I have a question on implementing gMSA account for managing authentication to SQL server.
Our goal is to use gMSA account to manage the auto password change activities for SQl server service and it's agent service.
Few questions-
-
Does implementing gMSA works for 2 node SQL FCI and 3 or 4 Node Always on AG,s?
-
Since I just want to run SQl server with that gMSA account is there any special permissions needs to be granted at server or database level while running both SQL and agent services?
Our AD team gets all the background work related to creation of those accounts. Once ready we are just handed over the abc$ account e.g. to use them for running SQL services without entering the need of any password.
Please advise any catch of implementing gMSa here.
Best Answer
Yes it does work.
Nope, the installer will take care of that.
If certain windows services don't start before SQL Server, then authentication can't take place and SQL Server will fail to start up. This doesn't happen very often and generally when it does there is some other issue with the server that is causing this symptom and behavior.