Change passwords for single sign-on (Office SharePoint Server)

  • Article

Applies To: Office SharePoint Server 2007

This Office product will reach end of support on October 10, 2017. To stay supported, you will need to upgrade. For more information, see , Resources to help you upgrade your Office 2007 servers and clients.

 

Topic Last Modified: 2007-05-09

Use this procedure to change the password for using single sign-on (SSO). SSO manages credential information for various elements, such as external content sources and Web Parts, and provides access to external services. It does this by mapping user credentials to back-end data systems. If the SSO account password expires and is not updated, the SSO feature will not be able to manage credential information.

Note

By default, the Microsoft Single Sign-On service uses the LocalSystem account. The password does not expire for the LocalSystem account and therefore the password will have to be changed for the service only if a domain account is assigned to it.
The problem might be that the service is not started.
By default, the service is configured to be started manually. If the service is not running, you will receive an error when you try to configure the single sign-on settings in Central Administration. You might want to configure the service to start automatically when Windows starts. To do this use the Configure the Single Sign-On service to start automatically [optional] procedure.

The Microsoft Single Sign-On service stores the credential information and will continue to function even after the password has expired. However, if the service is restarted, the stored credential information is lost, and the Single Sign-On service cannot be started until the credential information is updated.

Before you perform this procedure, confirm that the Single Sign-On service is running. By default, the Single Sign-On service logon is a domain account. Therefore, the logon password might also need to be updated periodically. If the password expires, the service cannot be started.

You can change the password using either the "Change the password for the Single Sign-On service using the Service Control Manager" procedure or the "Change the password for the Single Sign-On service using Central Administration" procedure. The procedure must be run on all farm servers.

Note

These procedures can be performed only after the password has been changed on the domain controller. The credentials entered are checked against those on the domain controller. If you enter the new password before the password has been changed on the domain controller, an error will result and the settings will not be changed.

Note

To save the changes, you must restart the Single Sign-On service. This will cause the services that it provides to be momentarily unavailable while the Single Sign-On service restarts.

Important

The credential information for this account must be changed on all farm servers.

Important

Membership in the Administrators group on the local computer, or equivalent, is required to complete the following procedures. Membership in the Farm Administrators group (WSS_RESTRICTED_WPG Windows security group) is not sufficient to complete these procedures.

Change the password for the Single Sign-On service using the Service Control Manager

  1. In the Services snap-in in the Microsoft Management Console (MMC), right-click the Microsoft Single Sign-On service and then click Properties.

  2. In the Properties dialog box, on the Logon tab, type the new password in the Password and Confirm password boxes.

  3. You must restart the service for the changes to be saved. On the General tab, under Service status, click Stop to stop the service.

  4. When the service has stopped, click Start to start the service.

  5. Click OK to save the changes.

Configure the Single Sign-On service to start automatically [optional]

  1. In the Services snap-in on the MMC, right-click the Microsoft Single Sign-On service and then click Properties.

  2. In the Properties dialog box, on the General tab, select Automatic from the Startup type drop-down list menu.

  3. If the service is not started, under Service status, click Start to start the service.

  4. Click OK to save the changes.