CloudBlue Technical Support

Resolution

pem_domain user is used by OSA in two places only - IIS FTP service and AWStats service. In both cases this user is required for FTP User Isolation and used for read-only access to Active Directory by FTP service.

Use the following procedure to change password of the pem_domain user:

1. Change password of the user in Active Directory

2. On each OA-managed Windows shared webserver with IIS service, change password of the user in IIS:

   • for IIS > 7.0 (Windows Server 2008 and higher):

     Use Internet Information Services Manager:

     • select PEM FTP Server for Shared Hosting site

     • open FTP User Isolation feature

     • click Set... next to FTP home directory configured in Active Directory

     • enter username (with domain), e.g. DOMAIN\pem_domain

     • enter new password twice

     • restart PEM FTP Server for Shared Hosting FTP site

   • for IIS 6.0 (Windows Server 2003):

     • Using the adsutil.vbs script (usually located in C:\Inetpub\AdminScripts), find FTP site "PEM FTP Server for Shared Hosting"

       cscript adsutil.vbs enum MSFTPSVC
       

       The script will return list of FTP services like in the example below:

        C:\Inetpub\AdminScripts>cscript adsutil.vbs enum MSFTPSVC
       
        Microsoft (R) Windows Script Host Version 5.6
       
        Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
       
        KeyType                         : (STRING) "IIsFtpService"
       
        MaxConnections                  : (INTEGER) 100000
       
        AnonymousUserName               : (STRING) "IUSR_WSSFE"
       
        AnonymousUserPass               : (STRING) "**********"
       
        ...
       
        [/MSFTPSVC/1]
       
        [/MSFTPSVC/145]
       
        [/MSFTPSVC/Info]
       

       We are interested in site IDs in the end of output, in this example they are 1 and 145.

     • For each ID in the output above run the adsutil.vbs script again:

       cscript adsutil.vbs enum MSFTPSVC/${id}
       

       Replace ${id} in the command above with real ID of site.

     • Find ID of the site in the output named as PEM FTP Server for Shared Hosting and run the following script using the found ID of the service:

       cscript adsutil.vbs set MSFTPSVC/${id}/ADConnectionsPassword <new_password>
       

     • Replace <new_password> in all commands in this article with new password of the pem_domain user, which you set in AD on the step 1.

     • restart PEM FTP Server for Shared Hosting FTP site

3. On each server with AWStats - perform the same actions as for server with IIS, but for the FTP site named as PEM Internal FTP Server.

4. In OSA system database, update package properties (they are actually used only during deployment, so this step is only for maintaining database consistency):

   BEGIN; 
   UPDATE property_values SET value = '<new_password>' WHERE value_id IN (SELECT DISTINCT value_id FROM v_props WHERE name = 'windows.domain.user.password');
   COMMIT;
   

Internal content