Impersonated user change

[bermudabob]

I'm trying to change the vault service impersonated user to a generic user, but it doesn't work with the user I'm trying to assign.

What do I have to do to change this user? All I can find is the entry in the Web.config file and I've given the new user the same SQL Server access rights as the old user.

Help!

[lbauer]

What do you mean by "generic user?"

What error do you get when trying to use this account?

[bermudabob]

The Vault server was installed to connect to SQL Server by impersonating a user - unfortunately it was set up to impersonate a user who is leaving the company, and company practice is to delete the accounts of people who go.

This of course will stop Vault from working, so we have now have a network account specifically set up that we want to use instead. Unfortunately even though we've set up the new account to match the old user, it doesn't work.

The error we get is: 'Could not get public key from server' when trying to connect to the Server.

[lbauer]

The account used for impersonation needs access not only to SQL Server, but also to other directories used in Vault operations on the Vault Server machine.

In this case the error relates to the permissions on %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys on the Vault Server machine. Make sure the new account has access to this directory.

See this KB article for more security settings for the account:

http://support.sourcegear.com/viewtopic.php?t=1528

Usually the Vault Installer sets these permissions, but if you changed the account without reinstalling, you may need to manually change the settings.

[bermudabob]

Thanks for that - I had a feeling it would be something like directory rights. I downloaded the Identity Switcher tool and its worked perfectly.

Thanks again,

Rob

[lbauer]

Thanks for the update. That's good news. : )