cancel
Showing results for 
Search instead for 
Did you mean: 

An account linked in AD needs to be changed

Hi everyone,

In EPO, I have an account somewhere that links the EPO to our active directory. The problem is that the other day, the username that is linked to the EPO changed his password and it created us some problems. He had to put back his old password again.

I would like to know:

Where I can find this account in EPO?

How can I change the username?

What are the consequences of changing the username?

And what kind of rights is necessary to link another account.

I would like to create a generic account (mcafee for example) instead of the actual one. The actual user is full domain admin but I do not think I need that much to make the EPO and AD to talk to each other.

Thank you for your help!

Dag

13 Replies

Re: An account linked in AD needs to be changed

I found this in the server task:

Capture.JPG

As you can see, the task owner is adminlechev. It is the account name that I want to change but I do not know how.

tkinkead
Level 12
Report Inappropriate Content
Message 3 of 14

Re: An account linked in AD needs to be changed

Look under Registered Servers for the LDAP server.

Re: An account linked in AD needs to be changed

i only see that information:

Capture.JPG

It does not seem that I have any information related to the login. How can I find the username?

Thank you!

tkinkead
Level 12
Report Inappropriate Content
Message 5 of 14

Re: An account linked in AD needs to be changed

Click the edit button at the bottom.

Re: An account linked in AD needs to be changed

I do not think that it is not related to the LDAP. We made a test this afternon and changed the adminlechev password and we cannot do anything anymore with mcafee. We cannot log in at all with our mcafee admin accounts.

The system says Invalid credentials at the login prompt and goes to a blank page like this:

Capture.JPG

What could cause this?

Thank you!

tkinkead
Level 12
Report Inappropriate Content
Message 7 of 14

Re: An account linked in AD needs to be changed

Was that account being used for ePO to authenticate to the database?  Check this file:

[ePO Install Location]\McAfee\ePolicy Orchestrator\Server\conf\orion\db.properties

Check the "db.user.name" field and see if that account is being used to connect to the database server.

Re: An account linked in AD needs to be changed

You found something. Look:

How can I change that information? Do I have to edit this file?

tkinkead
Level 12
Report Inappropriate Content
Message 9 of 14

Re: An account linked in AD needs to be changed

Yes.  Change the db.user.name field, the db.user.domain field (if relevant) to the account you want to use.

Change the db.user.passwd.encrypted.ex2 field to just say "db.user.passwd" and put the password into the file in clear text.

After you've done this, go to https://{eposerver}:8443/core/config-auth and reconfigure the password through the GUI.  This will trigger ePO to re-encrypt the password.

Re: An account linked in AD needs to be changed

All is looking fine but I still got an error message.

test failed: Cannot open database "EPO_VM-Mcafee-PRD1" requested by the login. The login failed.

here is what I have done:

1- Created a new AD user. Gave him admin rights to start with.

2- Login with the new user. The account is working.

3- Created a new user in EPO with the same credentials as AD.

4- Logged in with the link you have given me. I can login.

5- The next page is Configure database settings. When I click on test connection I always have the error message you see above. I have checked and rechecked the account credentials information and they all fit. What am I missing here?