Trouble with Credential Management Software & gMSA: Error Code 8358 - Need Help
Dear Microsoft Tech Community, I am encountering difficulties while attempting to configure credential management software to run with a Group Managed Service Account (gMSA) on Windows Server 2019 Standard. Currently, the software's parent service is running under a dedicated domain user account. Which only needs to perform reads from AD. However, I need to transition them to use gMSA for improved security and manageability. I've granted the gMSA the "Log On As a Service" right, but upon attempting to start the service, I encounter the following system error code: ERROR_DS_CANT_ADD_SYSTEM_ONLY. 8358 (0x20A6) Despite extensive research, I have been unable to find a resolution for this error code. I've ensured that the gMSA is correctly installed on the server running CMS, and that KDS is working. So, I humbly request assistance from the community in resolving this issue. Any guidance or insights into overcoming this error would be greatly appreciated. Thank you for your time and assistance. Sincerely, Rasmus.gmsa account - running windows tasks.
I created a gmsa account, installed it on the server to run the scheduled task on windows. Enter the gmsa account as domain administrator and dhcp administrator, since the script that the task will execute is a task of the dhcp server. Enter the gmsa account in Log on as a batch job. Even so, the error occurs when executing the task in the task scheduler.
