AnsweredAssumed Answered

AF Service Account password change procedure

Question asked by AlistairFrith on Nov 28, 2016
Latest reply on Nov 29, 2016 by vkaufmann

We have an AF HA environment with 2 AF servers: AFP1 and AFP2. The passwords on the service accounts are due to expire soon and we need to update them with minimal (preferably zero) loss of service. I am proposing the following order:

    1. Change password for AFP2 Buffer subsystem service account, update the password in the service properties and restart the service.
    2. The same with AFP2 AF Application service
    3. The same with the AFP2 AF Analysis service
    4. The same with the AFP2 AF Notification Service
    5. Check that AFP2 is all up and running
    6. Repeat on AFP1

My logic is that

  • most clients will be connected to AFP1 (does AF load balance?) so we do AFP2 first to ensure that when AFP1 is done, there is a viable failover alternative
  • and that we do buffer, then application, then analysis, then Notifications because that's probably the order they start up. I would check the dependencies first though, to be sure.

 

Is this a good workflow? Or should we hold-off actually restarting the services on a server untill all the passwords have been changed and all the service properties updated?

Outcomes