We have changed the administrator password on Windows level on all the DMA servers in the cluster.
Somehow overnight the password is being reset to the old one again.
This has happened several times already, so something is automatically resetting the password to the old one.
Is there a mechanism in DataMiner that sets the password for the Administrator user automatically?
Is there a way to find out what is resetting that password to the old one?
Hi Jeroen,
for local users it's always adviced to change things in cube itself since we have a sync mechanism in the sync info files
The folder containing the actions for the admin sync is located at:
C:\Skyline DataMiner\Files\SyncInfo{DO_NOT_REMOVE_68EE4388-7EF6-4cb4-B38F-5E0045175340}.xml
e.g. if you would remove a user on windows level, DataMiner still knows it and will just add it again on Windows level
We don't store any passwords there, this is purely done on Windows level but to make sure we know what happened with the users you should change the password in Cube.
There is a "changeAtNextLogon="false"" in there, maybe that one could trigger a reset tho? If DataMiner would be the culprit the change should be triggered at midnight sync, otherwise you would indeed need to check for a 3rd party tool in the event viewer
As a conclusion:
Could you try to change your password in cube and come back if that worked or not?
I might be missing something but I thought that Cube doesn’t allow changing the password of the built-in administrator account?
Hi Jens,
in the past it was definitely possible, this might have changed, on my server the local admin is disabled so i can’t test it out
In any case, then you can just look at the sync info file, if nothing indicates that things should be synced/changed, then it’s likely not DataMiner that resets the password
This is not an answer for the DataMiner question you had but additional information may help…
I have experienced domain policies being pushed at midnight causing similar issues for example.
You can search windows event logs –> security for changes on the system.
The following entries are unique to windows based systems that will help you track password changes:
EVENT ID 4723 – An attempt was made to change an account’s password.
EVENT ID 4724 – An attempt was made to reset an account password.
an example of the response from event
An attempt was made to change an account’s password.
Subject:
Security ID: WIN-R9H529RIO4YAdministrator
Account Name: Administrator
Account Domain: WIN-R9H529RIO4Y
Logon ID: 0x1fd23
Target Account:
Security ID: WIN-R9H529RIO4YAdministrator
Account Name: Administrator
Account Domain: WIN-R9H529RIO4Y
Additional Information:
Privileges