April 11, 2022 at 7:43 pm
Hello, for anyone familiar with group managed service accounts and SQL Server.
The Microsoft docs for Group Managed Service Accounts state that
...When a gMSA is used as service principals, the Windows operating system manages the password for the account instead of relying on the administrator to manage the password...
and for SQL Server's Service Master Key
... The SMK is encrypted by using the local machine key using the Windows Data Protection API (DPAPI). The DPAPI uses a key that is derived from the Windows credentials of the SQL Server service account and the computer's credentials. ...
Does that mean that each time the GMSA password changes internally , that the SMK is now wrong and needs to be backed up again?
Thanks for clarification anyone can bring.
April 12, 2022 at 8:10 pm
Thanks for posting your issue and hopefully someone will answer soon.
This is an automated bump to increase visibility of your question.
April 18, 2022 at 5:26 pm
I have been using gMSA accounts since SQL2012. I have never found a need to repeat the backup of the service master key as the gMSA password changes.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply