On Friday my team had to change the Service Account of SQL Server/Agent service on one of the instances. Nothing new to a DBA. The DBA had all the details with him and changed the service account in SQL Server Configuration Manager and entered the new password. But he got an error that the password was not valid. Assuming that the password was incorrect he asked the System Administrators to reset the password of that account. Err, by that time he realized that he was using the wrong user account! But our System Administrators team is very fast when the DBA does not need them to be. Since the account whose password was reset, was being used across many instances DBA got it changed to the original password.
Now the DBA was truly awake and gathered the correct login credentials for the new service account. All he wanted to do was to enter the correct password, without changing the Server Account login name. To check if he had the correct password, he logged on to the server using the credentials of the Service Account. He could login to the server successfully. He then opened SQL Server Configuration Manager and entered the password. It was not his day and he got the same error.
This is highly impossible. He was entering the password for the account using which he had logged on to the server. Then he tried tried entering the password from Service Control Manager (services.msc), similar error.
Like I mentioned earlier, the Account Name was already there in the format DomainLoginName in the Service properties. The next option was to enter the Login Name again. Instead of typing the Login Name as DomainLoginName, he clicked on the Browse button. The next screen made it very clear. Even though the account name was correctly entered as DomainLoginName, the Server Control Manager was searching for that account within the same server.
The From this location field in the above screenshot was populated with the local server name. Then clicked on Locations button and selected Entire Directory in the next screen, so that it looks for the Login Name in the Active Directory.
Then he entered the Login Name in the Enter the object name… field and clicked Ok. As earlier, the Account Name was populated with DomainLoginName, the only difference was that the Service Control Manager will look it up in Entire Directory. Now the DBA entered the password and clicked Ok. No error message and the service started successfully.
Not a technically challenging issue, but was enough to jolt the DBA for a while.