Managed Accounts in SharePoint 2010 / 2013

Had an issue today where I was trying to add in all the managed accounts required for a new farm I was provisioning – in SharePoint 2013, you can tick the “auto-change password” checkbox and it will change the password IF the policy is set to change the password (say every 43 days like it is by default in a new domain).

Sweet, right? So i ticked the checkbox and hit OK, and got an error…

Access denied.  Only machine administrators are allowed to create administration service job definitions of type: Microsoft.SharePoint.Administration.SPGeneratePasswordJobDefinition, Microsoft.SharePoint, Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c.

Then every time I tried to go back into the UI I would get an error:
Object reference not set to an instance of an object.
Yep, plenty of info there… but unfortunately the ULS logs were not much better…

Application error when access /_admin/ManagedAccounts.aspx, Error=Object reference not set to an instance of an object.   at Microsoft.SharePoint.ApplicationPages.ManagedAccountsDataSourceView.FillDataTable

Theory of what went wrong:
It’s possible I was not running Central Admin website in Administrator mode and so even though I was logged in as a local administrator, the site failed to “talk” to the local machine timer service. For whatever reason, the error occurred but SharePoint believed the timer job HAD been created… and so next time I opened the page it tried to enumerate through the Managed Accounts along with any “password change” timer jobs associated with each account… and threw a “missing object” error (Looks like this piece of code was missing the “catch”).

Solution:
Remove the unattached Managed Service Account using the following Powershell script, replacing the domain and username with the ones for the account you have just added…

Remove-SPManagedAccount -Identity DOMAIN\UserName

All done!

Advertisements

About Brad Saide

I'm a SharePoint consultant. I'm also slowly going bald, seem to have a permanent spare tyre around my waist and enjoy socialising with friends over a beer or 10. The last 2 may possibly be related. Started working with SharePoint when the first version was in limited beta release (participated in the Technology Adoption Program while at Woolworths) and have been committed to the adoption of the technology as a business enabler ever since.
This entry was posted in Uncategorized. Bookmark the permalink.

3 Responses to Managed Accounts in SharePoint 2010 / 2013

  1. jlsfernandez says:

    Hello

    so how did you add the Managed Account with “auto-change-account” ?

    Thank you in advance

  2. Andre Marion says:

    I too had this error and had to delete the account using PowerShell (thank you for that). However, you didn’t explain how you were able to create a new managed account with the auto-change password setting enabled.

    I found another blog that mentioned you have to create the new managed account first WITHOUT the auto-change password checkbox enabled and then you can go back into the managed account after it has been created and edit the setting and then enable the auto-password change and it seems to work at this point.

    I think this is a bug in SharePoint 2013 and should be fixed. Has anyone reported it to Microsoft? Could you do that for us?

    Thank you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s