gMSA returning password error

mgrant · June 4, 2025, 10:49pm

Hi Team,

I am attempting to connect a gMSA account and I keep getting the error below. Everything from the set up side in ISC is configured correctly but I just can’t determine what is causing the error. Has anyone experienced this?

Note - the password has been verified as valid and the logs show 

Required attribute [password] is not defined. Trying with blank password

[InvalidConfigurationException][Possible Suggestions]Enter valid domain credentials.

narayanag · June 5, 2025, 2:03pm

Marvin Grant:

I am attempting to connect a gMSA account and I keep getting the error below. Everything from the set up side in ISC is configured correctly but I just can’t determine what is causing the error. Has anyone experienced this?
Note - the password has been verified as valid and the logs show 

Required attribute [password] is not defined. Trying with blank password

[InvalidConfigurationException][Possible Suggestions]Enter valid domain credentials.

@mgrant -Please try this steps. I have debug the issue to provide information to you.

To troubleshoot gMSA account connection errors in Identity Security Cloud (ISC), specifically for the errors mentioned, follow these steps:

Ensure that you have selected “Use gMSA as a Service Account” in the domain settings configuration.

Verify that you have selected “Strong (SASL)” as the Authentication Type. This is mandatory when using gMSA as a service account.

Make sure you have provided the Service Account in the UPN (User Principal Name) format. For example: myMSAAccount@weekday.lab

Double-check that you have not entered anything in the Password field when using gMSA. The password field should be left blank for gMSA accounts.

Confirm that the IQService is properly configured to use the gMSA account. This configuration is mandatory for using gMSA as a service account in Active Directory. If you’re still encountering issues after checking these settings, try the following additional troubleshooting steps:

Verify that the gMSA account has been properly created and installed in your Active Directory environment.

Ensure that the IQService has been restarted after configuring it to use the gMSA account.

Check that the gMSA account has the necessary permissions to perform the required operations in Active Directory.

Review the IQService configuration to make sure it’s correctly set up to use the gMSA account, including the proper Account Name format (e.g., myMSAAccount$).

Verify that the gMSA account and the IQService server computer account have been granted permission to retrieve the gMSA password.

If the issue persists after trying these steps, you may need to review your overall Active Directory and IQService configuration to ensure all components are properly set up for gMSA usage.

mgrant · June 5, 2025, 9:26pm

Awesome! Thanks for this. QQ - would an SPN in AD and servers listed in the ISC configuration be needed?

system · August 4, 2025, 9:26pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
gMsa returns error after verifying config is correct ISC Discussion and Questions identity-security-cloud	7	219	October 21, 2025
Facing issue while using gMSA in AD integration with ISC ISC Discussion and Questions identity-security-cloud , active-directory	13	177	March 10, 2026
IDN Active Directory connector gMSA ISC Discussion and Questions identity-security-cloud , connectors	4	552	January 3, 2025
Using gMSA as a Service Account Connectivity Documentation Feedback iiq-docs	2	95	July 29, 2025
[Completed]: Active Directory Connector: Supporting Group Managed Service Account (gMSA) as service Account In Discovery identity-security-cloud , identityiq , connectors , in-discovery-closed	3	966	November 19, 2025

gMSA returning password error

Related topics