Hi Hector,
My apologies, I should have made my response clearer. The owner attribute needs to also contain the user domain, e.g., HM07M7R$@company.com
As you can see from the below example, I was able to reproduce your issue by removing the domain from the working example I provided earlier in this thread:
jil>>1> update_job: p00.gmsa.agent-local.user-gmsa-aebatch owner: aebatch$
jil>>2> exit
______________________________________________________________________________
CAUAJM_I_50323 Inserting/Updating job: p00.gmsa.agent-local.user-gmsa-aebatch
CAUAJM_I_10122 Job 'p00.gmsa.agent-local.user-gmsa-aebatch' scheduled: 02/18/2025 15:23:00
CAUAJM_I_50205 Database Change WAS Successful!
______________________________________________________________________________
CAUAJM_I_52301 Exit Code = 0
______________________________________________________________________________
[P00] # jr p00.gmsa.agent-local.user-gmsa-aebatch -d
Job Name Last Start Last End ST/Ex Run/Ntry Pri/Xit
________________________________________________________________ ____________________ ____________________ _____ ________ _______
p00.gmsa.agent-local.user-gmsa-aebatch ----- ----- ST 52218/1
Status/[Event] Time Ntry ES ProcessTime Machine
---------------------------- --------------------- -- -- --------------------- -------
STARTING 02/18/2025 15:10:37 1 PD 02/18/2025 15:10:37 demo-win-dc-local
[*** ALARM ***]
STARTJOBFAIL 02/18/2025 15:10:47 1 PD 02/18/2025 15:10:48 demo-win-dc-local
<Owner attribute error. The user name or password is incorrect.>
RESTART 02/18/2025 15:10:57 1 UP
<System Restart - Job [p00.gmsa.agent-local.user-gmsa-aebatch] was unable to start.>
After adding the domain back into the job definition the job was able to run successfully once again:
jil>>1> update_job: p00.gmsa.agent-local.user-gmsa-aebatch owner: aebatch$@automation.com
jil>>2> exit
______________________________________________________________________________
CAUAJM_I_50323 Inserting/Updating job: p00.gmsa.agent-local.user-gmsa-aebatch
CAUAJM_I_10122 Job 'p00.gmsa.agent-local.user-gmsa-aebatch' scheduled: 02/18/2025 15:23:00
CAUAJM_I_50205 Database Change WAS Successful!
______________________________________________________________________________
CAUAJM_I_52301 Exit Code = 0
______________________________________________________________________________
[P00] # jr p00.gmsa.agent-local.user-gmsa-aebatch -d
Job Name Last Start Last End ST/Ex Run/Ntry Pri/Xit
________________________________________________________________ ____________________ ____________________ _____ ________ _______
p00.gmsa.agent-local.user-gmsa-aebatch 02/18/2025 15:11:30 02/18/2025 15:11:43 SU 52219/1 0
Status/[Event] Time Ntry ES ProcessTime Machine
---------------------------- --------------------- -- -- --------------------- -------
STARTING 02/18/2025 15:11:30 1 PD 02/18/2025 15:11:30 demo-win-dc-local
RUNNING 02/18/2025 15:11:30 1 PD 02/18/2025 15:11:31 demo-win-dc-local
<Executing at WA_AGENT>
SUCCESS 02/18/2025 15:11:43 1 PD 02/18/2025 15:11:43 demo-win-dc-local
Original Message:
Sent: Feb 12, 2025 12:01 PM
From: Hector Mendoza
Subject: Run Windows CMD Jobs on AutoSys 12.1 using gMSA
Thank you Jon and Antony,
I have made the suggested updates:
/* ----------------- COPY_FILES ----------------- */ insert_job: COPY_FILES job_type: CMD command: D\:\copyFiles.batmachine: hm-1234567.company.comowner: HM07M7R$permission: date_conditions: 1days_of_week: mo,tu,we,th,fralarm_if_fail: 1alarm_if_terminated: 1timezone: US/Centralelevated: 1
/* ----------------- hm-1234567.company.com ----------------- */ insert_machine: hm-1234567.company.comtype: afactor: 1.00 port: 7520node_name: hm-1234567.company.comagent_name: HM-1234567encryption_type: DEFAULTopsys: windowscharacter_code: ASCII
However, I still get the following error message:
STARTING
02/12/2025 11:39:25 1 PD 02/12/2025 11:39:25 hm-1234567.company.com
[*** ALARM ***]
STARTJOBFAIL 02/12/2025 11:39:35 1 PD 02/12/2025 11:39:36 hm-1234567.company.com
<Owner attribute error. The user name or password is incorrect.>
I checked the gMSA account properties on the server (PowerShell) and all return valid responses.
Script: Get-ADServiceAccount HM07M7R$
Returns: True
Script: Get-ADServiceAccount HM07M7R$ -Properties PrincipalsAllowedToRetrieveManagedPassword
Returns: {CN=HM07M7R_hosts} // Machine hm-1234567.company.com is part of HM07M7R_hosts
Any further suggestions?
Original Message:
Sent: Feb 06, 2025 03:42 AM
From: John Hiett
Subject: Run Windows CMD Jobs on AutoSys 12.1 using gMSA
Hi Hector,
Antony is correct. Here is a working example, I hope it helps.
Thanks,
Jon
Original Message:
Sent: Feb 06, 2025 03:19 AM
From: Antony Askew
Subject: Run Windows CMD Jobs on AutoSys 12.1 using gMSA
Hi Hector, 'opsys: windows' needs to be included in the machine definition of the Windows Agent machine, not in the job.
In the job definition, the account name in 'owner' needs a $ at the end.
Original Message:
Sent: Feb 05, 2025 01:07 PM
From: Hector Mendoza
Subject: Run Windows CMD Jobs on AutoSys 12.1 using gMSA
The attribute opsys: windows cannot be added for "CMD" job types. Any suggestions here?
Original Message:
Sent: Feb 05, 2025 02:30 AM
From: Chandrasekaran Venkataraman
Subject: Run Windows CMD Jobs on AutoSys 12.1 using gMSA
Hi,
opsys: windows is a machine definition/property, not job. So, update the windows agent definition with opsys:windows and retry.
Cheers
Original Message:
Sent: Feb 04, 2025 06:17 PM
From: Hector Mendoza
Subject: Run Windows CMD Jobs on AutoSys 12.1 using gMSA
Hello,
I am following the steps below to run Jobs using gMSA:
Run Jobs Using Group Managed Service Account (GMSA)
| Broadcom | remove preview |
| | Run Jobs Using Group Managed Service Account (GMSA) | | Agent can run with two types of accounts on Windows OS. By default, agent can run with the local system account. Agent can run with an account other than the local system. However, this account can be Windows OS local account, domain account, or GMSA . | | View this on Broadcom > |
|
|
However, I keep getting the following error:
<CAUAJM_E_10540 Owner User/Password error due to: USER ERROR: The username and/or password specified for "GMSAID" on machine "servername" is invalid. Run "autosys_secure" to enter the correct password.>
I am not able to specify opsys: windows as the type of Jobs are CMD (command).
Any suggestions here? Should the GMSAID have a "$" at the end?