GMSA as SQL Server Login

can gmsa used sql server login?

we using gmsa accounts our iis application pools , applications host need access sql server resources. each application accessing sql server gmsa account application running under. we've created logins , assigned appropriate permissions gmsa accounts appropriate databases. gmsa accounts work until gmsa password changed on default 30 day interval. after password change, seeing error 18456, severity 14, state 38.

does iis authenticate kerberos, or ntlm?

eg

select session_id, client_net_address, auth_scheme,* sys.dm_exec_connections

ntlm authentication based on password hashes, if iis presents out-of-date hash, ntlm auth fail.  kerberos should work.

does login problem go away if bounce app pool?

david

---

david http://blogs.msdn.com/b/dbrowne/

SQL Server  >  SQL Server Security