Recovery Manager for AD has deprecated support for a group managed service account (gMSA) to be specified as the account to connect to the backup agent for manually triggered backups. In accordance with Microsoft, it is recommended to not use a gMSA for interactively initiated network connections such as manually triggered backups.
To enforce this recommendation and to address vulnerability CVE-2023-21524, Microsoft has limited the usages of managed service accounts with a Windows Update. Based on this change by Microsoft and after consultation with Microsoft, Recovery Manager for AD is also limiting usage of gMSA accounts.
How does this affect me?
Customers using a group managed service account (gMSA) to run their manual backups will need to update computer collection properties. When upgrading to Recovery Manager for AD 10.2.2 Hotfix 2 (Build 10.2.2.38943), if a gMSA is currently configured in computer collections properties, it will automatically be removed to ensure security of the backup agent and your installation of Recovery Manager for AD.
Workaround
Customers can change the service account to a standard domain account. It is best practice and recommended to continue to use group managed service account (gMSA) for scheduled backup tasks.
Status
This notification addresses issue identified in KB article 4369967 “Unable to create backups with a gMSA account after applying Microsoft patch KB5022289/KB5022286”
We apologize for the inconvenience this issue may have caused and look forward to assisting you in the future.© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
