Microsoft SharePoint Server 2010 comes with many great features and evolved functionality which just works. It’s great! Does what it says on the Tin and provides a platform for mass application and process integration across Enterprises.
There are a few flies though in the ointment. Apart from the Central Administration navigation and menu’s that appear to have been thrown together with little regard for logic, one particular fly that I have had to bail out a couple of clients on is the ‘Configure managed accounts’ error per the screen below:
This error is what Admins get when trying to leverage the ‘enable automatic password change’ feature when manually configuring a SharePoint farm and assigning managed service accounts.
This ‘automatic password change’ feature is a great addition; it means that you don’t have to worry about server service account crashing services when their passwords change due to corporate AD policies. What happens is SharePoint manages this by changing the password automatically if configured to do so!
The one pre-requisite is that the AD integration of this feature means it will only work with the latest version of AD when running in FULL 2008 native functional mode. It does not work in mixed mode.
However irrespective of the AD mode or version of AD you are running you get the above error IF you try to both create the account AND set the ‘enable automatic password change’ feature. This looks like the example screen shot below:
DO NOT complete the screen as above, it creates the error.
If you are reading this you are likely worried that you have lost access to your ‘Register managed Account’ page, and be seeking a remedy.
It is not hard to fix.
1. Logon to the SharePoint Server
2. From the Programs Menu initiate the SharePoint 2010 Management Shell. This is in effect a PowerShell console with SharePoint command Letts.
3. run Get-SPManagedAccount to get the list of registered accounts, something like the screenshot below:
4. You should see the account you created just before experiencing the error.
5. Make a note of the account you created in DOMAIN\logon format
6. In Powershell run Remove-SPManagedAccount command.
7. When prompted provide the name of the account to be deleted. Something like the screenshot below:
8. Go back to the Central Administrator > Security > ‘Configure Managed Accounts’ section and re-try loading the page. It should load cleanly now.
Once the troublesome account is removed you will regain access to the ‘Register managed Account’ page.
Obviously you are left still with an unregistered account, a desire to register it and tick the ‘Enable automatic password change’.
So this time to avoid the error again the process is simple, but not intuitively clear:
1. Create the new account FIRST in the ‘Register managed Account’ page. Completing the screen as below. DO NOT tick ‘Enable automatic password change’.
2. Once you have created the account go back into the ‘Register managed Account’ page and you can then tick the ‘Enable automatic password change’ box without fear of creating the error.
Microsoft if you are reading how about:
a) Do a quick code round trip on AD and validate 1st if it is running in a compliant mode for the ‘Enable automatic password change’ feature. If AD is not then simply DO NOT DISPLAY THE OPTION!
b) If the AD is compliant please fix what appears to be a ‘NULL’ exception error when the record is set in the DB when ticking the ‘Enable automatic password change’ at account creation.
Yup one to be fixed in SP2 we hope!