Here is the complete procedure to update the AzureAD Client Secret key used by SESAR for synchronization with Azure Active Directory.

1) Prepare the new key (on the Azure side)

1. In Azure Portal → Azure Active Directory → App registrations.
2. Select the application used by SESAR.
3. Go to Certificates & secrets.
4. Create a new secret client.
5. Copy the secret value immediately (the Value , not the Secret ID).
   • Important: Azure only displays the Value once.

2) Locate the next synchronization in the trace file

Before stopping the service, you must locate the Trace_YYYY_M.log file, which contains SESAR events. By default, it is located in:

C:\Secure Exchanges inc\SESAR

Open the file, go to the end and find the following line:

Sync next lookup at YYYY-MM-DD 00:05:58 ** You can stop the service before that time

This will tell you what time the next synchronization will take place. Stop the service before that time, or wait until after the synchronization is complete, to avoid losing documents that are currently being synchronized.

3) Stop the SESAR service on the server

1. On the SESAR server, open Services (services.msc).
2. Locate the service: SESAR (Secure Exchanges Send And Receive) .
3. Right-click and select Stop .

The service must be stopped, as SESAR only loads the configuration at startup.

4) Update the SESAR configuration file

1. Once the service is stopped, replace the instance.json file with the unencrypted file that you kept during the initial installation.
2. Open the file and locate the AzureAD_Secret parameter.
3. Replace the old value with the new value copied from Azure.
4. Save the file.

Important: Make sure you do not add any spaces, unnecessary quotation marks, or line breaks in the secret.

5) Restart the SESAR service

1. Return to Services.
2. Start the SESAR service ( Start / Start ).

Important: Upon restart, the instance.json file will be automatically re-encrypted. Keep a copy of the updated unencrypted file in your secure vault.