Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

MDI Sensor service terminated unexpectedly Problem is gMSA Account

Copper Contributor

Hello,

 

I want to Install the MDI Sensors on Domain Controllers:

 

DC01  "objectVersion   87" Server 2016 Datacenter - 

DC02 "objectVersion   87" Server 2016 Datacenter - 

 

When I use a regular user with credentials. MDI services work without problems on both Servers.

When I use gMSA account for MDI sensor on DC02. MDI Sensor is not starting. Error 1067

The Problem is MDI Sensor with gMSA Account works on DC01. But on DC02 it is not starting.

 

Powershell script I used for gMSA Account:

 

New-ADServiceAccount -Name username -DNSHostName username.domain.local –KerberosEncryptionType AES256 –ManagedPasswordIntervalInDays 60 –SamAccountName username -PrincipalsAllowedToRetrieveManagedPassword DC01, DC02

 

 

I have checked:

 

Test-ADServiceAccount -Identity username

PS C:\Windows\system32> Test-ADServiceAccount -Identity username
True

 

Event Viewer on DC01:

The Open Procedure for service ".NETFramework" in DLL "C:\Windows\system32\mscoree.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

 

 

The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

 

The Same Errors I have seen also in DC02. But It works without Problem.

 

I don't know if these errors related to MDI issue?!

 

 

Any Idea?

 

Regards,

Farhad

 

 

 

 

 

 

 

 

 

 

3 Replies
Hi @Martin_Schvartzman,

Thank you for your response.
I have checked also the Logon as a Service rights.
Unfortunately, it doesn't help.

I also checked the all steps were written in this post.

https://docs.microsoft.com/en-us/answers/questions/758863/azure-atp-doesn39t-start-in-dc-with-gmsa-a...

Doesn't help :(

Regards,
Farhad


@fkh090 

Please open a support case. They should be able to help you troubleshot the issue.