Create GMSA account

a.ps1

Import-module ActiveDirectory
Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10));
New-ADServiceAccount -Name containerhost -DNSHostName servicefabric.ad.local -PrincipalsAllowedToRetrieveManagedPassword "Domain Controllers",
 "domain admins", "CN=Container Hosts,CN=Builtin, DC=ad, DC=local" -KerberosEncryptionType RC4, AES128, AES256