Event 8058. SharePoint 2010 Password Expiration

Topic: SharePoint 2010 Enterprise

Subject:  SharePoint 2010 Password Management

Problem: I keep getting the Event Log Error. “The credentials used for the account domain\user expired on 12/05/06 12:48:50, and need to be updated.  If they are not updated, the system may stop working.  The account is used by…..”

Response: In SharePoint 2010 Managed Accounts can be set to generate new passwords automatically and notify the user before the passwords expires. You can also change the account password manually. The service accounts I use within my development farms have an AD policy set for the password to never expire.  So why do I get an expiration notice?

You can view the options available:

Central Administration

-> Security

-> Configure managed accounts ->

<Edit one of your Managed Accounts>

Funny thing is that I will see my Password update information has a N/A for the next password change.  So who is sending the event saying my password has expired and why?   The “who” is easy it is a timer job which is enabled by default.  The why is a good question.  There is obviously an expiration policy in days that is being picked up by the timer job telling us the password is expired. It definitely is the default expiration date set in AD as I checked out of curiosity.

Solution:

1.      To disable the daily event message if you choose not to use Password management in SharePoint.

2.      Central Administration -> Monitoring -> Review Job Definitions

3.      Scroll and find the job definition “Password Management”

4.      Double Click to Edit the Job

5.      Click Disable

Conclusions:  Before I get the comments regarding “This will make it extra secure”.  Most organizations already have password policies in place and I am not sure I want SharePoint automatically generating passwords for me.  I fully understand the “Least Permissions theory”, etc. this is simply how to disable if you choose not to implement Password Management through SharePoint.

KORITFW