We use group managed service accounts for running the SQL Server 2017/2019 sqlserver.exe processes on Windows Server 2016 in an AD domain. As far as I know this is recommended by Microsoft. This worked well for at least 1 year, but since 4-5 months we have the problem that some of these group managed service accounts (seems to be randomly distributed) are not able to receive their password from the domain controller anymore, therefore sqlserver.exe could not start up. If we execute
the sqlserver.exe process starts up again.
Does anybody has an idea or give a hint what is causing this problem?
PS: Yes, I have asked the AD guru, but he couldn´t work out any solution. As a temporary solution he recommended the use of classical service accounts.