MatheusPP

Do the local account the KSC can generate on installation (KL-...) have any special property or I can generate a manual local account on the server?

I tried that, the "LocalSystem Account" option is greyed out, it seems I can only change to other AD Service account or I need to generate the local account manually somehow...

No, each server has its own DBMS, they are locally installed on each server, with the only diffence been this configuration as far as I remember.

I only saw disconnects during reboots, it stays connected, I can browse the menus, see policies and KSC server properties, can see the tasks, packages, but all the devices go missing. I should point out, I have other collegues using the same KSC and they are unable to reproduce my problem. I believe this to be an issue with my account been the one used to install the KSC.

The account used for the installation of KSC do not have automatic password rotation and has not changed its password since installation. The account that runs the services is a group Managed Service Account that also connects to the database (SQL Server) using Windows Authentication, configured following guidance from: Step 9. Selecting the account to start Administration Server (kaspersky.com)

Hi, I have recently splitted my KSC in servers/desktops and recreated them on Windows Server 2022, following the online documentation for installation, the only difference been one was configured with a AD group managed service account and the other using the autogenerated local account. After this rebuild I am seeing a wierd behavior on the KSC with the gMSA account. Every time I, using the my priviledged account that installed the application, run a task like installing KES remotely, I lose all my permissions to see devices after some progress on the task. I can disconnect and connect normally, but on the monitoring dashboard it reports 0 devices managed (normally would display near 200), if I browse to the groups I cant see any devices. If I reboot the KSC server and reconnect the console, everything is back to normal. At first it seems to be random, but I manage to correlate it to happen after I start some tasks. I was unable to reproduce this problem on the other KSC that is running with the local account. I tried to look into the documentation for a way to change the service account, but it seems it is not possible to migrate out of a gMSA for a local account, only the other way around. Any idea in how to fix this?