Please ensure Javascript is enabled for purposes of website accessibility
Powered by Zoomin Software. For more details please contactZoomin

AVEVA™ PI Server Installation and Configuration (PI Server 2024 R2)

Run the PI AF Application Service under a domain account

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
TABLE OF CONTENTS

Run the PI AF Application Service under a domain account

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
  • Last UpdatedOct 02, 2024
  • 2 minute read

If you are upgrading older versions of PI AF, you may need to remove the privileges for the NetworkService account on the SQL server, as described in Remove NetworkService account access to the PI AF SQL Server database.

For security reasons, we recommend that you change the PI AF Application Service to run under a domain account when the PI AF Application Service and PI AF SQL Server database are running on different machines. This provides you with the most secure method for protecting your PI AF and SQL servers.

  1. Identify the domain account that you want to use for the PI AF Application Service.

  2. Add a domain user to AFServers local user group.

    The PI AF Application Service gets the required access to the PI AF SQL Server database through this local group on the SQL Server database computer.

  3. Open the Services administrative tool on the PI AF server computer.

  4. Right-click the PI AF Application Service and select Properties.

  5. Click the Log On tab and change the account to a domain account, using the DOMAIN \account format, or click the Browse button to search for and select the domain account to use.

  6. Enter the account's Password twice, and click OK.

  7. Right-click the PI AF Application Service and select Restart.

    A message appears indicating the service is being stopped, and then started. The service is now running under the new account.

  8. For upgrades, you may need to remove the previous account’s access to the PIFD database, if it no longer requires access. If the previous account that had access was NetworkService, it can be removed, as described in Remove NetworkService account access to the PI AF SQL Server database.

  9. Reconfigure the properties on the PI AF server to reference the new PI AF Application Service account:

    1. In PI System Explorer, select File > Connections.

    2. Right-click the PI AF server in the list and click Disconnect, if it is available.

    3. Right-click the PI AF server in the list and click Properties.

    4. For UPN authentication, type the name of the account under which the PI AF Application Service runs. For example: DomainName\AccountName. For SPN authentication, which is the preferred option for Kerberos authentication, leave the account field blank.

    5. Click Connect.

    If PI System Explorer cannot make connection to the PI AF server, see Cannot connect to PI AF server.

    1. Click OK.

  10. Click Close.

TitleResults for “How to create a CRG?”Also Available in