Closed Chesedro closed 1 year ago
@Chesedro
This is a known symptom of the faulty November 2022 Windows Update
https://docs.lithnet.io/ams/help-and-support/support-articles/kb000005
Thanks so much. I will try to apply the patch over the weekend. Glad it's an easy fix. I did read about this faulty patch. but did not put it together that this was the issues. Thanks again.
Tom
No problems Tom. The patch has unfortunately manifested a lot of side effects.
In case you are not aware, there's a secondary problem with the November update that can cause LSASS memory leak and subsequent crash. https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#2966msgdesc
Thanks ryannewington, I am working on getting a window to apply these updates. till then I can leave AWS using a domain account. Thanks for getting back to me so quickly on this.
T
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs.
gMSA password incorrect,
Working an issue. That for some reason I can run AMS with a Domain account no problem. But when I try to change the account to a gMAS the web portal no longer works. Once I authenticate the page wont load. I see an “Error 500”. Looking in the access-manager-service.log and the access-manager-webapp.log I see the same error below.
Lithnet.AccessManager.Enterprise.AmsLicenseManager|Unable to initialize forest information System.Security.Authentication.AuthenticationException: The user name or password is incorrect. ---> System.Runtime.InteropServices.COMException (0x8007052E): The user name or password is incorrect.
At first I thought it was an issue with the gMSA account. And it may be. Tested with test-adserviceaccount result is “True” also made sure the property for “PrincipalsAllowedToRetrieveManagedPassword” is set for the hostname properly. Clearly since I got the “True” result in test-adserviceaccount.
The lithnetams service does start with no errors. Also Everything in AMS configuration tool looks good. No errors all green checkmarks where needed.
I have removed and recreated the gMSA account several times with the same result. Each time I can get the site back up working only if I use a standard AD account. I have been using the ps script provided to create the gMSA. Unrelated, I get an error adding the gMSA with the script provided saying its missing the -path parameter. Adding this however, resolves the error.
Any direction would be appreciated..
Thanks T