I'm planning a rollout of IIS Centralized Certificates (on Windows 2016 servers), and attempting to determine if this would support a Group Managed Service account, or if I have to go with a regular domain or local account. I've searched for a few hours but haven't found anything definitive. I'd like to know either personal experience or an authoritative answer (from documentation, MS blog, whatever).
Asked
Active
Viewed 278 times
0
-
Every bit of documentation on the subject - including using the IIS Administration API, specifically requires a (user) name and password. The password for a gMSA is not (technically) available to you. Accordingly, you would be unable to specify the password in the configuration. – Semicolon Jan 07 '20 at 18:40
-
Other use cases for MSAs and gMSAs often have the documentation say "leave the password field blank" ... I do have a feeling you are actually correct in this instance, especially since there's no documentation describing that for CCS ... but I had to ask. – Ross Presser Jan 07 '20 at 21:17
-
1I don't have any IIS servers with this IIS feature enabled in the current environment to check; but I believe the username and password field are required to exit the menu. I agree with the mandate to ask. gMSAs are one of my biggest frustrations with Microsoft. I was on board the minute the original MSAs were announced - but there was nothing that would support it and in the 10+ years there has been less-than-stellar progress (I feel) in getting them easily integrated with the "services" that I most desire their use. – Semicolon Jan 08 '20 at 16:49