none
Testing a UNC Path with an ManagedService Account RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi folks,

    Iam using a managed Service Account for starting a Script on one of my Server. Inside the script I use Test-Path (UNC Path on a fileserver).

    Always getting back the path don't esxist. For checking purposes I already added the Account in the DomainAdmin group but nothing changed.

    Do I need a Manages ServiceGroup account? did't seems logic to me cause the scripts runs on the server and not on the fileserver. I have created the account with the "-RestrictedToSingleComputer" parameter.

    With a "normal" user the script runs fine.

    Any hints?

    Best regards
    Andreas Ernst
    MCITP:EA, MCP, MCTS


    Wednesday, November 11, 2015 3:22 PM
    |

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    You restricted it and then asked it too contact a second computer.

    \_(ツ)_/

    • Marked as answer by Andreas Ernst Thursday, November 12, 2015 12:56 PM
    Wednesday, November 11, 2015 3:48 PM
    |
    Moderator

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    You restricted it and then asked it too contact a second computer.

    \_(ツ)_/

    • Marked as answer by Andreas Ernst Thursday, November 12, 2015 12:56 PM
    Wednesday, November 11, 2015 3:48 PM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote
    thought "-RestrictedToSingleComputer" means the service account can only be used on one computer.

    Best regards
    Andreas Ernst
    MCITP:EA, MCP, MCTS

    Wednesday, November 11, 2015 4:02 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    "Cannot be used for inbound authentication".

    To attach to a share you need to authenticate "inbound" on the remote system.

    \_(ツ)_/

    Wednesday, November 11, 2015 4:12 PM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi there,

    So I created a new user. Same error

    New-ADServiceAccount -name Service1-DNSHostName Service1.domain.int -PrincipalsAllowedToRetrieveManagedPassword Domain Computer
    Install-ADServiceAccount Service1

    OR

    New-ADServiceAccount -name Service1-DNSHostName Service1.domain.int -PrincipalsAllowedToRetrieveManagedPassword fileserver$, otherserver$
    Install-ADServiceAccount Service1

    won't work

    thx for your help!

    Best regards
    Andreas Ernst
    MCITP:EA, MCP, MCTS



    Thursday, November 12, 2015 9:52 AM
    |
  • Question
    Sign in to vote
    1
    Sign in to vote

    Found the error.

    There was an C Name defined in DNS for the fileserver. SoKerberos Authentication failed. I fixes the issue and it works like charme!

    Tanks for your help!

    Best regards
    Andreas Ernst
    MCITP:EA, MCP, MCTS

    Thursday, November 12, 2015 12:40 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Create a simple script to test with only one line in it and test to see if your account has access to the share.

    \_(ツ)_/

    Thursday, November 12, 2015 12:41 PM
    |
    Moderator