Hello all,
I have a parent domain and multiple subdomains.
In my parent domain, I have configured a GMSA account and allowed a machine that is going to use it to pull GMSA related info.
The problem I have is that when using the GMSA account, I see the following behavior.
- Service is automatic and set to GMSA logon. The machine takes a significant amount to apply the logon and if we reboot the machine, the machine takes over an hour to start back up.
- Service is automatic delayed and set to GMSA logon. The service stays stuck in starting and if rebooted the machine starts up quick but again the service will stay stuck in a starting state.
- If the service is set to automatic and set to use local system. The service starts instantly and if rebooted both the machine and service start up quick.
We do not see this same behavior when creating a GMSA on subdomains only when we try this on the parent of all subdomains. I’m unable to find any logs related to anything in the process.
We see this issue when setting SQL Server or third party tools(GMSA compatible). Permissions over the necessary folders have been granted.
No clue what might be going on, any help appreciated. Is it a too many machines/subdomain issue? Does GMSA parse through all subdomains as part of some kind of verify step?
thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 73%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 11%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJZ%3C/text%3E%3C/svg%3E)