Unable to Process Item Error when Using gMSA in Netwrix Auditor

Symptom

You may get a variety of errors referring to the logon/impersonation issues, depending on the data collection scope affected.

For instance, using gMSA for Netwrix Auditor for File Servers, you encounter the following error in the Health Log:

Unable to process item: A logon request contained an invalid logon type value.

Causes

On January 10th 2023 Microsoft has released a security update affecting the pre-10.5.11041 Netwrix Auditor versions ability to impersonate gMSA. Refer to the following article for additional information on the update: Update KB5022291

In Netwrix Auditor version 9.96 group managed service accounts can be used instead of regular service accounts in a limited number of cases. Refer to the following article for additional information: Use Group Managed Service Account(gMSA). Permissions for gMSA are the same as for regular service accounts, refer to the following article for additional information: Data Collecting Account

Solution

For the pre-10.5.11041 Netwrix Auditor version, make sure to update your Netwrix Auditor instance — refer to the following articles for additional information: How to Upgrade Netwrix Auditor and Upgrade Increments for Netwrix Auditor