AX 2012 client cannot login after domain administrator password changed

Dear all,

Anyone of you faced AX 2012 client cannot login after domain administrator password changed? My AOS server was able to login as normal for all users but terminal server client and local client was not successful even with domain administrator login. AX 2012 logo will appear for few seconds, and then closed automatically. However, the client can login as normal if domain administrator password change back to old password. Any idea what are the things I should take care? Thank you very much.

Did you change the domain administration password for both AOS service account and MSSQL service account ? and then restart services? If not then apply for both service accounts with changed passed and after that restart both services, then try to open AX 2012 client and check.

Dear Manjunadh,

Thanks for your reply. I checked all service accounts as you mentioned but none of them are using domain administrator credentials. Anything else I should take care? Thank you.

Hi all,

Can I have your help please? The issue is not solved yet…

Thank you.

Does eventvwr has any related messages in the client or AOS server when you open AX?

Did you install AX with the domain admin account? If you did then domain admin is the Ax Admin and maybe you should change that in sql or x++

Hi Ashwin,

Thanks for your reply. May I know how to change that in SQL, or X++?

Thank you.

I have found a post how to do it in X++: https://community.dynamics.com/ax/f/33/t/141425

But I haven’t tested this

This is what I would do in SQL:

update userinfo

set sid = ‘SID for the new Admin account’

where 1=1

and ID = ‘Admin’

Where SID for the new Admin account’ is the security identifier for the new admin account, something like S-1-5-21-1083769292-948136857-99485923-22084

Hi,

In order to change the service account for an AOS, the service account must be updated in the Microsoft Dynamics AX 2012 database, tempdb, and baseline database (if it exists). To perform this, the script Grant-DBPermissionsToAosAccount is provided for Dynamics AX 2012 RTM

Since there are differences in the scripts between Dynamics AX 2012 RTM and R2 and other releases you can use a if you have a copy of the Stored Procedures from a working environment that matches your version. The alternative would be to un-install the AOS service and re-install it using the service account you want to use going forward.

Usage

The Dynamics AX 2012 RTM script contains four parameters located near the top of the file. Edit these parameters for each database.

1. Stop the AOS service, and any other AOS’s in your environment. Drain users, if necessary.

2. Update the service account in the Database.
   a. Open the script Grant-AosDatabasePermissions.sql in an editor.
   b. Set @createStoredProcedures to 1.
   c. Set @loginName to the new service account using the format domain\username.
   d. Set @aosServerName to the name of the server the AOS is running on.
   e. Set @aosInstance to the instance number of the AOS.
   i. To determine an AOS’s instance number, open the Services control manager on the AOS server.
   ii. Find the service corresponding to the AOS.
   iii. Note the service name. It will be of the form “Microsoft Dynamics AX Object Server 6.0$-”. The instance number is the XX.
   f. Set @tempDBName to the name of the tempdb on the database instance.
   g. Run the script in the context of the Dynamics AX database.

3. Update the service account in the tempdb.
   a. Set @createStoredProcedures to 0.
   b. All other parameters should remain the same as in Step 2.
   c. Run the script in the context of the tempdb database.

4. (Optional) Update the service account in the baseline database.
   a. Set @createStoredProcedures to 0.
   b. All other parameters should remain the same as in Step 2.
   c. Run the script in the context of the baseline database.

5. Grant folder permissions. Starting in the install location of the AOS, which should look something like %PROGRAMFILES%\Microsoft Dynamics AX\60\Server%INSTANCENAME%, grant the following permissions
   a. \Log – Read and Write
   b. \bin\Application – Read and Write to this folder and all subfolders and files.
   c. \bin\XppIL – Read and Write. Then, add special permissions to “Delete” and “Delete subfolders and files.” This applies to all subfolders and files.

6. Set URL ACLs.
   a. Open an elevated command window.
   b. Execute the following commands to remove the old urlacl and grant it to the new account:
   i. Netsh http delete urlacl url=http://+:/DynamicsAx/Services
   ii. Netsh http add urlacl url=http://+:/DynamicsAx/Services user=<DOMAIN\USER>

7. Change the AOS service account using the Services control manager.

8. Start your AOS, and any other AOS’s that were shut down earlier.

9. Do a refresh on the Dynamics AX 2012 configuration utility for the client configuration and BC configuration. (if you get an error unable to resolve url check step 6 to make sure that account
   has rights to that url) You may run the following command in an elevated command window -

Netsh http show urlacl

And verify the user listed for the Reserved URL http://+:8101/DynamicsAX/Services is your new AOS account.

10. If you have Enterprise portal, restart your SSRS, SSAS and do an iisreset.