Share via

Getting Event String: An attempt to fetch te password of a group managed service account failed

Adelaide Guy 0 Reputation points
2023-02-22T23:43:35.6133333+00:00

Hi, Everyone.

Currently we are getting KCC is down in our App Manager monitoring if run dcdiag /test:kccevent returned warning and errors:

dcdiag /test:KCCEvent

Directory Server Diagnosis

Performing initial setup:

   Trying to find home server...

   Home Server = DCHostname

   * Identified AD Forest.

   Done gathering initial info.

Doing initial required tests

   Testing server: Site6\DCHOstname

      Starting test: Connectivity

         ......................... DCHostname passed test Connectivity

Doing primary tests

   Testing server: Site6\DCHostname

      Starting test: KccEvent

         A warning event occurred.  EventID: 0x80000B83

            Time Generated: 02/23/2023   09:42:38

            Event String: An attempt to fetch the password of a group managed service account failed.

         An error event occurred.  EventID: 0xC0000B50

            Time Generated: 02/23/2023   09:45:01

            Event String: A client made a DirSync LDAP request for a directory partition. Access was denied due to the following error.

         ......................... DCHostname failed test KccEvent

   Running partition tests on : DomainDnsZones

   Running partition tests on : ForestDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : mycompany

   Running enterprise tests on : mycompany.local

Please help how I can find which gmsa is causing a problem and which client was denied access. If you need more info please let me know I'll try to provide the information required.

Windows for business Windows Client for IT Pros Directory services Active Directory
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 44,746 Reputation points
    2023-02-23T16:20:10.0866667+00:00

    Hello,

    Both errors seem to be related to metadata lingering of a decommisioned Domain Controller.

    I would recommend to follow the next articles to troubleshoot further and resolve it:

    https:// learn. microsoft. com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc785298(v=ws.10)

    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments
  2. Limitless Technology 44,746 Reputation points
    2023-02-23T16:20:18.7666667+00:00

    Double post

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.