Change Web Application Service Account

Configurations for changing a Web Application account are needed at many different locations including System, IIS, and Database. If you just changed an Application Pool identity directly from IIS, you may get an error message of “Cannot Connect to the configuration database.” So, I recommend you to use the method that SharePoint provides and will describe what SharePoint does when applying it.

How to change to a new account (SPNOTE\SP_PortalApp2) and what happened after applying it.

  1. Create a new account
    ex) SPNOTE\SP_PortalApp2 (current: SP_PortalApp)
    1. Create an account as a domain user
      clip_image001
      clip_image002
  2. Register the account as managed account and configure it for a Web Application Pool
    1. Move to Central Admin > Security > Configure managed accounts
      - Register as managed account
      clip_image003
    2. Move to Central Admin > Security > Configure service accounts
    3. Select a Web Application Pool and the new account (SP_PortalApp2)
      clip_image005
    4. Click OK
      - When you click OK, you will see this message. You should run “IISRESET /NOFORCE” on all servers in the farm. Application Pool for each Web App is changed automatically though. Refer to 3.3)
      clip_image006
  3. What has happened after applying it?
    - SharePoint automates various configurations to the System, IIS, and SQL Server
    1. The user has added into three groups
      - IIS_IUSRS, Performance Monitor Users, WSS_WPG
      clip_image007
    2. Application Pool Identity has changed
      clip_image008
    3. The Application Pool is recycled
      clip_image010
      clip_image012
    4. The user has added to related SharePoint databases (For my environment)
      - Owners: ProfileDB , SocialDB, SyncDB, WSS_Content_Intranet
      - WSS_Content_Application_Pools: SharePoint_AdminContent, SharePoint_Config, StateService
      # ex) WSS_Content_Intranet (http://intranet.spnote.dev)
      clip_image013
      * When you change the service account to another one ex) SP_PortalAppNew and delete from Managed Accounts, the SP_PortalApp2 still exists in WSS_Content_Intranet Database. This means SharePoint doesn’t delete the user(SP_PortalApp2) from the Database automatically.
  4. Access to the site (http://intranet.spnote.dev)
    1. I faced the error “Cannot Connect to the configuration database.”
      - At this time I didn’t run the IISRESET and you may notice all credentials must be updated. If you have multiple servers in a farm, then this PowerShell script may help you.
      clip_image015
    2. Run the IISRESET /NOFORCE
      clip_image016
    3. Access again
      - Fill account information
      clip_image018
      - It works fine
      clip_image020

Add comment

Loading