000039410 - How to change the Password for the Service Account that is used with Archer services and Web server

Document created by RSA Customer Support Employee on Jan 12, 2021
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039410
Applies ToProduct Set: Archer Suite
Product/Service Type: Archer (On-Premise)/ Archer SaaS/Hosted 
Version/Condition: 6.x
Platform: Windows Server 2012 R2/ Windows Server 2016/Windows Server 2019
IssueThe purpose of this article is to explain how to change the password for the Archer service account that is used with the Archer services and Web server.

Situations, where you may need to reset the Archer service account, include:
  • Your organizations' security policy mandates that the password for the Archer service is reset once a year.
  • Compromise the password of the Archer service account that you will need to reset it.
Resolution
  1. Single-host configuration   
    1. Single host means:
       
      1. Web server and Service server are on the same server.
      2. Either Domain account or Window native account is used to manage Archer service and Web.
       
    2. Reset the password for the Archer services.
       
      1. Login to each Archer server 
      2. Then, type "Services.msc" and press Enter or press OK.
       

User-added image
 


  1. Scroll until the RSA Services appear.
  2. Right-click each RSA Service 'Configuration, Job EngineQueuingLDAP SynchronizationIndexing, Workflow' > Properties.
  3. Go to the Logon tab and select 'This Account' and type in the new password > Click Apply > Ok
  4. You will need to do that for each Archer service, and we will need to restart each Archer service by right click on each Archer service and restart 

User-added image
 


  1. Reset the password for the Archer service account that is used with Archer Application Pool.

    1. Press the Windows + R keys to open the Run window. 
    2. Then, type 'inetmgr' and press Enter or press OK.
    3. Locate Archer application pool that is us by Archer, right-click Advanced Settings.
    4. Then the Identity box in the "Process Model" section, click the three dots on the right of the box under Identify. 
    5. Type in the username [if you are using the domain ensure you type in the domain name before the domain username] and the new password.
    6. Then click Ok > Ok.
    7. You will need to restart the IIS service [Open a Command Prompt as Administrator > type in iisreset].

User-added image

 

  1. Multi-host configuration
    1. Multihost means. 
       
      1. Have a minimum of one Web server and one Service server on a separate server.
      2. Domain account is used to manage the Archer services with the Service servers and Web servers. 
       
    2. Reset the password for the Archer service account. 
       
      1. Login to each Archer server 
      2. Then, type "Services.msc" and press Enter or press OK.
      3. Scroll until the RSA Services appear.
      4. Right-click each RSA Service 'Configuration, Job EngineQueuingLDAP SynchronizationIndexing, Workflow' > Properties.
      5. Go to the Logon tab and select 'This Account' and type in the new password.
      6. Go to the Logon tab and select 'This Account' and type in the new password > Click Apply > Ok
      7. You will need to do that for each Archer service
      8. You will need to do that for each Archer service, and we will need to restart each Archer service by right click on each Archer service and restart 
      9. You may see step 1.b.[i,ii,iii,iv,v,vi]
       
  

  1. Reset the password for the Archer service account that is used with Archer Application Pool/ Company_Files folder.

    1. Reset the password for the Archer Application Pool. 

       
      • Press the Windows + R keys to open the Run window. 
      • Then, type 'inetmgr' and press Enter or press OK.
      • Locate Archer application pool that is us by Archer, right-click Advanced Settings.
      • Then the Identity box in the "Process Model" section, click the three dots on the right of the box under Identify. 
      • Type in the username [if you are using the domain ensure you type in the domain name before the domain username] and the new password. 
      • Then click Ok > Ok.
      • You will need to restart the IIS service [Open a Command Prompt as Administrator > type in iisreset].
      • You may see step 1.c.[i,ii,iii,iv,v,vi,vi,vii]
       
    2. Reset the password for the Company_Files folder.
       
      • Login to IIS manager, either on the site level or the Default Web Site level (depending on how the website structure was installed). 
      • Right-click the Company_files folder > Click Advanced settings (under Action right site). 
      • Then click the three dots next to Physical Path Credential. 
      • Type in the username [if you are using the domain ensure you type in the domain name before the domain username] and the new password. 
      • Then click Ok > Ok.
      • You will need to restart the IIS service [Open a Command Prompt as Administrator > type in iisreset].
      • You will need to do it on each Web server.
       

User-added image


Notes:
  1. Please consider the following when you change the password for the Archer Service account:
    1. If you use the Archer service account with the Data Publication, you will need to update the password: Administration >  Integration > Data Publication > update the password 
    2. If you use the Archer service account with the LDAP configuration in Archer, you will need to update the password: Administration > Access Control > LDAP Configurations > Configurations tab > update the password 
    3. Anywhere that the Archer service account credentials are leveraged need to be updated with the new credentials. 
  2. Please avoid the following. 
    1. Do not use the Archer Service account with the Archer to Archer Data Feed. You may lock the account.
    2. Do not use the Archer Service account with the LDAP configuration in Archer and create a separate account for the LDAP configuration. You may lock the account.
    3. Do not use the Archer Service account with the API tools and create a separate account for the API tools. You may lock the account.

 

Attachments

    Outcomes