Forum Discussion
Monitoring/Troubleshooting - gMSA Account
If MCC is deployed with a gMSA account it introduces difficulties in troubleshooting/monitoring the setup as we need to run powershell using the gMSA account locally.
Even then, running powershell as the gMSA account can't be done via 'Run As...', it requires the below command or similar
"psexec -u DOMAIN\gMSA_acct$ powershell.exe"
Please include an easier way to monitor the status of the running container as the Healthy/Unhealthy status on the Azure portal side does not report the true state of the container.
Hi Marty, great callouts. We're aware of the additional friction introduced when designating a gMSA as the MCC runtime account, and are working on some improvements to the user experience.
The Healthy/Unhealthy status on the Azure Portal side is meant to indicate whether the MCC service received the expected heartbeat signal from the deployed cache node, so you are correct that it does not provide further details on the state of the container. For example, if the heartbeat signal is blocked by a network firewall, the cache node may appear as "Unhealthy" in the Azure Portal even though the actual MCC container is running fine and serving content.
We are working on some tooling that will make it easier to view more details on the status of the MCC caching software.
2 Replies
- Christopher_Lin
Microsoft
Hi Marty, great callouts. We're aware of the additional friction introduced when designating a gMSA as the MCC runtime account, and are working on some improvements to the user experience.
The Healthy/Unhealthy status on the Azure Portal side is meant to indicate whether the MCC service received the expected heartbeat signal from the deployed cache node, so you are correct that it does not provide further details on the state of the container. For example, if the heartbeat signal is blocked by a network firewall, the cache node may appear as "Unhealthy" in the Azure Portal even though the actual MCC container is running fine and serving content.
We are working on some tooling that will make it easier to view more details on the status of the MCC caching software.
Monitoring and troubleshooting with a gMSA account can be tricky since you can't directly use "Run As..." with it. Using commands like psexec -u DOMAIN\gMSA_acct$ powershell.exe is one way to run PowerShell with the gMSA. As for monitoring the container’s health, you should consider using tools like Azure Monitor or custom logging within the container itself. These tools can provide you more accurate status reports beyond what’s shown in the Azure portal, and help with troubleshooting when the built in health check doesn't reflect the true state. Let me know it goes
Hope it helps!
