Skip to main content

Changing the Delphix OS (Operating System) User's Windows Authentication (Active Directory) Password for SQL Server Environments (KBA5834)




KBA# 5834




You can use Windows Authentication for the Delphix Windows environment user (or OS - Operating System - user), leveraging Active Directory (AD) as the repository and validation for the Delphix OS user passwords, which may require the passwords to be changed after a specified time interval. If there are a large numbers of servers, as well as Delphix engines, that need to be updated, the following procedure is useful to make the changing of passwords less daunting.

There might be more than one environment user.  Typically, there is a primary user, but dSources can be configured for other Windows AD users: Primary Domain user or some other non-primary environment user (which is typically another Domain user), which are all configured in Environment's Details > Environment Users.

When this password changes, the Delphix OS user password may get locked out and will need to be reset. If caught early enough, it will result in login failures and may throw faults and cause job failures, all indicating an inability to login to the environment successfully whether it is the source or target Windows hosts.


Windows account management password change policy.

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases




5.0,,,,,,,,, ,,,,,


4.2,,,,,,, ,,



To correct the affected passwords, complete the following actions:

  1. Stop the DelphixConnector service on all the affected Windows hosts. This prevents any OS user from executing Powershell scripts used to manage Datasets via environment monitoring or job execution.
  2. If you are using Validated Sync on dSources, Delphix connects to each SQL Server instance on the source Windows environment(s) using JDBC once per minute to see if there are new transaction logs or database backups, depending on how you configure Validated Sync. You will need to configure the Validated Sync Mode to stop this polling and effectively stop the password from being passed on to the host and causing more lockouts.
    1. Select your dSource from the dSource page and then go to the Configuration tab, select Data Management, click the "pencil" icon to make a change.
    2. Select the dropdown under Validated Sync Mode and set to None (take note of the current setting as you will need to revert back to this when the password issue is resolved: Transaction Log, Full or Differential or Full). You need to do this if using the OS user (can be environment or domain user, whatever user is affected by the password issue) for the dSource configuration. 
    3. Once you change the password, set the Validated Sync Mode to what it was before it was changed.
  3. Stopping the DelphixConnector service prevents the password from getting locked during environment monitoring and any job executions on VDBs and dSources, as well as scripts used for Validated Sync.  This will allow you to update the password in the Delphix engine Environment page under the Details tab. To make the change select the OS user experiencing the issue under Environment Users, click the "pencil" icon, and change the password in the Password field. Click Validate to verify the correct password has been set.  If this is okay, click Save. The password is now changed to the new password.
  4. A Delphix Support engineer may need to login to the Delphix Engine and temporarily increase the environment monitoring period to delay the Delphix Environment Monitoring Task from logging in, which would cause the password lock out.
    • This will require a support case to be opened if you want to engage Delphix support for this task.