Changing service account credentials in SharePoint is always an adventure. You never know whether something’s going to go wrong, leading to an afternoon’s worth of searching for expired credentials, updating them, and hoping that’s the last one. So you can imagine how I felt when I found out that one of our SharePoint instances wasn’t working because the employee who had set it up using his own account (one of those rookie mistakes, I suppose) had left. His account had naturally been disabled and so the SharePoint timer service couldn’t run. Because the farm administrator’s account was disabled Central Administration couldn’t be used to change any managed account credentials as it is inaccessible along with the other SharePoint sites.
In cases like this it is necessary to go back to the days of our friend STSADM. Yes, even though Microsoft has been moving towards PowerShell for many SharePoint command line operations, changing farm credentials is not one of them. On the primary SharePoint (Central Administration) server, run:
stsadm –o updatefarmcredentials –userlogin <DOMAIN\username> –password <password>
On all the other servers in the farm, run:
stsadm –o updatefarmcredentials –userlogin <DOMAIN\username> –password <password> -local
Make sure the “-local” switch is included, otherwise the update commands will conflict.
As is often the case with SharePoint, an iisreset /noforce is necessary.
Now that the farm account was taken care of, it was time to determine what else was broken. Since we now had access to Central Administration it was now possible to change most accounts via Security > Configure Service Accounts. However, attempting to change the Distributed Cache account will lead to the following error message:
Sorry, something went wrong
Distributed Cache Service does not support this operation from Central Administration. Please use Sharepoint Powershell commandlets.
(Ah, Microsoft…one minute you want me to use STSADM and another you want me to use PowerShell…)
Googling this error leads to the following blog post:
https://technet.microsoft.com/en-us/library/jj219613.aspx
There’s a section on this page – Change the Service Account – which tells you what needs to be done, with one exception: the script provided doesn’t have line breaks!
Here is the proper script:
$farm = Get-SPFarm
$cacheService = $farm.Services | where {$_.Name -eq "AppFabricCachingService"}
$accnt = Get-SPManagedAccount -Identity <DOMAIN\username>
$cacheService.ProcessIdentity.CurrentIdentityType = "SpecificUser"
$cacheService.ProcessIdentity.ManagedAccount = $accnt
$cacheService.ProcessIdentity.Update()
$cacheService.ProcessIdentity.Deploy()
Run this command as a PowerShell administrator and your Distributed Cache should be back up and running. At least until you discover those other services running under that same account….