Tip of the Week: RSCM service account credentials

Blog Post created by ken_foster on Jun 8, 2014

The Remote Server Configuration Manager (used to enable the concurrent design features available in most Mentor Graphics PCB flows) is a service that requires credentials in order to run. In the case where the design data is on a remote file system relative to where the RSCM service is running, the service must be authenticated with a user account because the built-in SYSTEM account cannot be used to access data on a remote file system. You can use a regular user account, but most IT organizations choose to use a service account for this purpose. A service account is just like a regular user account except that it's not associated with any particular persons login. Most customers I've seen give it a name like 'mgcrscm' or 'rscmsvc', something like that.


I had a recent case where a customer reported users getting this error when anyone tried to use the RSCM server for their project:


*** Project Initialization Warnings ***

CDB opening failed: Remote Server Configuration Manager (<server name>): Project path [<path to project database>] inaccessible

*** End Of Project Initialization Warnings ***


As it worked fine in single user mode, we quickly ruled out anything wrong on the file server end or with the users own credentials. A quick look at services revealed that the RSCM service was running. Any projects that were started the day before were up and running, and anyone could join those projects for concurrent design, they just couldn't start up any new projects.


The problem with the service account being a regular account is that it is subject to the same password expiration rules as any other user account. When the password for the account expired, it broke the authentication used to access the design data (project path inaccessible). Updating the password for the service account and re-starting the RSCM service restored functionality.


Here are some other useful bits:


1. You can bounce the RSCM service without the need for users to exit projects that are currently running. This will not affect iCDBNetServer processes that are already running.

2. If your design data is on the RSCM servers local file system, you don't need to use a created account to authenticate. The SYSTEM account is built in and doesn't expire.

3. If you have a Windows 2008 Server or higher as your Active Directory Controller, you can define a password policy just for your service account that prevents it from expiring. See Microsoft's knowledge base article:


That's it for this week!