Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Server 2022 Support

Copper Contributor

We've replaced one of our DC's with a 2022 server. The server is a member of the group that is able to read gmsa service account. The error that is generated by the tri.sensor is that it cannot read the gmsa password. At a loss as 2019 servers configured the same way work fine. The 2022 is our first DC, the 2019 servers host adfs roles. Is 2022 not supported for Azure ATP yet?

3 Replies

Officially not supported yet, as we did not complete full testing, but effectively I can say we are not blocking the install and telemetry shows we have hundreds of sensors running on 2022 already.
Most likely the issue is coming some place else, but I can't be sure until we officially support it after testing all use cases...

@ChrisMaiura 

 

Adding to @Eli Ofek's comment;
Please make sure you restarted the server after adding its computer account to the group that is allowed to retrieve the gmsa's password (as group membership is evaluated at logon), or run the following command on it:

 

klist -li 0x3e7 purge

 

 

If this still doesn't work, please open a support case.

@Martin_Schvartzman 

 

Thanks. We ran Test-ADServiceAccount ourserviceaccount from the DC in question and the result was true. We reinstalled the ATP Sensor client, but downloaded a new version. The original one we started with was 2.167.14829.39882. When we reinstalled this morning we used 2.168.14865.25114. The install completed without any issues. Thanks again for your time.