Managed service account does not work

Last updated: June 9, 2023 at 09:33

Error:
Install-ADServiceAccount : Cannot Install service account. Error Message:  ‘The provided context did not match the target’

The Test-ADServiceAccount cmdlet gives us a little more to go on:

WARNING: Test failed for Managed Service Account SQLServerGMSA. If standalone Managed Service Account, the account is linked to another computer object in the Active Directory. If group Managed Service Account, either this computer does not have permission to use the group MSA or this computer does not support all the Kerberos encryption types required for the gMSA. See the MSA operational log for more information.

Cause

Windows server is configured not to use RC4. AES should be configured explicitly for service accounts.

Set-ADServiceAccount -Identity <account name> -KerberosEncryptionType AES128,AES256

references:

Cannot install service account. The provided context did not match the target (rssing.com) Group Managed Service Accounts Overview | Microsoft Learn

← Back to Til