When using the "Change password for Windows Services started by this account?" on a "Windows AD" platform TPAM does not update the service account passwords.
"Reset Password" logs for the managed account show the following error:
TPAM uses WMI/DCOM to update the service account password, 0x80070005 (E_ACCESSDENIED) means the functional account is not priviledged to remotely connect via WMI/DCOM and/or update the service password
- Ensure the WMI/DCOM permissions are correct allowing remote access and access to update information. With default Microsoft permissions the functional account will need to be a domain administrator, otherwise the functional account will need to have the rights delegated and UAC disabled.
- Ensure you can run WMI/DCOM outside of TPAM, for example using Powershell command similar to the below to retrieve a service, and update the password.
- Ensure all the required services are enabled for WMI/DCOM to operate.
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center