SharePoint Notes

Change Web Application Service Account

Configurations for changing a Web Application account are needed at many different locations including System, IIS, and Database. If you just changed an Application Pool identity directly from IIS, you may get an error message of “Cannot Connect to the configuration database.” So, I recommend you to use the method that SharePoint provides and will describe what SharePoint does when applying it.

How to change to a new account (SPNOTE\SP_PortalApp2) and what happened after applying it.

  1. Create a new account
    ex) SPNOTE\SP_PortalApp2 (current: SP_PortalApp)
    1. Create an account as a domain user
  2. Register the account as managed account and configure it for a Web Application Pool
    1. Move to Central Admin > Security > Configure managed accounts
      - Register as managed account
    2. Move to Central Admin > Security > Configure service accounts
    3. Select a Web Application Pool and the new account (SP_PortalApp2)
    4. Click OK
      - When you click OK, you will see this message. You should run “IISRESET /NOFORCE” on all servers in the farm. Application Pool for each Web App is changed automatically though. Refer to 3.3)
  3. What has happened after applying it?
    - SharePoint automates various configurations to the System, IIS, and SQL Server
    1. The user has added into three groups
      - IIS_IUSRS, Performance Monitor Users, WSS_WPG
    2. Application Pool Identity has changed
    3. The Application Pool is recycled
    4. The user has added to related SharePoint databases (For my environment)
      - Owners: ProfileDB , SocialDB, SyncDB, WSS_Content_Intranet
      - WSS_Content_Application_Pools: SharePoint_AdminContent, SharePoint_Config, StateService
      # ex) WSS_Content_Intranet (http://intranet.spnote.dev)
      * When you change the service account to another one ex) SP_PortalAppNew and delete from Managed Accounts, the SP_PortalApp2 still exists in WSS_Content_Intranet Database. This means SharePoint doesn’t delete the user(SP_PortalApp2) from the Database automatically.
  4. Access to the site (http://intranet.spnote.dev)
    1. I faced the error “Cannot Connect to the configuration database.”
      - At this time I didn’t run the IISRESET and you may notice all credentials must be updated. If you have multiple servers in a farm, then this PowerShell script may help you.
    2. Run the IISRESET /NOFORCE
    3. Access again
      - Fill account information
      - It works fine