May 17, 2021 at 8:57 am
We use group managed service accounts for running the SQL Server 2017/2019 sqlserver.exe processes on Windows Server 2016 in an AD domain. As far as I know this is recommended by Microsoft. This worked well for at least 1 year, but since 4-5 months we have the problem that some of these group managed service accounts (seems to be randomly distributed) are not able to receive their password from the domain controller anymore, therefore sqlserver.exe could not start up. If we execute
Set-ADServiceAccount -PrincipalsAllowedToRetrieveManagedPassword
the sqlserver.exe process starts up again.
Does anybody has an idea or give a hint what is causing this problem?
PS: Yes, I have asked the AD guru, but he couldn´t work out any solution. As a temporary solution he recommended the use of classical service accounts.
May 17, 2021 at 3:58 pm
Thanks for you help.
The hotfix is described as available for: 6.2.920 0.20 xxx Windows 8 and Windows Server 2012
If we get the issue on a test server I will give him a try, but as mentioned not every server with gMSA and SQL Server is concerned.
September 6, 2022 at 7:02 am
This was removed by the editor as SPAM
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply