This is one of the most common errors which is seen my most DBA when they are using a domain account as the service account. In this blog, we would learn about the cause and solution of error The service did not start due to a logon failure while using gMSA.
Log Name: System
Source: Service Control Manager
Event ID: 7000
Task Category: None
The SQL Server (MSSQLSERVER) service failed to start due to the following error:
The service did not start due to a logon failure.
Some of you might run into the same error where the password is really expired. I have blogged about that earlier.
Interestingly, this time the situation was little different. My client was using group managed service account (gMSA) for SQL Server service account. In such account, the password is auto-managed by the domain controller. Here are some documentation which talks about how to configure it
SQL Server 2014; Click here and check “Group Managed Service Accounts”.
SQL Server 2016; Click here and see the section under “Managed Service Accounts, Group Managed Service Accounts, and Virtual Accounts.”
While using gMSA, you don’t provide a password in configuration manager so earlier blogs won’t help.
When we setup gMSA, you need to allow machines to retrieve the latest password from the domain controller. This setting is called “PrincipalsAllowedToRetrieveManagedPassword”. My client had two nodes AlwaysOn availability group. Here are the commands we have to execute in PowerShell on the domain controller.
Import-Module ActiveDirectory Set-ADServiceAccount -Identity sqlsvcacct -PrincipalsAllowedToRetrieveManagedPassword Node1$ Set-ADServiceAccount -Identity sqlsvcacct -PrincipalsAllowedToRetrieveManagedPassword Node2$
After running above command, we were able to start SQL Service on both the nodes.
Reference: Pinal Dave (https://blog.sqlauthority.com)