Dear Microsoft Tech Community,

I am encountering difficulties while attempting to configure credential management software to run with a Group Managed Service Account (gMSA) on Windows Server 2019 Standard.

Currently, the software's parent service is running under a dedicated domain user account. Which only needs to perform reads from AD. However, I need to transition them to use gMSA for improved security and manageability.

I've granted the gMSA the "Log On As a Service" right, but upon attempting to start the service, I encounter the following system error code:

ERROR_DS_CANT_ADD_SYSTEM_ONLY. 8358 (0x20A6)

Despite extensive research, I have been unable to find a resolution for this error code. I've ensured that the gMSA is correctly installed on the server running CMS, and that KDS is working.

So, I humbly request assistance from the community in resolving this issue. Any guidance or insights into overcoming this error would be greatly appreciated.

Thank you for your time and assistance.

Sincerely, Rasmus.