0 0 Share PDF

gMSA authentication with forest fails


When Windows nodes are configured to use gMSA authentication with multi-domain forest, authentication fails consistently. With a single domain Active Directory, authentication works as expected.


This issue applies only to those customers who wish to join Windows worker nodes using gMSA authentication.

Step-by-step instruction can be found in Create a Container with Active Directory Support.

Root Cause

The setup script needs to be adjusted to work with forest instead of single domain.

A fix has been submitted for this: Fixed forest/domain name configuration in CredSpec #711


Use the fixed version of CredentialSpec.psm1 instead.