In SQL Server 2012, service accounts are created as virtual accounts (VAs), as described here, as opposed to managed service accounts (MSAs).
The important differences I can see for these, based on the descriptions:
- MSAs are domain accounts, VAs are local accounts
- MSAs use automagic password management handled by AD, VAs have no passwords
- in a Kerberos context, MSAs register SPNs automatically, VAs do not
Are there any other differences? If Kerberos is not in use, why would a DBA ever prefer an MSA?
UPDATE: Another user has noted a possible contradiction in the MS docs concerning VAs:
The virtual account is auto-managed, and the virtual account can access the network
in a domain environment.versus
Virtual accounts cannot be authenticated to a remote location. All virtual accounts
use the permission of machine account. Provision the machine account in the format<domain_name>\<computer_name>$.
What is the "machine account"? How/when/why does it get "provisioned"? What is the difference between "accessing the network in a domain environment" and "authenticating to a remote location [in a domain environment]"?