How does SQL server handle the password change of the service account?



  • When installing the SQL server, when asked for the sql service account, I have entered a domain user and its password.

    In future, when the password of the domain account will change, then will I have to open the configuration manager to enter that new password or if this is automatic then how does SQL server handle this process?



  • When a new password is to be used, you need to restart (=stop and start) the service. See the https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/scm-services-change-the-service-startup-account?view=sql-server-ver15 :

    When you change the service startup account for the Database Engine and SQL Server Agent, the SQL Server service (the Database Engine) must be restarted for the change to take effect. When the service is restarted, all databases associated with that instance of SQL Server will be unavailable until the service successfully restarts.

    Now, why does changing the password require a restart? That's because when a process starts, it generates a https://docs.microsoft.com/en-us/windows/win32/secauthz/access-tokens . The token's validity depends on its password. If you change the account password on AD and for the service, the current process still keeps using the old password. In a while, that leads to locking the account, as it tires to re-authenticate with the old (=invalid) password.

    Oh, and don't change the service account's password https://pages.nist.gov/800-63-FAQ/#q-b06 it's too old. If frequent changes are needed, use virtual or managed accounts instead.




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2