web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / On premises implementa...
Finance | Project Operations, Human Resources, ...
Answered

On premises implementation New-ADServiceAccount : Key does not exist

(0) ShareShare
ReportReport
Posted on by w.sallam 2,259

Hi all

I'm trying to deploy Dynamics 365 on premises.

I follow the guide from Microsoft and went to create gMSA and domain user accounts

I should run this script on PowerShell :

Import-Module .\D365FO-OP\D365FO-OP.psd1
New-D365FOGMSAAccounts -ConfigurationFilePath .\ConfigTemplate.xml

But I got this error everytime: 

PS C:\infrastructure> Import-Module .\D365FO-OP\D365FO-OP.psd1

New-D365FOGMSAAccounts -ConfigurationFilePath .\ConfigTemplate.xml
New-ADServiceAccount -name svc-AXSF$ -DnsHostName svc-AXSF.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-AXSF.d365ffo.onprem.L
ogic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-AXSF$ -DnsHostName svc-AXSF.d365ffo.on ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-AXSF$,CN...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount
 
New-ADServiceAccount -name svc-LocalAgent$ -DnsHostName svc-LocalAgent.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-LocalAgen
t.d365ffo.onprem.Logic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-LocalAgent$ -DnsHostName svc-LocalAgen ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-LocalAge...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount
 
New-ADServiceAccount -name svc-FRCO$ -DnsHostName svc-FRCO.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-FRCO.d365ffo.onprem.L
ogic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-FRCO$ -DnsHostName svc-FRCO.d365ffo.on ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-FRCO$,CN...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount
 
New-ADServiceAccount -name svc-FRPS$ -DnsHostName svc-FRPS.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-FRPS.d365ffo.onprem.L
ogic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-FRPS$ -DnsHostName svc-FRPS.d365ffo.on ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-FRPS$,CN...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount
 
New-ADServiceAccount -name svc-FRAS$ -DnsHostName svc-FRAS.d365ffo.onprem.Logic.com -ServicePrincipalNames http/svc-FRAS.d365ffo.onprem.L
ogic.com -PrincipalsAllowedToRetrieveManagedPassword AOS01$
New-ADServiceAccount : Key does not exist
At line:1 char:1
+ New-ADServiceAccount -name svc-FRAS$ -DnsHostName svc-FRAS.d365ffo.on ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=svc-FRAS$,CN...DC=Logic,DC=com:String) [New-ADServiceAccount], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:-2146893811,Microsoft.ActiveDirectory.Management.Commands.NewADServiceAccount

I hope I could find help to this issue.

poo.jpg

I have the same question (0)
  • Verified answer
    Sorabh Goel Profile Picture
    Sorabh Goel 55 on at

    Check the first known issue : docs.microsoft.com/.../setup-deploy-on-premises-pu12

  • w.sallam Profile Picture
    w.sallam 2,259 on at

    Thanks Sorabh for the tip.

    this solved my issue. just needed to run this command :

    Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10))

    thanks again

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Martin Dráb Profile Picture

Martin Dráb 544 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 450 Super User 2025 Season 2

#3
Sohaib Cheema Profile Picture

Sohaib Cheema 250 User Group Leader

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans