A couple of weeks ago, we went live with our BHOLD implementation in Belgium. During this procedure, our customer realized he wanted to change the various service account passwords. This is fairly easy for FIM. You can change the password by re-running the installation and clicking the option to change configuration. Alternatively, you can manually change the password in the service and application pool.
Unfortunately, it’s not that simple for BHOLD. There’s no real official procedure to change the service account password. You can remove and re-install the entire suite while re-using the existing database, but some customers really don’t want to. Thanks to a tip from Eddie Huibers, me and my colleague created a procedure for this.
The problem is that the password is not only stored with the windows service and application pool, but also in the registry. This registry value is encoded, so there’s no simple way of entering your new value there. Instead, we change the SMTP-password (which we can do from the BHOLD interface). Next, BHOLD stores this password in the registry with the same encoding.
To execute this procedure, your environment has to comply to the following prerequisite:
- The BHOLD service account has to be used to configure everything in BHOLD. To check this, open the registery editor. Browse to ‘HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\bhold\FIM’ and see if the value for ‘CoreUser’ and ‘FIMUser’ match the BHOLD service account.
Here we go:
- Open the BHOLD Core portal.
- Click Home.
- Click Values.
- Click Modify.
- Change the ‘Password SMTP Server’ setting. Make sure you use the new password.
- Click OK.
- Click Done.
- Change the BHOLD service account password in Active Directory.
- Open Internet Information Services (IIS) Manager.
- Click Application Pools.
- Select CoreAppPool and click Advanced Settings….
- Click … for the Identity setting.
- Click Set….
- Enter the service account again as ‘User name’. Enter the new password in the ‘Password’ and ‘Confirm password’ field. Click OK.
- Click OK.
- Click OK.
- Execute step 11 through 16 for every application pool that runs under the BHOLD service account.
- Open Services.msc.
- Select Properties of the B1Service.
- Click Log On.
- Enter the new password in the ‘Password’ and ‘Confirm password’ field. Click OK.
- Click Ok if a warning pops up.
- Restart / start the service.
- Execute step 19 through 23 for every service that runs under the BHOLD service account.
- Open Regedit.exe.
- Go to ‘HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\bhold\FIM’ and take a note of the ‘CorePassword’ value.
- Go to ‘HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\bhold\b1Core’ and copy the value of the bholdSMTPServerPassword.
- Go to ‘HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\bhold\FIM’ and paste the value you just copied as CorePassword.
- Execute an IISRESET.
I know it’s not a very elegant way of doing a task that should (i.m.h.o.) be very simple, but I guess it’s better to have some procedure to do this, than none at all…