Replication and group Managed Service Accounts

SQL Server 2012 supports Managed Service Account (MSA) is a special type of domain account assigned to a single computer used to manage a service like SQL Server, but no passwords to remember! SQL Server 2014+ support group Managed Service Account (gMSA) provides the same functionality within the domain but also extends that functionality over multiple servers using the same domain account.

https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview
https://blogs.msdn.microsoft.com/markweberblog/2016/05/25/group-managed-service-accounts-gmsa-and-sql-server-2016/
http://blogs.technet.com/b/askpfeplat/archive/2012/12/17/windows-server-2012-group-managed-service-accounts.aspx

For Replication, the security dialogs require a PASSWORD when configuring Agent to execute under a Windows account.  The user login and password are stored in a SQL Server Credential under which SQL Agent launches the individual replication Agent. SQL Server Credentials based on Windows accounts require a password, however, for MSA and gMSA there is no user entered password!

To use Managed Service Account (MSA) or group Managed Service Account (gMSA) with Replication, configure the SQL Agent Service account in SQL Configuration Manager with the MSA or gMSA. Note no password is supplied in the dialog, just the domain and gMSA account.

Next change the Replication Agents to “Run under the SQL Server Agent service account”.

Chris Skorlinski
Microsoft SQL Server Escalation Services