I have tried a few times to get this working without success and not quite sure what is missing in the permissions to allow this to run and cannot find any specific documentation around the scenario.
Windows server 2019 with Powershell 7.1.3 and Windows Powershell, the server has a group managed service account installed.
Making a really basic session capability and role file which is just the defaults except for the extra line in the capability for the gMSA.
GroupManagedServiceAccount = 'domain\gMSA'
If I register the session configuration in Windows PowerShell this works as expected and I can enter the session.
If I register this in PowerShell 7 I get the following error
New-PSSession: [server.domain.com] Connecting to remote server server.domain.com failed with the following error message : <f:WSManFault xmlns:f="http://schemas.microsoft.com/wbem/wsman/1/wsmanfault" Code="2689860592" Machine="server.domain.com"><f:Message><f:ProviderFault provider="PSSessionConfigurationName" path="C:\Windows\system32\PowerShell\7.1.3\pwrshplugin.dll"></f:ProviderFault></f:Message></f:WSManFault> For more information, see the about_Remote_Troubleshooting Help topic.
However if I make the gMSA a local admin on the server or if I just use a virtual account then everything works. So this means Firewall, configuration and remoting is all working but there is some permission missing.
So what I cannot work out is what are the minimum permissions required to PS remoting to work with a gMSA? and why does Windows PowerShell work without the additional permissions