I'm configuring arcgis server to run on a group managed serviced account. I used the ServerConfigurationUtility command line tool according to this documentation https://enterprise.arcgis.com/en/server/latest/administer/windows/the-arcgis-server-account.htm and it says a password is not needed. However, I got an error 'Invalid password specified for (the group managed service account)'. Our IT told me the group managed service account doesn't have a password. They have also granted the account 'log on as a service' permission. I also tried to change the 'Log On as' for the arcgis server service to this account but the service would not start. How can I configure arcgis server to use a group managed service account? Thank you!
@ShirleyYueLi - just to clarify that you need to update the command below with your domain gMSA account.
ServerConfigurationUtility.exe /username mydomain\enterprise-gmsa$ /writeconfig c:\temp\domainaccountconfig.xml
Tip, open a command window as "administrator" to run the command above.
mydomain\enterprise-gmsa$ - you need to replace this with your domain gMSA account.
Dear all I have the same Issue which was mentioned by @ShirleyYueLi I have created a gMSA account on AD and when switching to use that account on Enterprise 10.9.1 with : ServerConfigurationUtility.exe /username mydomain\enterprise-gmsa$ /writeconfig c:\temp\domainaccountconfig.xml
I got error : invalid Password
however I applied all the recommendations in that support article : How To: Configure ArcGIS Enterprise to Use a Group-Managed Service Account (esri.com) still stuck in that error
@OmarF93 - please open a ticket with Esri Technical Support to investigate the problem further, if you learn anything new then share in this thread to help other people. Thank you. : )
I was also experiencing this error. The root cause for me was that I had just setup the gMSA in the domain. It apparently takes 10 hours for the Kerberos key to synchronize across running servers OR if you can perform a Windows Restart then it picks up the Kerberos key and account during the restart.