If your SharePoint service account passwords ever become out-of-sync, you will have issues trying to access http://companyweb. The most common error you will see is “HTTP Error 503. The service is unavailable.” While this is the most common symptom, there are also several others depending on where you look and what account is out-of-sync, we have included many more symptoms toward the end of this post.
In SBS 2011, we use 3 different accounts to run Windows SharePoint Foundation. The accounts we use are spfarm, spsearch, and spwebapp. For security reasons the passwords on these accounts are periodically reset. SharePoint manages the spsearch and spwebapp accounts and the Windows SBS Manager service manages the spfarm account. All of these accounts can be found under MyBusiness > Users > SBS Users.
|Display Name||Logon Account|
|SharePoint Farm Account||spfarm|
|SharePoint Search Service Account||spsearch|
|Windows SBS Internal Web site Account||spwebapp|
The password for spfarm is reset every 7 days that the Windows SBS Manager service is running. The passwords or spsearch and spwebapp are reset the first day of each month.
In addition to these passwords being stored in AD, they are also kept in the SharePoint configuration database and the services database. Due to this, the passwords can become out of sync. Passwords may get out of sync or expire due to the following causes:
- A SharePoint database is restored that contains an out of date password.
- The Windows SBS Manager service is broken/disabled.
- The Windows SBS Manager is never allowed to run more than 7 days (server is rebooted ever <7 days).
- The accounts passwords expire due to a combination of password expiration policy and date change. I.e. your passwords must be reset every 180 days and you change the date by more than 180 days.
- You change your password policy to require passwords be changed more often than every 31 days.
- Failed migration.
Of all these possible causes, the most common is restoring a database that contains an old password.
To check if your passwords are in sync, run the SharePoint 2010 Management Shell as an administrator. From the powershell then run Repair-SPManagedAccountDeployment. If one or more of the passwords is out-of-sync it will return an error.
If you receive an error that your passwords are out of sync, perform the following steps for each out-of-sync account to resolve the issue.
- Reset the AD password for the out-of-sync account(s), the accounts can be found under MyBusiness>Users>SBSUsers. Please see above for more information on the accounts. Note: Be sure to uncheck “User must change password at next logon”
- Sync the password for the account(s) from elevated SharePoint 2010 Management Shell (replace accountname with the affected account):
Set-SPManagedAccount -UseExistingPassword -Identity $env:userdomain\accountname
- Run repair to verify that passwords are synced:
- IISreset /noforce