What SQL error do you get? Make sure you're using an account that's a system admin in SQL when you're running the wizard.
(Please also share any relevant screenshots if you can.)
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi All,
I couldn't find a Category and Forum specific to Azure AD Connect, so please feel free to move this post, if it is the wrong location.
The issue is as described: Azure AD Connect is attempting to connect to its configured SQL Instance using machine account of the server on which it is installed in addition to its gMSA. The service is working using gMSA, and is otherwise synchronising, but the additional connection attempts using the machine account are obviously generating errors on SQL Server as well, as the machine account is not permitted access to the instance.
Stopping the "Microsoft Azure AD Sync" service stops further errors being generated, so it's definitely Azure AD Connect doing it, but it clearly shouldn't be.
Has anyone else encountered this?
Cheers,
SMLatCST
What SQL error do you get? Make sure you're using an account that's a system admin in SQL when you're running the wizard.
(Please also share any relevant screenshots if you can.)
The SQL errors appear every 5 minutes while the "Microsoft Azure AD Sync" running, and there are always two each time, with the below messages:
Login failed for user 'DOMAIN\MACHINE$'. Reason: Could not find a login matching the name provided. [CLIENT: IP ADDRESS]
and
Error: 18456, Severity: 14, State: 5.
To clarify, I do not believe this is an issue of permissions or configuration, as Azure AD Connect appears to be working correctly using the gMSA (i.e. accounts are being sync'ed and the database is being updated). The issue is that it is also, in addition and not as configured, attempting to connect to the SQL instance using the machine account as well. The machine account doesn't have access to SQL, so the error is a legitimate refusal. It is the authentication attempt that is made in error.
This seems like a bug to me. Have you encountered it before?