group managed service account for arcgis server

ShirleyYueLi · ‎02-22-2024

I'm configuring arcgis server to run on a group managed serviced account. I used the ServerConfigurationUtility command line tool according to this documentation https://enterprise.arcgis.com/en/server/latest/administer/windows/the-arcgis-server-account.htm and it says a password is not needed. However, I got an error 'Invalid password specified for (the group managed service account)'. Our IT told me the group managed service account doesn't have a password. They have also granted the account 'log on as a service' permission. I also tried to change the 'Log On as' for the arcgis server service to this account but the service would not start. How can I configure arcgis server to use a group managed service account? Thank you!

Scott_Tansley · ‎02-22-2024

If the server (host machine) is registered by your SAs in the gMSA then it will just work. There is no configuration on the ArcGIS Server side. It's simply just a case of entering the gMSA account details as stated. All the configuration is completed by your sys admins.

If the command line is not working for you then try the GUI approach described here: https://enterprise.arcgis.com/en/server/latest/get-started/windows/what-s-included-with-arcgis-serve...

Scott Tansley
https://www.linkedin.com/in/scotttansley/

MarceloMarques · ‎02-22-2024

ArcGIS Server account—ArcGIS Server | Documentation for ArcGIS Enterprise

ServerConfigurationUtility.exe /username mydomain\enterprise-gmsa$ /writeconfig c:\temp\domainaccountconfig.xml

| Marcelo Marques | Esri Principal Product Engineer | Cloud & Database Administrator | OCP - Oracle Certified Professional | "In 1992, I embarked on my journey with Esri Technology, and since 1997, I have been working with ArcSDE Geodatabases, right from its initial release. Over the past 32 years, my passion for GIS has only grown stronger." | “ I do not fear computers. I fear the lack of them." Isaac Isimov |

ShirleyYueLi · ‎02-23-2024

Thank you! I used the configure arcgis server account GUI and command line tool but both got an error: no password specified. Is a password required? Our IT told me there is no password for this gmsa account. What should I ask our IT for?

ShirleyYueLi · ‎02-23-2024

Thank you! I used the configure arcgis server account GUI and command line tool but both got an error: no password specified. Our IT told me there is no password for this gmsa account. What configurations should sys admins do? Thank you!

BillFox · ‎02-23-2024

can you share the info Scott and Marcelo provided directory to your IT team?

MarceloMarques · ‎02-23-2024

ArcGIS Server account—ArcGIS Server | Documentation for ArcGIS Enterprise

ServerConfigurationUtility.exe /username mydomain\enterprise-gmsa$ /writeconfig c:\temp\domainaccountconfig.xml

| Marcelo Marques | Esri Principal Product Engineer | Cloud & Database Administrator | OCP - Oracle Certified Professional | "In 1992, I embarked on my journey with Esri Technology, and since 1997, I have been working with ArcSDE Geodatabases, right from its initial release. Over the past 32 years, my passion for GIS has only grown stronger." | “ I do not fear computers. I fear the lack of them." Isaac Isimov |

ShirleyYueLi · ‎02-23-2024

I used this command ServerConfigurationUtility.exe /username mydomain\enterprise-gmsa$ /writeconfig c:\temp\domainaccountconfig.xml but got an error "invalid password specified for ..." Is there any configuration we missed for this account? IT has granted 'log on as service' permission for this account.

BillFox · ‎02-23-2024

maybe this will help: https://learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-manag...

MarceloMarques · ‎02-23-2024

@ShirleyYueLi - your gMSA domain account might not have been configured correctly.

Getting Started with Group Managed Service Accounts | Microsoft Learn

| Marcelo Marques | Esri Principal Product Engineer | Cloud & Database Administrator | OCP - Oracle Certified Professional | "In 1992, I embarked on my journey with Esri Technology, and since 1997, I have been working with ArcSDE Geodatabases, right from its initial release. Over the past 32 years, my passion for GIS has only grown stronger." | “ I do not fear computers. I fear the lack of them." Isaac Isimov |