[MicrosoftDocs] gMSA Documentation
ntrappe-msft opened this issue ยท 8 comments
What is your question?
From the MicrosoftDocs/Virtualization-Documentation repo, we've seen a number of requests to improve the documentation or correct mistakes. These include:
- gMSA and DNS Server settings
- gMSA on Kubernetes has gone GA
- host/PRINCIPAL to a gMSA #1791
- So you effectively replaced a Process ID with a Process ID plus gMSAs? #1638
- Update gMSA state #1477
- Need to "SetSPN" or servicePrincipalName on gMSA account. #1341
- Using secondary gMSAs #1237
- Typo in "Check the container", step 4 #1414
- Elaborate more on Additional credential spec configuration for non-domain-joined container host use case #1680
Tracking this internally as Advocacy work on Docs.
I agree these documentation items need to be improved
Can we please also introduce some documentation around User Manager
as part of this. It feels like it is some kind of proxy for LSA operations. It also has some unexpected effects that users should be aware of - such as when trying negotiate between processes within same container, after having DisableLoopbackCheck disabled (edit: does not look like setting DisableLoopbackCheck
to 1
is required even if you have two containers in same Pod, sharing the network namespaces), the ticket is actually issued by User Manager
and not the actual KDC the container/gMSA may be related to.
I have taken action on most items above. Items still open that I will be following up on:
@vrapolinario Amazing, thank you!
This issue has been open for 30 days with no updates.
@vrapolinario, @riyapatel-ms, please provide an update or close this issue.
I have updated two of the items, with just this one remaining:
- MicrosoftDocs/Virtualization-Documentation#1237
I'm currently investigating this internally to provide clarity on the issue raised by the customer.