I have a customer who has received a global directive to ensure that all account passwords are changed every 90 days. This includes services accounts. This client runs a central node and a rim node Qlik Sense installation.
We have changed the Qlik Sense services account passwords on the central node (and even the PostgreSQL superuser password), and the central node works fine.
However, when we change the services passwords on the rim node, the rim node fails to work properly - and lsass.exe consumes bucketloads of CPU. If we change the passwords back on the rim node, it all works again - and lsass.exe is negligible.
Based on a warning paragraph in the upgrading qlik sense help at https://help.qlik.com/en-US/sense/2.2/Subsystems/Installation/Content/InstallationLicensing/Upgradin..., our hypothesis is that the central node somehow has a record of the services accounts and passwords used on the rim node - potentially in the repository or in the host.cfg or some other such file.
Is this correct?
If so, can we change that record or somehow do a one directional repository synchronisation from the rim node to central node to update that information?
Or are we looking at a clean reinstall on the rim node every time we need to change the account passwords?