You notice that the account you are using to protect AppAssure agents is consistently blocked. You determine that the cause is an account password change. The cores is still holding the previous credentials and locks the account every time the core service starts due to attempting to connect to the protected agents multiple times.
You want to be able to change the account credentials without locking the account again.
Warning: All scripts provided in this article are meant to be used as examples are not supported.
Apparently there is no good solution to this issue, especially if the locked account is used by different other applications as well. It is not possible to change the account password while the core service is offline as it is encrypted and the account will be locked if the core service is started.
However, a workaround exists. The solution is replacing the username for the credentials and default metadata credentials, which are held in plain text with a dummy user. After this operation and starting the core service, all affected agents can be repared via bulk protect to push the new credentials.
To work around the issue please do the following:
1. Stop the core service and unlock the account.
2. Run the attached script on the core with the issue.
The script needs powershell 3.0 or later (it checks the powershell version automatically). Once a supported powershell version is found, a user prompt asks for the desired replacement username and a gridview control opens up, allowing selecting the agents to process.
After the agents are selected, the new user name is applied both on the credentials and metadata credentials on each previously selected agent.
The progress of the operation is shown on the screen.
3. Start the core service, wait for the repository check to end and use bulk protect to repair the agents.
The code for the script is shown below between horizontal lines and attached to this KB.