Hi,Hello,
hmm, with domain trust, it should work (that was not mentioned initially as far as I see).
During gMSA testing I figured out a couple of test steps. Do they all work for you?
1) use the "Test-ADServiceAccount" cmdlet on all involved machines (VM, guest interaction proxy, VBR server)
- The command can be installed with Add-WindowsFeature RSAT-AD-PowerShell
- this command must return "true". otherwise AAIP will failBest regards,Code:
Test-ADServiceAccount svc_gmsa04
Hannes
On my guest interaction proxy, I have done;
Install-WindowsFeature -Name RSAT-AD-PowerShell
Install-ADServiceAccount "DOMAIN\gmsa01$"
Test-ADServiceAccount "DOMAIN\gmsa01$"
These command return True
On my SQL VM, I have done;
Add-LocalGroupMember -Group "Administrators" -Member "DOMAIN\gmsa01$"
Assign DOMAIN\gmsa01$ as sysadmin on the SQL Server
With this done, my VMware AAIP backup job completed successful for the SQL VM, no warning/error.
However, the SQL Transaction Logs Backup job for the same SQL VM show error with: Failed to create a process token for MSA account.
Does this mean, I must also run the same command below on every SQL VM that need logs processing, so that it can access the gMSA?
Install-WindowsFeature -Name RSAT-AD-PowerShell
Install-ADServiceAccount "DOMAIN\gmsa01$"
Test-ADServiceAccount "DOMAIN\gmsa01$"
Statistics: Posted by Nas — May 28, 2025 3:29 pm
