I am working on being able to connect services hosted within a Windows container to SQL Server using Integrated Security.
As per the Microsoft documentation, I have created a grouped managed service account (gMSA), credentials spec and my container hosts have access to the gMSA - https://learn.microsoft.com/en-us/virtualization/windowscontainers/manage-containers/manage-serviceaccounts
I have been testing the connection by using the SQL Server PowerShell module within the following container:
docker run --security-opt "credentialspec=file://mygsma.json" -it mcr.microsoft.com/windows/servercore:ltsc2019 powershell
Problem:
When running the container in hyper-v isolation mode, I get the following error SQL Server error:
Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.
If I run the container in process isolation mode, I am able to successfully login to SQL Server using the gMSA. As far as I'm aware there is nothing to suggest that Integrated authentication for hyper-v containers is not supported.
There was a bug which prevented you using gMSAs with Hyper-V isolated containers on Windows 10 versions 1703, 1709, and 1803. However, I'm using Windows 10 version 1809 and can confirm the gMSA can be accessed by the container.
Any ideas?