none
SQL Service Password Change in AlwaysOn Setup RRS feed

  • Question

  • HI,

    We have a 4 node AlwaysOn cluster with 4 databases (and 4 AGs), and we need to change the password of the SQL Service Account. Would it be a good idea to -

    • Failover all the 4 AGs to 2 of the nodes (maybe with 2 DBs primary each) , making them Primary, 
    • Update the now Secondary Nodes' passwords and restart the services
    • Failover all 4 AGs to the Password updated Servers
    • Change the password and restart the services

    Effort is to do it with minimum impact.

    Any ideas?

    Thanks!


    Thanks very much, Manoj Deshpande.

    Wednesday, August 6, 2014 10:48 AM

Answers

  • Final word on this. There is no need for failover and password change. You should be doing the update on all the nodes. The nodes running on new password would not be able to communicate with the services with old password (which would cease to work if restarted without new password), and hence you would not be able to failover. The net downtime appears to be minimum if all the nodes are updated simultaneously. Good if you have an automated tool that updates the password for the account, changes it in the target servers and restarts the services - minimum impact.

    Hope that helps!


    Thanks very much, Manoj Deshpande.

    Saturday, August 9, 2014 7:30 AM

All replies

  • Have you considered updating the sql service account password  to all the secondaries then failover to one of them and finally change it to the remain one ?

    Javier Villegas | @javier_villhttp://sql-javier-villegas.blogspot.com/

    Please click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if a post has been useful to you

    Wednesday, August 6, 2014 11:47 AM
  • Thanks Javier, we can do that.

    Just to confirm a old concept. When we change the password on 2 (or 3), the remaining services would still continue to run with the old password until restarted right?


    Thanks very much, Manoj Deshpande.

    Friday, August 8, 2014 7:10 PM
  • Hi,

    It should be OK for a while . you should failover and change the SQL Account password on the other server soon 


    Javier Villegas | @javier_villhttp://sql-javier-villegas.blogspot.com/

    Please click "Propose As Answer" if a post solves your problem or "Vote As Helpful" if a post has been useful to you

    Friday, August 8, 2014 7:28 PM
  • Final word on this. There is no need for failover and password change. You should be doing the update on all the nodes. The nodes running on new password would not be able to communicate with the services with old password (which would cease to work if restarted without new password), and hence you would not be able to failover. The net downtime appears to be minimum if all the nodes are updated simultaneously. Good if you have an automated tool that updates the password for the account, changes it in the target servers and restarts the services - minimum impact.

    Hope that helps!


    Thanks very much, Manoj Deshpande.

    Saturday, August 9, 2014 7:30 AM