SQL SERVER – SQL Service Not Getting Started Automatically After Server Reboot While Using gMSA Account

SQL
9 Comments

This was the first experiment with gMSA account in my lab and I faced an interesting issue. In my lab environment, I have a complete domain server and member servers. Once I configured gMSA for SQL Server service and restarted the machine, SQL Service didn’t start automatically even though it was set for an automatic startup as shown below.

There was no ERRORLOG because SQL didn’t start. Event log showed me a bunch of Errors which I have listed below:

Event ID Source Details
7038 Service Control Manager The MSSQL$SQL_XFBIZ service was unable to log on as SQLAuthority\gmsaQUICK$ with the currently configured password due to the following error:

 

The specified domain either does not exist or could not be contacted.

 

 

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7034 Service Control Manager The SQL Server (MSSQLSERVER) service terminated unexpectedly.  It has done this 1 time(s).
700 Service Control Manager The MSSQLSERVER service failed to start due to the following error:

 

The service did not start due to a logon failure.

 

The interesting messages out of all are:

  1. The specified domain either does not exist or could not be contacted.
  2. The service did not start due to a logon failure.

WORKAROUND/SOLUTION

From the messages its clear that server was not able to contact the domain controller when it was getting started along with server startup. There are few things, which I am aware of, which would help.

  1. Set SQL Server Service to “Automatic (Delayed Start)” as shown below.
  2. Using registry editor, set the dependencies of SQL Server service on Netlogon and W32time service. Here are the steps:
    1. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSQLSERVER
    2. Look for “DependOnService” on the right pane.
    3. Edit the values and add W32Time and Netlogon as shown below. Note: KEYISO was already there.
    4. Close the settings and check via services to make sure dependency is set correctly.

After doing above, I never faced the same issue on this server.

Have you ever faced the same issue? Is there any other solution which you found? Please share via comments and I would write a blog with due credit.

Reference: Pinal Dave (https://blog.sqlauthority.com)

SQL Error Messages, SQL Server, SQL Server Agent, SQL Server Security, SQL Server Services
Previous Post
SQL SERVER – Error: 18456, State 149 – Login-based Server Access Validation Failed With an Infrastructure Error. Login Lacks Connect Endpoint Permission
Next Post
SQL SERVER – FIX: The specified instance of SQL Server is hosted by a system that is not a Windows Server Failover Cluster(WSFC) Node.

Related Posts

9 Comments. Leave new

  • I faced the same issue when implemented gmsa in our shop but used the same workaround of setting the dependencies. That made the trick and liked it better than the delayed start.

    Reply
  • Hi Pinal

    Thanks for sharing this post , have you seen this link.

    https://support.microsoft.com/en-us/help/2998082/gmsa-based-services-can-t-log-on-after-a-password-change-in-a-windows.

    It is strange that the event log message did not mention the dependency also the step by step guide by Microsoft does not mention adding the dependency. A lot of times these kind of SQL Server errors and behaviors is dependent on the specific environment.

    Why would it need Netlogon and windows time as a dependency

    Reply
  • Hello,

    I also ran in the problem when my SQL Service did not start after reboot using managed service accounts.

    I solved the problem when I modified the following registry value (maybe the key difffers according to your instance name or the key might be missing entirely):

    Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSQLSERVER
    Value: ServiceAccountManaged
    Datatype: REG_BINARY

    On one working machine the content of this key was
    01 00 00 00

    The other machine which was NOT working had its value set to
    00 00 00 00

    Note: You have to reboot your OS after you modified the registry value.

    I don’t know why this happened, but I tried several reboots and every time the SQL Server Service starts fine even without configuring any service dependencies.

    Hope this helps!

    Kind Regards,
    Michael

    Reply
  • Thank you, Michael
    After trying everything i updated the registry as you suggested which fixed my issue.

    Thank you

    Reply
  • In Production server i have deployed the dll of dot net files and using entity framework ,so ,we have taken the back up Databases and restored after the deployment,every thing is working fine after deployment ,2 days later ,planned system reboot is performed after that sql instance not started automatically,and showing

    Issue :

    FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\DATA\ReportServer.mdf for file number 1. OS error: 32(The process cannot access the file because it is being used by another process.). [Policy: MSSQLServer_EventLog_Errors

    Solution:

    After restarting sql services from services.msc started working.
    I want to know the reason.Please let me know what might be the reason.

    Reply
  • I had the same issue but in a different context: standalone WIndows 10 PC without AD. I followed your steps, the dependency on Netlogon gave an error when SQL Server tried to start. I removed it, only keeping the Windows Time dependency, and it solved my issue. Thanks!

    Reply
  • This was the fix to the same issue I was having. Simple solution that solved a nagging problem. Thank You!

    Reply
  • Muhammad AbuBakar
    June 15, 2021 12:15 am

    I had faced a similar issue once with dedicated service account for SQL server. SQL services did not reboot even though it was set to start automatically.

    Reply
  • If I set SQL Server, Agent Services and ALTER AUTHORIZATION
    ON ENDPOINT::Hadr_endpoint to gMSA account, what will happen when password changes in AD in the middle of running jobs/updates or change the primary for Availability group?

    Reply

Leave a Reply

Menu
Exit mobile version