Skip to main content

Managed Service account (gMSA). Error: Unable to install service account pGMSA_xxxxxxx$ after 6 retries.

Error while creating group managed service account (gMSA). Error: Unable to install service account pGMSA_xxxx$ after 6 retries.

It took some of my time to work around this issue however finally sorted it out with 3 simple steps to Modify KerberosEncryptionType.

Environment: Windows Server 2022 R2

I have executed the two scripts:

1.     1. Get-ADServiceAccount -filter *** (To find the name of the SAMAccountName) 

 2.   Set-ADServiceAccount -Identity SAMAccountName -KerberosEncryptionType AES128, AES256 

(To modify Kerberos Encryption Type. In the above line replace SAMAccountName with your SAMAccountName)

 3.   Restarted the Microsoft Entra Provisioning agent!

Installation completed successfully!

I have referred below two article to complete this task.

https://learn.microsoft.com/en-us/answers/questions/1328559/attempting-to-set-provagentgmsa-encryptiontype-can 

https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/azure-ad-hybrid-sync-unable-create-gmsa-kds-domain-controller 

Comments

Post a Comment