Install Applications Manager:
Proceed with the installation until the DB Configuration page.
Provide the Host, Port, DB Name, and gMSA User name with the Domain name (e.g., apmsql\gmsauser$
). Leave the Password field empty.
Ensure that the gMSA User name ends with the $
character.
Download and Extract PSTools:
Download PSTools from Microsoft's website.
Extract the tools to the <APM_HOME>
directory. PSTools are used to check the SQL connectivity with the gMSA account during the installation.
Check Connectivity with PSTools:
Now proceed with the installation window.
If the installation fails at DB Configuration step, open a command prompt and navigate to the <APM_HOME>
directory.
Run the following command:
In the newly opened PowerShell window, run:
Invoke-Sqlcmd -ServerInstance 'sql-kerb-1' -Database 'master' -Query 'select getdate()'
Replace sqlkerberos
with your domain name, svc_sql$
with your gMSA account name, and sql-kerb-1
with your SQL Server's hostname in the above commands.
Powershell Errors Related to Invoke-Sqlcmd Module:
If you encounter the error:
Install the SqlServer module by running the below command in PowerShell:
Install-Module -Name SqlServer
Import the module into your PowerShell session:
Import-Module SqlServer
Verify the availability of the Invoke-Sqlcmd
cmdlet using below command in PowerShell:
Get-Command Invoke-Sqlcmd
Continue Installation:
Now check with the installation.
If it is successful, on the final installation window, uncheck the option to "Launch Applications Manager service now" and finish the installation.
Service Configuration:
Go to Services > Applications Manager Service > Properties > Log On.
Choose the gMSA account and leave the password field empty.
Click Apply and OK, then start the service. Wait for 5 minutes for the complete startup of Applications Manager.
Here you go! You have successfully authenticated the gMSA account with the SQL Server in Applications Manager. You can now skip the following steps and proceed with monitoring.
Alternative Approach (Without PSTools):
Complete the installation using a normal Windows login.
On the final installation window, uncheck the option to "Launch Applications Manager service now" and finish the installation.
Update Configuration:
Open database_params.conf
file and modify the JDBC URL parameters:
Set authenticationScheme
to NativeAuthentication
.
Set IntegratedSecurity
to true
.
Add/update the domain name.
Add/update the user name to the gMSA user name (e.g., svc_sql$
).
Service Configuration:
Go to Services > Applications Manager Service > Properties > Log On.
Choose the gMSA account and leave the password field empty.
Click Apply and OK, then start the service. Wait for 5 minutes for the complete startup of Applications Manager.
Here you go! You have successfully authenticated the gMSA account with the SQL Server in Applications Manager.
Cleanup:
Remove PSTools from the <APM_HOME>
directory.
Stop Applications Manager Service.
Update Configuration:
Open database_params.conf
file and modify the JDBC URL parameters:
Set authenticationScheme
to NativeAuthentication
.
Set IntegratedSecurity
to true
.
Add/update the domain name.
Add/update the user name to the gMSA user name (e.g., svc_sql$
).
Service Configuration:
Go to Services > Applications Manager Service > Properties > Log On.
Choose the gMSA account and leave the password field empty.
Click Apply and OK, then start the service. Ensure the service starts without any issues.
Wait for 5 minutes for the complete startup of Applications Manager.
Here you go! You have successfully authenticated the gMSA account with the SQL Server in Applications Manager.
Once the Applications Manager service is started with gMSA account as Logon Service account, then by default, gMSA account will work for SQL monitors by enabling the Authentication Type 'Native(gMSA)' as shown below.