Skip to main content
Start a Conversation

Unsolved

A

abspyr

2 Posts

2896

April 5th, 2019 05:00

Support Assist Enterprise with Managed Service accounts

We have started using Dell Support Assist Enterprise for our infrastructure.

For some devices windows domain credentials must be used in order to connect to the (other) managed servers openmanage instance in order to collect data.

Instead of using a typical domain account (with username / password) we would like to use Windows Managed service accounts

(https://blogs.technet.microsoft.com/askds/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting/),

so the Dell Assist will connect to the managed servers with this type of account.

I configured such an account with success. I also added it on the Domain Admins group and also to the Local Administrator group (on each server).

I configured the Support Assist to connect to the managed servers with domain credentials:

username:  DOMAINNAME\service_account$

password: [none, empty]

as this is the way managed service accounts should be configured, but it does not work (wrong credentials).

Is is possible to use managed service accounts with Support assist? If yes, how we configure them?

 

Thank you.

 

DELL-Stefan R

Moderator

 • 

790 Posts

April 12th, 2019 03:00

Hi abspyr,

very interesting question :)

Well for me, I can't tell you, but I already asked the L3s on this and here we go with the next steps.

1st task: Q: Is there any specific reason that you created a domain service account with an empty password? 

2nd task: Get me the application log with debug information. Instructions as follows:

  1. Open log4j2.xml file from location C:\Program Files\Dell\SupportAssist\config

  2. Modify as highlighted below:
    debug">
    debug" additivity="false">
       
       

    debug" additivity="false">
       


        debug" />
        debug" />
       

    debug" additivity="false">
       
       


  3. Restart Dell EMC SupportAssist Enterprise service.

  4. Try your scenario after enabling debug log and get me the logs. (file location: C:\Program Files\Dell\SupportAssist\logs\application.log)
    You may upload them on any cloud portal or easily sent them over via email.

I'll forward the logs to our engineering and keep you posted.

Thanks and Cheers
Stefan

DELL-Stefan R

Moderator

 • 

790 Posts

April 15th, 2019 06:00

Hi abspyr,

no worries, I'll wait :)

Cheers
Stefan

abspyr

2 Posts

April 15th, 2019 06:00

Hello Stefan,

thank you for your reply.

This type of account, is a special one, which does not require a password. The password is auto-renewed by the system. We would like to deploy it like this for better security reasons.

In the link I have on my first post, it is in detail how it works and why it is used.

I will proceed with the next steps within this week and write back to you.

 

Thank you again

DELL-Stefan R

Moderator

 • 

790 Posts

April 25th, 2019 06:00

Hi abspyr,

thanks for sending the logs.

In the meantime, I received an answer from the Engineering team for SupportAssist Enterprise and they have confirmed that they don’t support domain account without passwords.

So the way you wanna use it is not possible. You have to use at least one Account with a password to use it.

If I receive anything else I'll let you know.

For now, this seems to be solved as it works as designed.

Cheers
Stefan

View More

View All

No Events found!

Top