erop
Reputation: 1590
Error on creating Managed Service Account with PowerShell
I'm trying to create Managed Service Accounts for using with SQL Server' services in AD DS on Windows Server 2012 R2. I use the following PowerShell command:
Import-Module ActiveDirectory
New-ADServiceAccount -Name "SQLDBEngine" -DNSHostName "<hostname with AD integrated DNS>" -Enabled $true
But receive the following error message:
Key does not exist
+ CategoryInfo : NotSpecified: (CN=SQLDBEngine,...HMS-BI,DC=LOCAL:String) [New-ADServiceAccount], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount
Looks like I did everything correct but still unable create managed account. Error message seems not so informative. Any ideas how to debug or fix the issue?
Upvotes: 4
Views: 11096
Answers (1)
erop
Reputation: 1590
I found the blog-post here that helped me to solve the problem. The point was that there's a new service in Windows Server 2012 named Key Distribution Service (KDS) and before starting to add new managed accounts one need to add KDS root key with the following PS command for the immediate effectiveness:
Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10))
Upvotes: 10
Related Questions
- Why am I receiving a Connect-AzureAD error after connecting to the service?
- Creating a SQL Server DB via Powershell: Error calling Create with 0 arguments
- Powershell: Register service with network-service account results in error 1068
- Adding Azure AD account as SQL login with PowerShell failing
- Why am I getting "Key credential start date is invalid." trying to create a Active Directory Service Principal
- Error when adding new AD user
- SC CreateService FAILED 1057 The account name is invalid or does not exist, or the password is invalid for the account name specified
- Exception when trying to create a new SQL account
- Wmi ManagedComputer SetServiceAccount gives "Set service account failed"
- Creating AD user with powershell