web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / On premises implementa...
Finance | Project Operations, Human Resources, ...
Answered

On premises implementation New-ADServiceAccount : Key does not exist

(0) ShareShare
ReportReport
Posted on by w.sallam 2,259

Hi all

I'm trying to deploy Dynamics 365 on premises.

I follow the guide from Microsoft and went to create gMSA and domain user accounts

I should run this script on PowerShell :

Import-Module .\D365FO-OP\D365FO-OP.psd1
New-D365FOGMSAAccounts -ConfigurationFilePath .\ConfigTemplate.xml

But I got this error everytime: 

PS C:\infrastructure> Import-Module .\D365FO-OP\D365FO-OP.psd1

New-D365FOGMSAAccounts -ConfigurationFilePath .\ConfigTemplate.xml
New-ADServiceAccount -name svc-AXSF$ -DnsHostName svc-AXSF.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-AXSF.d365ffo.onprem.L
ogic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-AXSF$ -DnsHostName svc-AXSF.d365ffo.on ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-AXSF$,CN...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount
 
New-ADServiceAccount -name svc-LocalAgent$ -DnsHostName svc-LocalAgent.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-LocalAgen
t.d365ffo.onprem.Logic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-LocalAgent$ -DnsHostName svc-LocalAgen ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-LocalAge...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount
 
New-ADServiceAccount -name svc-FRCO$ -DnsHostName svc-FRCO.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-FRCO.d365ffo.onprem.L
ogic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-FRCO$ -DnsHostName svc-FRCO.d365ffo.on ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-FRCO$,CN...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount
 
New-ADServiceAccount -name svc-FRPS$ -DnsHostName svc-FRPS.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-FRPS.d365ffo.onprem.L
ogic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-FRPS$ -DnsHostName svc-FRPS.d365ffo.on ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-FRPS$,CN...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount
 
New-ADServiceAccount -name svc-FRAS$ -DnsHostName svc-FRAS.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-FRAS.d365ffo.onprem.L
ogic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-FRAS$ -DnsHostName svc-FRAS.d365ffo.on ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-FRAS$,CN...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount

I hope I could find help to this issue.

poo.jpg

I have the same question (0)
  • Verified answer
    Sorabh Goel Profile Picture
    Sorabh Goel 55 on at

    Check the first known issue : docs.microsoft.com/.../setup-deploy-on-premises-pu12

  • w.sallam Profile Picture
    w.sallam 2,259 on at

    Thanks Sorabh for the tip.

    this solved my issue. just needed to run this command :

    Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))

    thanks again

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Meet the Microsoft Dynamics 365 Contact Center Champions

We are thrilled to have these Champions in our Community!

Congratulations to the March Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Giorgio Bonacorsi Profile Picture

Giorgio Bonacorsi 688

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 524 Super User 2026 Season 1

#3
CP04-islander Profile Picture

CP04-islander 301

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP
License usage reporting (in-app and PPAC) with Entra dynamic groups

Product updates

Dynamics 365 release plans