All,


I know this error is most terrifying and top 10 box office worried error, as you all already goggled about this and everyone say to create a separate config DB and then run PSConfig. That’s not true. We can get rid of that error with few stsadm commands. This is what you need to perform.


So with stsadm, I went through the following steps:

First, to fix the central admin account’s decryption key used to drive the app pools, complete the following on the server running the Admin site –

  • From the bin directory, run Stsadm –o updatefarmcredentials –userlogin -password \name>
  • Then run iisreset /noforce.

On each other server in the farm, you will need to perform the following step –

  • As each server stores an encrypted version of the admin account password, you will also need to execute the following command for the account used to run the admin app pool –
    •  stsadm –o updatefarmcredentials –userlogin -password -local\name>
    • Then run iisreset /noforce.
  • You will have to remove the “Administration Application Pool Credential Deployment” job that gets created (if it still exists) using the timer job definitions page (otherwise it will prevent you from progressing through the next steps). You can delete it using “%commonprogramfiles%\microsoft shared\web server extensions\12\bin\stsadm” -o deleteconfigurationobject -id “d36cd1d0-4f27-490a-842a-80e587110411”
  •  Then to update the other moss site app pools –
    • Stsadm –o updateaccountpassword –userlogin -password \name>
  • If you happen to use the same account to drive the admin site and the web site(s) (naughty) then you will need the noadmin switch eg
    • Stsadm –o updateaccountpassword –userlogin -password [-noadmin]\name>
  • The Web site app pools for the non-admin sites should take care of themselves once you do the Farm Admin account, but if not then just use the “UpdateAccountPassword” function on the server to resolve the issue.

Then you will need to fix the SSP’s…

  • From the server running the SSP you need to run the following command for each SSP that uses credentials to operate (like ECS and FS), except for the search services (they’re next) –
    • stsadm -o editssp -title -ssplogin -ssppassword \name>
  • You then run the following commands for the search services
    • stsadm -o osearch -farmserviceaccount -farmservicepassword
      and…
    • stsadm -o spsearch -farmserviceaccount -farmservicepassword
  • You now need to go into the search service section of the UI and change the indexing and crawling accounts if required.
  • Lastly, the SSO Service has to be changed using the Services Applet in the Administration Control section of the server it runs on.
At this point, an IISReset is probably a good idea (a reboot is an even better idea) – once this is done, attempt to access each affected area of the farm and verify that they are all now functioning correctly. If you still see some issues, use the relevant part of this guide to try and reset the credential information. Eventually (after 4 attempts) I moved past the first set of steps to change the Admin site app pool account – the rest was plain sailing from there.
And this helped me a lot and i saved my job. 🙂


By Indra

SharePoint Architect

Leave a Reply