How to use a domain account instead of the local SeverityPropagation account for Severity Propagation COM object?

Document ID : KB000051897
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

The solution explains how to change the Severity Propagation COM object from running as the local SeverityPropagation user to running as a Domain user.

Solution:

To change the CA Severity Propagation COM object Log on Credentials from the local system account to a Domain User

  1. Choose or create a domain user to use.
    In this example, consider the domain user to be user1

  2. Set the Domain user's password to never expire.

    • Go to Active Directory Users and Computers

    • Right-click the desired domain user name, choose Properties.

    • From Properties, select the Account tab.

    • In the Account options section, select "Password never expires."

    • Click OK.

      Figure 1

  3. Make sure that the Domain user is a Local Administrator on the computer where Severity Propagation runs.

    • From Computer Management (Local), select System Tools, Local Users and Groups, Groups.

    • Open the Administrators group

    • Verify that your domain user name appears

    • If it is not listed, add the domain user name to this list.

    • Click OK.

      Figure 2

  4. Update the Local Security Policies on the computer where Severity Propagation runs: Grant the domain "Logon as a batch job" permissions.

    • From Local Security Settings, select Local Policies, User Rights Assignment.

    • From the Policy list, select Log on as a batch job.

    • Select Local Security Setting tab.

    • If the domain user name is not displayed, add it to this list.

    • Click OK.

      Figure 3

  5. Stop CA WorldView Severity Propagation service and its dependent services.

    • awservices stop

    • camclose (run it twice)

    • sevprop stop

  6. Open TaskManager and make sure that the following processes are NOT running.
    If any of them are running, use the "End Process" button to stop them:

    • sevprop.exe

    • sevpropcom.exe

    • startbpv.exe

  7. Change the user and password in DCOM Component Services

    • Start -> run -> (enter) DCOMCNFG.

    • Expand Component Services -> Computers -> My Computer -> DCOM Config ->
      CA Unicenter severity propagation.

    • Right-click and select Properties.

    • From the Identity Tab change the user and password to the Domain user.

    • Click OK.

      Figure 4

  8. Start CA WorldView Severity Propagation Service and other services that were stopped earlier.

    • sevprop start

    • cam start

    • If running NSM R11.2, use the services.msc to restart the service
      "CA Unicenter Business Process View Management."

    • awservices start

  9. You can now safely disable the local SeverityPropagation account.

    • From Computer Management (Local), select System Tools, Local Users and Groups, Users.

    • Right-click the Severity Propagation User, select Properties.

    • On the General Tab, select "Account is disabled."

    • Click OK.

Note 1: Unregistering & reregistering sevpropcom will recreate the local SeverityPropagation user, and set the DCOM object to use the Local SeverityPropagation account. This process is documented in TEC513180 - Troubleshooting the Severity Propagation Service (SevProp)

Note 2: By default, CA NSM installs the Severity Propagation service to use Local System account, because most services run under Local System account. For services like Severity Propagation and CA Messaging (CAM) you must also select "Allow service to interact with desktop."

Note 3: This configuration has been implemented in a test environment and has been confirmed to work; however, it has not been officially tested and certified by CA. If you encounter problems, it may be necessary to revert to using the local SeverityPropagation account.