Greetings,
I have been doing some testing with gMSA Accounts in a Server 2012 R2 environment (two separate environments, actually), and I have noticed something very strange that occurred in both environments, which does not appear to be occurring in one of our customer's
self-managed environments.
We created a Group Managed Service Account using the following article:
http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx
Everything went smoothly, and the account installs/tests successfully on both of the hosts that we are testing on. I am able to set my services to run under the account, and most of them appear to work fine. I am having some issues with a few of my services, and I believe that the strange behavior I am seeing may have something to do with this - described below:
As soon as I set the service's Log On Account (via the Log On Tab under the Service's Properties), the entirety of the "Log On" tab changes to "greyed out," and I am unable to change the Log On account back via the GUI (Screenshot
attached).
I found that I am able to successfully change the account via Command Line using sc.exe, but the Log On tab remains greyed out! So far, I have found nothing to remedy this, but confirmed that it happens for any service I set to use the gMSA as the Logon Account, and that it happens in 2 separate test environments, but not in a Customer's production environment - very strange.
All servers in this environment are running Server 2012 R2, and domain Functional Level is currently Server 2012.
I have been unable to find any information online about this behavior, so I am hoping someone has seen this before, and can explain why this is happening.
Nick