Changing Service accounts in A Cluster

  • garryha

    Old Hand

    Points: 388

    I need to change the SQL server service and agent service accounts on my SQL server instances.  However they are in a 2 node active/passive cluster configuration.

    I am not sure how to proceed, what is the best process to change the accounts?

  • John Mitchell-245523

    SSC Guru

    Points: 148259

    Fail over so that both/all instances are on Node 1.  Change the service accounts on Node 2.  Fail over both/all instances Node 2.  Change the service accounts on Node 1.  Fail each instance back to its starting location.

    John

  • garryha

    Old Hand

    Points: 388

    I have said Instance, thereby implying I am using FCI, I am using just Availability Groups.  I need to change the SQL Server service and Agent account on both sql server instances where there is always on using availability groups.

  • John Mitchell-245523

    SSC Guru

    Points: 148259

    Same principle.  Fail over all AGs to one node, do whatever maintenance you need on the other, then do it again in reverse.  I take it you don't have any non-AG production databases on either of the nodes?

    John

  • garryha

    Old Hand

    Points: 388

    No, there are no no-AG databases.  Ok thanks for the reply seems simple enough - failover AGs to primary, change SQL Server/Agent accounts on secondary and then do the same in reverse.

  • garryha

    Old Hand

    Points: 388

    I have tried changing the SQL Server Agent account first through Configuration Manager.  However after entering the new service account name and password and hitting the apply button I get the following error -

    'The specified network password is not correct.'

    Having checked the password is correct I am at a loss as to what is wrong.  I am an admin on the box but not a domain admin, but I have changed this before from the default to using a gMSA account, however now we are having to go with just a normal domain service account.

  • CanIKickIT

    Old Hand

    Points: 359

    Ensure your sysadmin hasn't left the 'User must change password at first login' checkbox checked when he\she created the service accounts.

    • This reply was modified 3 months ago by  CanIKickIT.
  • BrownCoat42

    SSC Journeyman

    Points: 87

    On a GMSA, make sure you assign the account permissions in Windows. Depending on the application I have found that logon as service, logon as a batch and log on locally have been required. I usually assign all three of those. depending on the service, it may need to use the local profile, which would require logon rights and there can be some things that require batch logon rights.

Viewing 8 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply