We were thinking to change the password for Epicor admin user ID and SQL database admin user ID for production servers. I am not not sure about the difficulty level and risk level associated with this.
From my analysis I saw internally there are many impacted areas if we change these two passwords. There is no document available to get the list of impacted spots for this change and I did not find any straight forward KB on this.
Anyone has experience on this change these two passwords on live environment? If yes, can you please share your experience how much difficult it is and risk factors of this implementation.
I’d definiety make sure you have other E10 users with Security Manager rights before changing the password for the manager user.
I’ve not really got a good handle on what user/password is used where. But I can tell you some things I’ve run into.
The user and password set in the EAC App Config -> App Server -> App Server Settings -> App Pool. Must always be active and correct. We originally used an account that required regular pw changes, and when this would expire, the App pool would stop working.
If your App uses Windows endpoint binding, a domain user trying to do maintenance to that App, must be a Security Manager. We also setup an another App to our production DB, that uses UsernameWindowsChannel endpoint binding. This way anyone could log in as the manager (given they know the password).
Not having the correct rights on the SQL server and App server (I’m talking about at the O/S level on the machines), can cause issues when deploying an App. Especially if you’re importing SSRS reports too.
@ckrusen thanks for your response I mean two different user ID, one is a domain user we use it as Epicor admin user…this domain user ID was used to setup Epicor apps server such as IIS, Application pool as well as database server…the 2nd user ID is SQL admin user ID “sa”…I am not sure the impact of change password for this user ID “sa”. I am trying to understand it clearly because I don’t want to take any risk on production servers.
I changed our main admin account before we live a couple weeks ago. @ckrusen pointed out everything I would point out. The biggest thing is making sure you have another security manager account. If you don’t, you could be in a bad situation.
@ckrusen seems like it is similar like our environment. I am trying it first on a test server, I just change the domain user ID we are using and it gives us lots of error to get the EAC connected. I have fixed some errors and still it is not connected. It gives different types of error on different stages. I have’t change the password for SQL admin yet, just the domain user password. I am afraid if this same thing happen if I change the password for production server we will be in trouble. I guess this process is not straight forward to do this on production server.
We use Windows endpoint binding, so the credentials of the user logged into the computer are passed onto program.
If I log into the computer running the app server as ckrusen, I can launch EAC. But I get a connection issue when I select our Production App.
That is because the E10 user associated with my ckrusen domain user is not a Sec Manager.
While logged into the App computer as ckrusen, I can connect to the app, on if I launch EAC as a different user (hold down SHIFT, and right click the EAC shortcut, and select “Run as a different user”)
I enter my credentials for my exas_ckrusen domain user and then EAC is running like user exas_ckrusen was logged into the computer. Then when I select our Production App, it connects with no problem.
Edit
In a nutshell … When using Windows endpoint binding, the user that launches EAC must be tied to an E10 user account that is a Sec Manager.
@mhossain - One more thing that took me forever to realize …
You can’t connect to a stopped App. So if you select an app that is stopped, you’ll get:
So if your like me and you tend to first select a UI control before right clicking it. You get the above. Just close that out, right click the App and select “Start Application Pool”
After it starts, right click the App and select “Connect to Application Server”