify the password of the selected SQL Server service
Note: Do Not restart the service(s).

Go back to the Cluster Administrator
(The right hand pane contains the SQL Server services in the cluster)
Right click on SQL Server Fulltext and select Bring Online
Right click on SQL Server Agent and select Bring Online
Right click on SQL Server and select Bring Online


If this is an n+1 cluster:
Navigate to the Groups folder in the Cluster Administrator
Navigate to the SQL group and double click on it.
(The right hand pane contains the SQL Server services in the cluster)
For each named instance:
Right click on SQL Server Fulltext (Instance name )and select Bring Offline
Right click on SQL Server Agent (Instance name) and select Bring Offline
Right click on SQL Server (Instance name) and select Bring Offline

On each node of the cluster bring up the Services Management.

Open up the services.msc via the shortcut on the Desktop.
If there is not a shortcut on the Desktop it can be found by:
Start|Programs|Administrative Tools
Or from the Desktop
Right click on My Computer and select Manage
Double click on the left pane on:
Computer Management (Local)|Services and Applications|Services
Or executed directly by:
Start|Run and entering services.msc

Tip: Double click on the Log On As column in the right pane and the SQL Server Service Account should ‘float’ up to the top of the list (or very near to it).

For each Node of the cluster:
For each named instance:
For each SQL Server service account password to change:
Select the SQL Server service (Instance name) to be changed
Right click and select Properties
Select the Log On tab
Modify the password of the selected SQL Server service
Note: Do Not restart the service(s).

Go back to the Cluster Administrator

For each named instance:
Right click on SQL Server Fulltext (Instance name) and select Bring Online
Right click on SQL Server Agent (Instance name) and select Bring Online
Right click on SQL Server (Instance name) and select Bring Online

Regards
Rudy Komacsar
Senior Database Administrator

"Ave Caesar! - Morituri te salutamus."
Jayakumar Krishnan
Jayakumar Krishnan
Ten Centuries
Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)Ten Centuries (1.4K reputation)

Group: General Forum Members
Points: 1392 Visits: 809
Thanks for your useful tips.

Thanks
Jay
http://www.sqldbops.com
Red8Rain
Red8Rain
Right there with Babe
Right there with Babe (734 reputation)Right there with Babe (734 reputation)Right there with Babe (734 reputation)Right there with Babe (734 reputation)Right there with Babe (734 reputation)Right there with Babe (734 reputation)Right there with Babe (734 reputation)Right there with Babe (734 reputation)

Group: General Forum Members
Points: 734 Visits: 372
anyone know how to change sql 2005 server service password on an active/active cluster via script?

I hate having to click my way thru changing passwords for 50+ servers.

thx

-----------------------------
www.cbtr.net
.: SQL Backup Admin Tool :.
Rudyx - the Doctor
Rudyx - the Doctor
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10732 Visits: 2503
Welcome to my world ... we have enterprise level products that do software patching and password changes for service accounts and the like. They work sell for OS based things most of the time. They seem to work fine for non-clustered SQL servers as well. However they have issues with active/passive clusters and with N+1 clusters when is comes to SQL Server.

Regards
Rudy Komacsar
Senior Database Administrator

"Ave Caesar! - Morituri te salutamus."
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search