User Databases
– Log on to the RepServer and run
admin who_is_down – All threads must be up, if not fix this first or verify there is a good reason why something is down.
admin show_connections – Make a note of the maint user for the user database, e.g. _maint
suspend connection to <dataserver>.<database>
alter connection to <dataserver>.<database> set password **********
– Log on to to the Dataserver and run
alter login with password modify password ******* — (same as above)
– Log on to the RepServer and run
resume connection to <dataserver>.<database>
admin who_is_down – Everything should be back up again
RSSD
Pre-implementation
– Save RSSD users and syslogins tables
Login to the RSSD containing the RSSD
bcp out master..syslogins
In the RSSD database, run (Enable select into, if not enabled):
select * into rs_maintusers_save_YYYYMMDD from rs_maintusers
select * into rs_users_save_YYYYMMDD from rs_users where username like ‘%prim’
Disable select into, if enabled before.
– Save /sybxxx/sybase/config/.cfg file, for example:
cp -p /sybxxx/sybase/config/.cfg /sybxxx/sybase/config/.cfg.YYYMMDD.pre_password_change
– Copy /sybxxx/sybase/config/.cfg file to the install directory, For example:
cp -p /sybxxx/sybase/config/.cfg /sybxxx/sybase/rep/REP-16_0/install/.cfg
Important note: this is very important as rs_init only updates .cfg in REP install directory
– There might be an issue where the prim account got locked immediately after changing the password in ASE, even though the connection was suspended. To fix do:
alter login modify max failed attempts 0;
.
Implementation
– Make sure that the Rep Server is quiesced (admin health) and no thread is down.
– Change the password in the Rep Server configuration file.
— If the password encryption is not enabled, the password is displayed as a plain text, and you can modify the /sybxxx/sybase/config/.cfg file directly using any editor, then reboot the Rep Server
— If the password is encrypted, you need to use rs_init manually to change the password in the Rep Server configuration file:
Login to the Rep Server host
cd /sybxxx/sybase/rep
. Source the environment file by running SYBASE.sh
Run rs_init to modify the encrypted password of the RSSD maint user
$SYBASE/$SYBASE_REP/install/rs_init
See rs_init details below
Repeat the rs_init process to modify the encrypted password of the RSSD prim user
$SYBASE/$SYBASE_REP/install/rs_init
See rs_init details below
— Important note:
If you plan to modify the password for multiple Rep Servers one after another, it’s possible to use a resource file to run rs_init, in all the runs following the first manual run. To do so, you will have to use the same sa-equivalent account for all the servers in the list (presumably only the nbe fits this requirement, as sybadmin is likely to be different, and sa might not be available at some point). Also, you will have to accept that you will be using the same password for all the Prim and Maint accounts in this run across multiple Rep Servers.
To take advantage of the resource file, save it to a file (see details in section 6, see sample resource files in Appendix A), and then make copies of it as needed:
For the resource file of the Prim and the Maint accounts using the same Rep Server, the only difference in the resource file is rs.rs_cfg_option:
RSSD_maint_pw_enc for the Maint account
RSSD_primary_pw_enc for the Prim account
For different Rep Servers – copy one of the resource files to the next host and then make a few changes.
You may need to change sybinit.component_directory, sybinit.release_directory, sybinit.boot_directory, depending on the installation directory.
You will need to change the name of the config file specified by rs.rs_rs_cfg_file (and remember, full path name under the installation directory, not our standard config directory).
And of course, you will need to change rs.rs_name.
To run rs_init using the resource file, use:
rs_init -r
— rs_init details
Select option 2 – Configure a Server product
Select option 1 – Replication Server
Select option 7 – Alter a Replication Server configuration file password
ALTER A REPLICATION SERVER CONFIGURATION FILE PASSWORD
Replication Server Name:
RS SA user: sa (or sa-equivalent, like sybadmin or nbe)
RS SA password:
Replication Server configuration file:
Configuration file parameter for password:
New password:
Select option 1 and enter the Rep Server Name
Select option 2 if you wish to change sa to another sa-equivalent account (like nbe)
Select option 3 to enter the Rep Server sa (or nbe) password
Select option 4 to change the location of the config file, if the default one is not displayed – it should be: /sybxxx/sybase/rep/REP-16_0/install/.cfg
Select option 5 to enter the name of the configuration file password parameter you want to modify. It should be either RSSD_maint_pw_enc or RSSD_primary_pw_enc
Select option 6 to enter the new password for the maint or prim user.
At this point you will see:
ALTER A REPLICATION SERVER CONFIGURATION FILE PASSWORD
Replication Server Name: Repserver_Name
RS SA user: nbe…
RS SA password: Rep_Server_nbe_password
Replication Server configuration file: /sybxxx/sybase/rep/REP-16_0/install/.cfg
Configuration file parameter for password: RSSD_maint_pw_enc or RSSD_primary_pw_enc
New password: new_RSSD_maint_user_password or new_RSSD_prim_user_password
Ctrl-a Accept and Continue, Ctrl-x Exit Screen, ? Help.
If you want to save the resource file now, press ctrl-w and you will be prompted to enter the file name to use. Enter the full path of the file name. You can then proceed to execute the current session.
Press Ctrl-a to accept and continue.
Execute the Replication Server tasks now? n
Press y to continue
You should see the following messages:
Running task: alter a Replication Server configuration file password.
Replication Server ‘SYBAMR_MICS_UAT_RS03’ can now be restarted.
Task succeeded: alter a Replication Server configuration file password.
Configuration completed successfully.
Press to continue.
Press Enter.
You will be returned to the main menu, where you can select 7 again to repeat the process for the prim account or press ctrl-x to exit and then use the resource file if you saved it.
When both changes are done, press Ctrl-x (three times) to exit.
– Login to the Rep Server:
suspend connection to RSSD_server.RSSD_database
– Change RSSD prim and maint user password in ASE RSSD database:
Make sure that the passwords are entered without quotes around them.
— login to RSSD_server
— sp_password caller_password, <NEWPASS> , RSSD_maint_user
— sp_password caller_password, <NEWPASS> , RSSD_prim_user
– Change RSSD prim and maint user password in RS server:
Make sure that the passwords are entered without quotes around them.
— alter connection to RSSD_server.RSSD_database set password to <NEWPASS>
— alter user RSSD_prim_user set password <NEWPASS>
– Resume connection to RSSD
— resume connection to RSSD_server.RSSD_database
– Check the Rep Server to make sure that all threads are up, and that the Rep Server is quiesced.
– Check the connection of the prim and the RSSD maint users to the Rep Server and the RSSD ASE with the new passwords to make sure that everything is working properly.
If any of the four connection tests is not working, STOP here and fix any problem before proceeding to Stop/Start the Replication Server.
For example:
isql -S -U -X -P
isql -S -U -X -P
isql -S -U -X -P
isql -S -U -X -P
– Move the updated Rep Server config file from the install directory back to our standard config directory:
This is very important step
— mv /sybxxx/sybase/rep/REP-16_0/install/.cfg /sybxxx/sybase/config
— cd to /sybxxx/sybase/config
— run diff .cfg.YYYMMDD.pre_password_change .cfg
You should see that the passwords for the old and new RSSD accounts are different
– Shutdown and restart the Replication server.
– Login to the Rep Server and run admin who, no thread should be down at this point. Check the error log for any errors.
– alter login modify max failed attempts 5;