[Today's post comes to us courtesy of Justin Crosby and Damian Leibaschoff from Commercial Technical Support]
If your SharePoint service account passwords ever become out-of-sync, you will have issues trying to access http://companyweb . The most common error you will see is “ HTTP Error 503. The service is unavailable. ” While this is the most common symptom, there are also several others depending on where you look and what account is out-of-sync, we have included many more symptoms toward the end of this post.
In SBS 2011, we use 3 different accounts to run Windows SharePoint Foundation. The accounts we use are spfarm, spsearch, and spwebapp. For security reasons the passwords on these accounts are periodically reset. SharePoint manages the spsearch and spwebapp accounts and the Windows SBS Manager service manages the spfarm account. All of these accounts can be found under MyBusiness > Users > SBS Users.
Display Name |
Logon Account |
SharePoint Farm Account |
spfarm |
SharePoint Search Service Account |
spsearch |
Windows SBS Internal Web site Account |
spwebapp |
The password for spfarm is reset every 7 days that the Windows SBS Manager service is running. The passwords or spsearch and spwebapp are reset the first day of each month.
In addition to these passwords being stored in AD, they are also kept in the SharePoint configuration database and the services database. Due to this, the passwords can become out of sync. Passwords may get out of sync or expire due to the following causes:
Of all these possible causes, the most common is restoring a database that contains an old password.
To check if your passwords are in sync, run the SharePoint 2010 Management Shell as an administrator. From the powershell then run Repair-SPManagedAccountDeployment . If one or more of the passwords is out-of-sync it will return an error.
If you receive an error that your passwords are out of sync, perform the following steps for each out-of-sync account to resolve the issue.
If your passwords are out of sync you may receive one or more of the following errors:
Log Name: System
Source: Microsoft-Windows-WAS
Event ID: 5002
Level: Error
Computer: server.domain.local
Description: Application pool 'SBS Sharepoint AppPool' is being automatically disabled due to a series of failures in the process(es) serving that application pool.
Log Name: System
Source: Microsoft-Windows-WAS
Event ID: 5021
Level: Warning
Computer: server.domain.local
Description: The identity of application pool SBS Sharepoint AppPool is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
Log Name: System
Source: Microsoft-Windows-WAS
Event ID: 5057
Level: Warning
Computer: server.domain.local
Description: Application pool SBS Sharepoint AppPool has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
Computer: server.domain.local
Description: An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: SERVER$
Account Domain: domain
Logon ID: 0x3e7
Logon Type: 4
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: spwebapp
Account Domain: domain
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Following services may fail to start with a logon failure:
9/9/2011 : We have identified another cause of the 503 error and have detailed it here: http://blogs.technet.com/b/sbs/archive/2011/09/01/an-uncommon-reason-why-browsing-companyweb-ma... .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.