Edit

Microsoft Entra Hybrid Sync Agent Installation Issues - The gMSA is set to log on as Service

  • Article

This troubleshooting guide focuses on when the gMSA is set to log on as a service. This situation may block you from successfully installing the Microsoft Entra Connect Provisioning Agent.

Prerequisites

To install Cloud Provisioning Agent, the following prerequisites are required: Prerequisites for Microsoft Entra Connect cloud sync.

The gMSA is set to log on as Service

While installing Cloud Provisioning Agent, you may get the following error:

Failed changing Windows service credentials to gMSA.

To resolve this issue, check the System event logs for EventID 7038. The following error appears:

The user name or password is incorrect.

Screenshot of error when attempting to install the Microsoft Entra Connect Provisioning Agent. It says the user name or password is incorrect.

Open the Microsoft Entra Connect Provisioning Agent properties and select the Log On tab. You'll find the settings aren’t grayed out, as is expected for a managed account service.

Screenshot of the 'Log On' tab of the Microsoft Azure A D Connect Provisioning Agent window, including the account and password entries.

To verify whether the account is managed, open a command prompt and type the following command:

Sc.exe qmanagedaccount aadconnectprovisioningagent

The account-managed status is shown as False.

Screenshot of the output for the S c . e x e command, showing the account-managed status as false.

To set the status to True and resolve this issue, type the following command:

Sc.exe managedaccount aadconnectprovisioningagent true

The wizard now completes successfully.

Contact us for help

If you have questions or need help, create a support request, or ask Azure community support. You can also submit product feedback to Azure feedback community.