Shared Configuration with Managed Service AccountRSS

0 replies

Last post Jun 24, 2020 01:30 PM by Tsvetelin

  • Shared Configuration with Managed Service Account

    Jun 24, 2020 01:30 PM|Tsvetelin|LINK

    I am trying to enable IIS shared configuration on Windows Server 2019. I want to use a gMSA account for content access to the shared configuration folder. When I run

    Enable-IISSharedConfig `
    -PhysicalPath '\\server\folder' `
    -UserName 'domain\gmsa.account$'

    I get

    "Enable-IISSharedConfig : Cannot access the location '\\server\folder'. Either the location does not exist or the credentials supplied are not authorized to access the location."

    I tried by omitting the Password parameter, by supplying an empty password ([securestring]::new()) and by supplying a random password, it returns the same error.

    The account has all the necessary permissions set. I verified that the account could access the share by using psexec to cmd with that account and ran dir \server\folder.

    Is it possible to configure IIS to use a gMSA account to access the shared configuration directory and if yes, how?

    Is there a documentation, or list of requirements to the accounts, that are used for shared configuration?

    Thanks in advance!