We have an AF HA environment with 2 AF servers: AFP1 and AFP2. The passwords on the service accounts are due to expire soon and we need to update them with minimal (preferably zero) loss of service. I am proposing the following order:
- Change password for AFP2 Buffer subsystem service account, update the password in the service properties and restart the service.
- The same with AFP2 AF Application service
- The same with the AFP2 AF Analysis service
- The same with the AFP2 AF Notification Service
- Check that AFP2 is all up and running
- Repeat on AFP1
My logic is that
- most clients will be connected to AFP1 (does AF load balance?) so we do AFP2 first to ensure that when AFP1 is done, there is a viable failover alternative
- and that we do buffer, then application, then analysis, then Notifications because that's probably the order they start up. I would check the dependencies first though, to be sure.
Is this a good workflow? Or should we hold-off actually restarting the services on a server untill all the passwords have been changed and all the service properties updated?