Changing the database password

After you install the database of the BigFix server, you can change its password by running the following command:

  • On Windows operating systems:
    .\BESAdmin.exe /updatepassword /type=<server_db|dsa_db>
    [/password=<password>] /sitePvkLocation=<path+license.pvk> 
    [/sitePvkPassword=<pvk_password>]
  • On UNIX operating systems:
    ./BESAdmin.sh -updatepassword -type=<server_db|dsa_db>
    [-password=<password>] -sitePvkLocation=<path+license.pvk> 
    [-sitePvkPassword=<pvk_password>]
    Note: This procedure on UNIX also updates the database password for Web Reports, if the Web Reports component is installed on the same system where the BigFix server is installed.
where:
type=server_db
If you changed the database instance password, specify this value to update the password used by the server to authenticate with the database.

If you modify this value, the command restarts all the BigFix server services.

type=dsa_db
If you changed the database instance password on a server of a DSA configuration, specify this value to update the password used in a DSA configuration by remote servers to authenticate with the database.
For example:
./BESAdmin.sh -updatepassword -sitePvkLocation=/mylicenses/license.pvk
-sitePvkPassword=******* -type=server_db
The settings -password and -sitePvkPassword are optional; if they are not specified in the command syntax their value is requested interactively at runtime. The password set by this command is obfuscated.

Changing the database password on UNIX on Web Reports

On UNIX operating systems, to change the database password on the local and remote Web Reports server, complete the following steps:
  1. Stop the beswebreports service:
    service beswebreports stop
  2. Open the configuration file: /var/opt/BESWebReportsServer/beswebreports.config
  3. Go to [Software\BigFix\Enterprise Server\FillAggregateDB] and set:
    Password = "db2newpassword"
  4. Start the beswebreports service:
    #service beswebreports start
    After restart, passwords are obfuscated and substituted again with "" in the configuration files.