Jul 29 2021 07:07 AM
I created a gMSA on one of the DC's because the ADFS server could not communicate to the DC's themselves and I figured a service account wasn't cutting it. Now I am getting an error saying, "Directory services user credentials are incorrect" - "Credentials for the directory services user ######## are incorrect. Your MDI sensor(s) cannot connect to ######### and ######### without these credentials. The directory services user is required to perform LDAP queries against the domain controllers.
Any ideas of where to start. I will also open a ticket. It just seems like ADFS has not been able to connect to the DC's even with the new gMSA.
Jul 29 2021 07:19 AM
Jul 29 2021 07:31 AM
Jul 30 2021 03:13 PM
Sep 17 2021 12:30 AM
Sep 18 2021 01:56 PM
Mar 21 2023 11:41 PM
I got the same error too. I resolved it with the following settings.
https://learn.microsoft.com/en-US/defender-for-identity/directory-service-accounts
* Verify that the gMSA account has the required rights (if needed)
You have to check Group Policy.
Domain > Default Domain Policy
or
Domain > Domain Controllers > Default Domain Controllers Policy
or
other GPO settings
Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> Log on as a service is set.
If the setting is configured, add the gMSA account to the list of accounts that can log on as a service in the Group Policy Management Editor.
after that, Do gpupdate.