Change the SQL Server Service Account password without Server Restart


A couple of weeks ago, we checked-in a feature to Microsoft SQL Server 2005, that allows the various Service Account passwords to be changed, using the SQL Server Configuration Manager, without having to restart the respective services.


NOTE: It is going to be very important that you never use the plain old Windows Service Control Manager (SCM) to manipulate SQL Services.  The SQL Server Configuration Manager does a lot more work in the background to keep security consistent across the installation. 


Previous to this feature, when changing the service account password, if you did not restart the service, after a while (i.e. after the cached authentication tickets have expired), you would notice the following error message when the sqlservr.exe process tried to access remote resources:


Logon failure: unknown user name or bad password.


The above error message requires you to stop and restart the SQL service so the new Service Account password can be read in.  With this recent check-in, you will no longer see the ‘Logon failure’ error message, the new password will be used, without having to stop and restart the service.


NOTE: SQL Server Configuration Manager does not change the password with the Windows Domain.  That still has to be done using the ‘Windows Security’ dialog (i.e. Ctrl+Alt+Del).


This has been an often requested feature, that will increase service up time.  It will be in CTP16 (which we release very shortly).


Comments (4)

  1. Thanks for explaining the behind the scenes action of SQL Configuration Manager. Here is a script I wrote that is specifically designed to change the passwords for all SQL Services on a cluster (also works for a list of machines)

    You modify the listing of machines in the script and then at the command line you supply the username and the password.

    http://www.ilmbestpractices.com/blog/2008/10/changing-sql-service-account-passwords.html

  2. dantes says:

    Does anyone know if what Stuart Padley mentioned – changing the password to the SQL Server Service accountin a cluster without restarting the service – CTP16 –  is in effect?

    Please let me know where I can find the details.

    Thanks,

    Dan