This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 19%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
I have a two-server deployment: MBAM application webserver and MBAM SQL database server. I was required to change the passwords of the service accounts, both IIS and SQL.
Active Directory changed the passwords in AD and going to the SQL is good.
However, the MBAM IIS server will not bring up the website. The error is "HTTP Error 503: Service is unavailable".
With research I found IIS -> Application Pools -> Advanced Settings -> Identity, showing service account name and a little box to click that brings up a small window to change the password. When I enter the same password that was changed in AD and confirm, the error says "The specified password is invalid". The password is 16 characters with upper and lower letter, numbers, and two special characters. I have the old password, but in that box is no place to enter it.
Then I have to change the password in /Reports/Pages/Folder.aspx, but right now the entire website is not loading.
Our technical guy on this task left us, so the managers want me to fix it and I've never done this before....
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
the IIS pool account identity entry only allows passing login info. it does not support change password. you change the password in ad, then just update the password in IIS.
note: when you give IIS the login/password, it tries to login to validate the combo. the error means you did not enter the correct current password. also be sure the IIS account is a domain account and not a local account (which would have its own password).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 24%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESW%3C/text%3E%3C/svg%3E)
You can try the following steps to change the password in iis:
For IIS, locate the application pool that server is using, right click on it, click advanced settings, click the Identity box in the Process Model section, click the three dots on the right of the box, click the Custom Account radio button, click Set, enter your MBAM service account name and password, and click OK.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
SamWu, thank you for trying however that is exactly where I previously found and described in my question. When I tried to use that "Set Credentials" box to enter a new password from Active Directory, the error message says, "The specified password is invalid".
Will I have to re-install the entire MBAM client software and IIS using the wizard in order to change the password? I hope not because some organizations require regular password changes for security reasons.
SamWu, the KB2639518 doesn't really specify which account or what type of account to use when trying to access the MBAM site ".../Reports/Pages/Folder.aspx".
With DBA help, we looked at SQL Reporting Services and don't see 'MaltaDataSource' listed anywhere.
This two-server MBAM setup was installed by someone else and worked for 2 years before we had to change the service accounts passwords: both the IIS and SQL.
We changed the password in Active Directory for both, then changed the IIS in the Application Pool as you described.
Documentation should exist as to exactly where to change the password for the MBAM-SQL-SVC in the webapp where it connects to the database. There is more than one place to change the password and that is the confusing part.
Please point me in the right direction.
Thank you!
Thanks for that information, but if the Server Manager -> IIS ... does not support changing password, then where/how does the password get changed? Do we have to completely re-install the MBAM BitLocker server software with the wizard in order to have a different password? Some organizations want the service account password changed every year, or 6 months or even every 3 months.
you change the password in the AD first. Then update IIS with the new password.
If IIS set password, gives an error, then you are not using the correct password. the set operation tries a test login.
This answer was partly correct and got me in the right direction.
Ok we got the IIS part working but wasn't because the password was entered incorrect. It's because when the Active Directory guy changed the IIS service account password, he didn't manually advance the expiration date forward. So that's why the IIS didn't accept the password change. When I would put the new password in IIS, it would try test login and the AD kept reporting that the password was expired. So we fixed the date in Active Directory, logged into the IIS and it accepted the password, then I checked BitLocker and the webserver interface worked again, but with the SQL error for "MaltaDataSource". Before anybody here goes to find that, I have found the Microsoft page explaining that, but it's doesn't quite work in my organization because of extra security. The server admin does not have the required credentials to log into that spot at "Folder.aspx", but at least the IIS part is solved.
A trouble ticket to Microsoft Enterprise support was helpful. They suggested that the installer was probably not a SQL Admin and to check MBAM Administrator groups. I analyzed the MBAM groups in Active Directory and asked the Active_Directory guys to check my accounts in MBAM Administrator group. I made a list of all the MBAM groups and what users are in each group. I saw that the MBAM Administrator group is a Privileged Access Group. AD thought to try adding my server admin account to the server's group and I tried accessing thru the SSRS but that didn't work, so then we tried the reports URL from the PC login instead of on the server and with that account logging into the PC, the URL worked to get to the elusive MaltaDataSource page! I entered the connection strings as in examples and the first time gave an error but I tried again and it saved successfully. Then I went to the regular BitLocker Admin console and it produced a normal Enterprise Compliance report. So the problem is now resolved and I have gained experience to do this again when needed.