Why does a DC still tries to use an old gMSA that is no longer is configured in the portal?

%3CLINGO-SUB%20id%3D%22lingo-sub-2452133%22%20slang%3D%22en-US%22%3EWhy%20does%20a%20DC%20still%20tries%20to%20use%20an%20old%20gMSA%20that%20is%20no%20longer%20is%20configured%20in%20the%20portal%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2452133%22%20slang%3D%22en-US%22%3E%3CP%3EWhy%20does%20a%20DC%20still%20tries%20to%20use%20an%20old%20gMSA%20that%20is%20no%20longer%20is%20configured%20in%20the%20portal%3F%3C%2FP%3E%3CP%3EI%20initially%20use%20account%20GMSA2%20and%20configure%20it%20the%20portal%2C%20a%20Sensor%20was%20installed..now%20I%20have%20added%20GMSA1%20to%20the%20portal%20and%20remove%20GMSA2%20from%20the%20portal.%3C%2FP%3E%3CP%3EIt%20appears%20the%20DCs%20are%20using%20GMSA1%20now%20and%20connected%20fine%20to%20the%20portal%20but%20they%20do%20still%20gives%20the%20error%20about%20GMSA2.%26nbsp%3B%20It%20has%20been%20a%20few%20weeks%20passed%20and%20still%20the%20DC%20keeps%20coming%20up%20with%20error%20%22An%20attempt%20to%20fetch%20the%20password%20of%20a%20group%20managed%20service%20account%20failed%22%20for%20GMSA2.%3C%2FP%3E%3CP%3EIs%20GMSA2%20cached%20or%20something%3F%20How%20do%20I%20stop%20this%20error%20from%20occuring%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2452776%22%20slang%3D%22en-US%22%3ERe%3A%20Why%20does%20a%20DC%20still%20tries%20to%20use%20an%20old%20gMSA%20that%20is%20no%20longer%20is%20configured%20in%20the%20portal%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2452776%22%20slang%3D%22en-US%22%3EThe%20credentials%20are%20cached%20only%20for%20a%20few%20minutes...%3CBR%20%2F%3EDid%20you%20make%20sure%20to%20delete%20the%20old%20credentials%20from%20the%20portal%3F%20they%20do%20not%20appear%20there%20any%20more%20%3F%3CBR%20%2F%3EIf%20you%20stop%20both%20sensor%20services%20on%20the%20machine%2C%20does%20the%20old%20credentials%20stopped%20being%20used%20(to%20make%20sure%20it's%20actually%20the%20sensor%20that%20is%20using%20them%20and%20not%20something%20else...)%3C%2FLINGO-BODY%3E
Occasional Contributor

Why does a DC still tries to use an old gMSA that is no longer is configured in the portal?

I initially use account GMSA2 and configure it the portal, a Sensor was installed..now I have added GMSA1 to the portal and remove GMSA2 from the portal.

It appears the DCs are using GMSA1 now and connected fine to the portal but they do still gives the error about GMSA2.  It has been a few weeks passed and still the DC keeps coming up with error "An attempt to fetch the password of a group managed service account failed" for GMSA2.

Is GMSA2 cached or something? How do I stop this error from occuring?

4 Replies
The credentials are cached only for a few minutes...
Did you make sure to delete the old credentials from the portal? they do not appear there any more ?
If you stop both sensor services on the machine, does the old credentials stopped being used (to make sure it's actually the sensor that is using them and not something else...)
Yep..remove from portal, delete from Active Directory.
Perhaps I need to stop the sensor or restart it and see.
There should not be a need to restart the sensor for it to refresh, but I would simply stop it for a few hours to see if authentications stop at that time. if they are not, it's not MDI related.
IS this sensor reported healthy in the portal ?
Hi
Just to close this off. It was just an open Heatlh Alert that never was closed. Once manually closed it is all good.