I have 8 Domain Controllers in my test environment. Four are failing with the error above.
The gmsa is configured and the DC's are in a security groups that has "PrincipalsAllowedToRetrivePassword".
Running Test-ADServiceAccount returns "True"
I have a GPO assigned so that the GMSA can Log On As a Service. Running GP Results shows that the GPO is applied and setting is correct.
Error Message is:
Directory services user credentials are incorrect
Credentials for the directory services user GMSA are incorrect. Your MDI sensor(s) cannot connect to 4 Domain Controllers without these credentials. The directory services user is required to perform LDAP queries against the domain controllers.