What to do when SharePoint managed account passwords are already expired

Suddenly your SharePoint installation stops working…
You’re seeing HTTP 500 errors even on Central Admin…
The ULS logs contains errors such as:

Unknown SQL Exception 0 occurred. Additional error information from SQL Server is included below. The target principal name is incorrect. Cannot generate SSPI context

This can happen when the various service accounts for SharePoint are no longer able to authenticate due to expired passwords. By default SharePoint wont proactively change that password even if AD policies require them to be changed. And, as admin you don’t even know what the old password is.

Firstly, you can see which service accounts are used by SharePoint using PowerShell’s Get-SPManagedAccount cmdlet. Use the ‘Active Directory Users and Computers’ tools to reset the password of those accounts to something you know.

Secondly, get Central Admin up-and-running:
RDP to the SharePoint Server
Open IIS Manager
Find the Application Pool that hosts Central Admin and open its advanced settings.
The ‘Identity’ row, lists which managed account is used for Central Admin. Hit the … button and enter the account and its new password
Restart the application pool
Central Admin should be available now. If not, try an IISRESET

Finally, use Central Admin to update the service accounts
Go to SharePoint Central Administration->Security->Configure managed accounts.
Click Edit on each account and do the following:


  1. Select “Change password now”

  2. Click “Use existing password”

  3. Type the password, and then click OK

  4. You might want to enable the option “Enable automatic password change” now. As this will avoid the problem from occurring again