It is always a good idea to rotate critical system passwords on any server to prevent security breaches. The best example of this is rotating the password for the console admin account. However, changing the passwords for system accounts can often create unpredictable problems if you don't know how to update the rest of the system to use the same passwords for that account. Sometimes this is unavoidable, especially if a tool has been used to change the system accounts.
With Exchange Server, changing the password for the Exchange Server service account can cause it not to start, especially if it's been changed in the User Manager for Domains utility but not also updated in the Exchange Server Administrator. Here's how to make sure that doesn't happen:
- On the Exchange Server machine, open Control Panel | Services (or Control Panel | Administrative Tools | Services if you're using Windows 2000 Server) and select the Directory service.
- Under the Log On tab, reset the password for the Directory service to match the username and new password for the Exchange Server service account. Click OK.
- Update the System Attendant Service in the same fashion.
- Open the Exchange Server Administrator, select the Configuration container and bring up its Properties page.
- Select the Service Account Password tab and go to the Service Account Password Change dialog box.
- Type in and confirm the new password.
- Upon clicking
- OK, the message "Initializing Service Account Password Change" will appear for all the servers on your site.
- Stop and restart all Exchange Server services.
Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter.
This was first published in November 2002