42 questions
0
votes
0
answers
90
views
Using gMSA account for SQL Server JDBC connection
Is it possible to use gMSA account for SQL Server JDBC connection in my own java application?
If possible please anyone can help me though the steps?
I am trying to start my java application on ...
- 71
0
votes
1
answer
162
views
How to Negotiate authentication with gMSA account in ASP.NET Core app running on Kestrel
I have an ASP.NET Core Web API that runs as a Windows service under gMSA (group Managed Service Account) in test on-prem AD environment using a Kestrel web server.
App uses Negotiate authentication (...
- 1
0
votes
1
answer
183
views
Connect SQL Without Using NTLM
Trying to connect to SQL Server without using NTLM. The instance services are using a gMSA account.
$instance = "SERVER.DOMAIN.LOCAL\INSTANCE"
$database = "DATABASE"
$...
- 160
2
votes
0
answers
442
views
How to connect to LDAP using gMSA in C#
I want to bind to to a Directory Object on Active Directory using gMSA in a C# service.
What I am aware (... and able to do ):
If the C# service is running in the context of the gMSA, then following ...
- 1,098
0
votes
0
answers
134
views
Can a group Managed Service Account be leveraged in a C# to make a call to an HTTP client?
We are trying to leverage a gMSA that's been setup on the two servers that talk to each other. One is the web server from which the request is made, wherein we outline the C# code below, and the ...
- 21
0
votes
2
answers
519
views
Kerberos Keytab: Getting error while creating keytab for MSA on Active Directory
I am trying to create a keytab for MSA on active directory using the ktpass command on my AD Domain Controller.
The command I am using is:
ktpass /princ ldap/[email protected] /mapuser TEST\...
- 1,098
0
votes
1
answer
458
views
How to set gMSA account in physical path credentials property for web application
I have web application running successfully in different environments. Currently I am using the same service account for both application pool and 'Physical Path Credentials' of the web application.
...
- 111
0
votes
0
answers
144
views
How can i get a .NET 8 minimal API in a Windows container within Docker Desktop working with gMSA?
Our organization is new to the container game (I know, I know) and we are heavily invested in the Microsoft ecosystem. We use Active Directory and not Azure Active Directory. We are tasked with ...
0
votes
0
answers
298
views
Using multiple gMSA accounts for SQL Server authentication in .NET
I'm working on a project where I have a number of SQL Servers (think lab, acceptance, prod), and a number of databases running on each of them. My application will execute migrations on those ...
- 335
0
votes
1
answer
422
views
How do I access on-prem sql server from Azure Logic App (using on-prem data gateway) and a Gmsa?
I have an Azure "On-premise data gateway" setup and configured to log-on with a Gmsa.
I have a Logic App setup with a SQL "get row" connector as follows:
I want to get the SQL ...
- 81
0
votes
1
answer
2k
views
How am I receiving "Test failed for managed service account..." when my current user is in PrincipalsAllowedToRetrieveManagedPassword?
I have created a Group Managed Service Account in an AWS Managed Active Directory. I am currently logged in on an EC2 instance as a the Admin user.
When I run Get-AdServiceAccount -Identity GMSA_NAME ...
- 49
0
votes
1
answer
291
views
Can’t connect to SQL using kerberos cache
I have Debian instance with ODBC Driver 18, and I'm trying to connect to windows-based SQL instance. For this I get credential cache using credentials fetcher. klist shows that cache is present on my ...
- 399
0
votes
2
answers
5k
views
How do I add a group Managed Service Account to a newly created domain, add to security group, and assign the account to that group of computers?
With a newly create domain, the SQL Servers require a group Managed Service Account (gMSA) to run their services. What are steps from assigning a Kerberos capability to the gMSA through creating the ...
- 483
0
votes
0
answers
73
views
gMSA scheduled task cannot connect to S3 host
I've created a powershell script that collates specific files from all servers in a domain to a central management server, and then compresses and uploads to our cloud service providers S3 bucket (not ...
- 41
0
votes
1
answer
237
views
Getting CORS denied GMSA for MSSQL in appconfig.json of Angular + .Net project
We have hosted a few Angular and .Net Services. In the same server, we have MSSQl configured. When all the service's app pools in IIS, MSSQL Services etc were assigned to the my id, appication was ...
- 85
1
vote
1
answer
381
views
Use gMSA for Hashicorp Vault mssql credential rotation
I want to start using Vault to rotate credentials for mssql databases, and I need to be able to use a gMSA in my mssql connection string. My organization currently only uses Windows servers and will ...
- 11
0
votes
1
answer
132
views
AAD connect provisioning credentials
How can I find the credentials for this?
Please see image below.
- 25
4
votes
1
answer
3k
views
Creating a service with a gMSA account using New-Service
Is it possible to use the New-Service command to create a service using a gMSA account? I tried creating the credentials with a blank password but it fails because ConvertTo-SecureString expects the ...
- 1,642
0
votes
1
answer
753
views
How to debug a Visual Studio 2022 console application running as a service using a gMSA
I am building a .NET 6 application in C# using Visual Studio 2022. The application has a worker service that runs a console application. A Group Managed Service Account (gMSA) has been created for me ...
- 3,165
1
vote
0
answers
221
views
How to make Kubernetes container/pod running as GMSA account work with SQL Server FILESTREAM table
We have the following setup in our infrastructure:
ASP.NET Core service running in a Windows container/pod running in Kubernetes on a domain-joined Windows host (we have tested with both nano and ...
-1
votes
1
answer
4k
views
How to start process as gmsa account?
I collected bits and pieces of code about gMSA accout password. There are few articles mentioning how to get password but none of articles verifies fetched password. I created new GMSA account and ...
- 1,032
1
vote
1
answer
673
views
Start Process within Windows Container as a domain user
I have a Windows 2019 container started with a valid CredentialSpec from a valid working gMSA account. It currently hosts a .NET 4.x application on IIS with Windows Authentication working just great. ...
- 1,781
0
votes
0
answers
2k
views
Trouble using gMSA on IIS pool identity
Done various searches and I believe I have everything right, but things still aren't working correctly.
I've installed the gMSA and get a true when running Test-ADServiceAccount. I've added the ...
- 13
1
vote
0
answers
2k
views
Execute commands using gMSA account
I need to fetch the VM details using gMSA account
$Username = 'domain\gMSA-Auto$'
Connect-VIServer -server 192.xxx.xxx.xxx -User $Username
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -...
- 589
2
votes
2
answers
23k
views
Start PowerShell As A Group Managed Service Account
How do I start PowerShell with a gMSA account. I right click on the PowerShell icon, run as different user, then input domain\msa$ with no password. It errors out about credentials being incorrect.
I'...
- 513
4
votes
0
answers
3k
views
Connecting to SQL Server with Integrated Security within Windows container
I am working on being able to connect services hosted within a Windows container to SQL Server using Integrated Security.
As per the Microsoft documentation, I have created a grouped managed service ...
- 59
1
vote
2
answers
316
views
Classic ASP/MSSQL Authentication Issue using CredSpec
I'm currently trying to make some improvements to some old (and soon to be phased out) infrastructure in preperation for a move to .NET core. We have a small feedback form which writes into a SQL ...
- 123
2
votes
1
answer
26k
views
Deploy gMSA account as task scheduler user account
I am trying to create a task on windows 2016 server, and need to deploy gMSA account as the log on account and below is the script i am using, i need to ensure that the option- "Run whether user ...
2
votes
1
answer
5k
views
PowerShell script using gMSA and Get-ADGroupMember
We have a PowerShell script that will enumerate the members of a specified AD group and then will create a text file with login ID and Name. The script will when create an email to Managers informing ...
- 31
2
votes
2
answers
1k
views
Issue getting credential spec (gMSA) working in docker-compose
I have a gMSA credential spec working with docker run but not with docker-compose. Details for the compose file and the docker run command are below. I'm completely lost as to what I'm missing. I did ...
- 41
1
vote
1
answer
105
views
Create gMSA with managed AD on google cloud
For a POC for using AD on the google cloud with kuberenetes, I created a managed active directory, as is described in this link.
To add a gMSA account for the AD, I looked at this documentation.
It ...
4
votes
0
answers
1k
views
Running aspnet core in docker with sql server integrate security
I'm working on getting an aspnet core app running in docker using gMSA. I've created a security group, created a gMSA, and created a credentials spec file using this article - https://learn.microsoft....
- 6,894
2
votes
1
answer
594
views
Can we Impersonate gMSA account in Delphi?
I need to use gMSA account to connect SQL Server from my delphi application. So, can I use delphi's LogonUser() to get handle to impersonate this gMSA account? If yes, what password I need to supply ...
2
votes
2
answers
5k
views
Can gMSA be used between trusted domains?
Can gMSA accounts be used across two trusted domains? Say there is a DomainA which has gMSA account, and security group that is allowed to retrieve password for the gMSA account. And there is a server ...
3
votes
1
answer
883
views
Use gMSA account in TFS pipeline
Can we use gMSA account in TFS Release pipeline? I am trying to use gMSA account for 'Windows Machine File Copy' task but since I don't have the password for gMSA account, I specify an empty string.
...
- 649
2
votes
0
answers
238
views
Make a call with a gMSA account
My system administrator made a gMSA for me to use with my work with containers. I am able to do the simple things with it (like test that it is working correctly).
But I cannot figure out how to ...
- 82.1k
0
votes
1
answer
545
views
Robocopy, ScheduledTask and gMSA
Using a powershell script with robocopy launch by gMSA is not working ...
I write a little script to copy 2 directories in powershell with robocopy and it works.
I use it with the task sheduler, with ...
- 91
1
vote
1
answer
2k
views
How to create GMSA account via C#
I have tried to look for the c# code example to see how the AD service account is created but not much luck. Anyone can provide an example code for creating AD service account please?
I have tried ...
- 11.4k
1
vote
1
answer
1k
views
Access Azure Files with GMSA Account
I want to have Microsoft SQL Server Agent Jobs run under a GMSA account, but they need to have access to an Azure Files container in an Azure Storage account.
Everything I've found so far points to ...
- 867
2
votes
0
answers
2k
views
Check group membership of group managed service account (gMSA)?
I have an IIS application running a .Net app as a gMSA that needs to perform an action on a remote .Net Web API using Windows authentication. The gMSA is also a member of a special group that should ...
- 91
5
votes
1
answer
11k
views
Where is the MSA operational log?
I have created a gMSA like this:
New-ADServiceAccount -name Cust00000 -DNSHostName Cust00000.domain.com -PrincipalsAllowedToRetrieveManagedPassword "IIS_IUSRS" -ManagedPasswordIntervalInDays 60
And ...
- 3,551
3
votes
0
answers
940
views
Run AspNet Core app in docker using GMSA
I'm trying to use GMSA for SQL connection from AspNet core application. All the prep steps are done, but it appears it does not work. I guess the reason is that the application is started with "dotnet....
- 22.3k