GMSA Not ABle to Run XLSM Tool

Tim Bishop 1 Reputation point
2020-10-28T10:45:26.193+00:00

Hi

We are having the below issue on a Windows 2012 Server, that we use to run a number of Java apps as Windows Services.

We have recently begun migrating our Windows Services away from Server logins and onto GMSA accounts.

We have successfully completed this for a number of Java services - but we have been blocked on one for the last few weeks.

This java application performs a batch process using a VB Macro, XLSM sheet. The Java component is working fine with GMSA and is abel to perform its basic orchestration function. The entire process freezes however once it calls the VB sheet. This XLSM sheet is called form Java by invoking "cscript macro.vbs". The VBS script contains some commands to open a new excel object as a background process, then call the XLSM sheet with some parameters.

We can see that execution is freezing the moment the XLSM sheet is called by dropping logging statements throughout the VBS sheet and the XLSM sheet. Not a single statement is ever printed from inside the XLSM sheet

We have given this GMSA account full admin privileges on the server - so I do not think this is a permission issue.

Is there something in Excel that blocks an account from running an Excel Macro, if that user is not physically logged into the server?

Appreciate any help someone can provide on this - we have been blocked for the last couple of weeks

Thanks

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,834 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Vicky Wang 2,731 Reputation points
    2020-10-29T09:03:31.387+00:00

    Hi
    Thank you for posting in our forum.

    You can try the article in the link may be helpful to you

    reference:https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/gmsa-troubleshooting

    Hope this information can help you

    Best wishes

    Vicky


  2. Suman Bhowmik 76 Reputation points
    2020-11-26T14:34:18.71+00:00

    Hi,
    Please note, I hope you have checked all prerequisites before configuring gMSA accounts.

    You may also run the command Test-ADserviceAccount -Identity GMSAName to confirm if the machine is able to pull the gMSA password.
    Then if your service is still failing, you may configure SNMP Trap service with the gMSA to confirm if it's an issue with the gMSA or configuration.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.