SharePointPS Search Service locking out the service user account
Posted on March 30, 2006, under Web Dev/Tech.
I decided to change the password on a service account we are using to run one of our SharePoint Portal 2003 instances to make it a little more secure. However, while I was in the process of restarting everything, the user account got locked out! It kept getting locked out as I did testing, and apparently it looked like I had left the wrong password somewhere. I went back and checked all the places I had changed the account password:
- Services: SharePoint related
- Services: SQL Server related
- IIS App Pools
- I even peeked inside SQL Server to see if I missed something there
I changed the password in those locations several times, but the account kept getting locked out. Argh! I finally was able to track down that the account locking seemed to happen after starting the “Microsoft SharePointPS Search” service. From there, with the help of our Windows Administrator, we were able to track down enough to find the solution.We noticed that the first issue in the event log when this happened was the following error:
Event Type: Error
Event Source: Microsoft SharePointPS Search Service
Event Category: Gatherer
Event ID: 3028
Description:
The gatherer object cannot be initialized.Context: http:/// Application, Autocat_train$$$ Catalog
Details: Logon failure: unknown user name or bad password. (0×8007052e)
I used some of that information to do some searching around, and came upon a newsgroup posting that solved the problem for me. Apparently the old password must stay cached in SharePoint if the username doesn’t change. At least this appears to be the issue. So per the leading of the newsgroup post, I took the following actions to fix the problem - which I’ll write in present tense in case someone else is trying to fix this issue:
- Add another Login to the SQL server with the Server Roles of “Database Creator” and “Security Administrator“
- Open up SharePoint Central Administration
- Under Server Configuration, click Configure Server Farm Account Settings
- Change both the accounts for “Configuration Database Administration” and “Default Content Access” to be the new account that was added to SQL.
- After the user change is made, run a Full Import search on both Portal and Non-Portal content in SharePoint. I’m not sure this step is necessary, but I went ahead and did it for good measure.
- Once SharePoint sucessfully re-indexes using the new account, go back to the Configure Server Farm Account Settings, and change the user accounts back to the desired service account - with the new password.
- After the account change, once again re-index your content.
Once I had taken all those steps, everything ran great! No more account lockout, and the SharePoint world is up and running well.
6 Replies to "SharePointPS Search Service locking out the service user account"
jess on February 19, 2007
Amar,
I have found that I have to log into Central Administration directly on the server itself. I Remote Desktop into the server, and then open the admin web interface that way. Have you tried that?
jess on February 19, 2007
You might also try using another domain or local admin account to log in to the Central Administration. I’m not sure how you set up your permissions, but if you use the same account that is locked, you will need to try to access the admin through another account.
Dan on June 13, 2007
I am also in the same situation as Amarjeetsingh. When i click on central administration it takes me to a web page that says “Service Unavailable” I have changed the account on all the services to a functioning administrator account. It still doesn’t seem to work.
jess on June 13, 2007
Dan,
Have you checked the app pool account for the Central Administration site?
Roberto Santizo on February 13, 2008
I had the same problem that Amar, but as Jess wrote the solution for me was update the new password in the aplicationpool in the ISS, tnaks Jess for the tip
AmarjeetSingh on February 19, 2007
Hi,
I face the similar problem but not able to execute point 3 as I am not able ot open up sharepoint central administraton.
Please suggest.
Thanks and Regds.
Amar.