Contained Availability Groups are the most recent update to the Availability Groups feature, and a great update at that! They are completely new in SQL Server 2022, and like any new feature (or even mature ones) there will be some bugs. Enter in some Access Violations (AVs) that may occur when creating a new contained availability group.
If you’re attempting to create a new contained AG and hitting an AV, you can look at the dump stack (I also have a free tool to help do this for you) and see if it has the following function calls before the exception:
sqlmin!CMEDProxyLogin::SetRoleMembership sqlmin!MoveLoginsToAgMasterBase sqlmin!StartUp::DoAgMasterFixups sqlmin!StartUp::CreateAndStartAgMaster sqlmin!CHadrArController::CreateContainedAGMaster
If you see the above, there is a currently known issue (I had reported this a long time ago as a bug) that should be fixed in an upcoming CU. If you don’t want to wait to get it then you can remove any logins that are part of custom created server roles (or remove the roles entirely) and re-create the contained availability group. I was able to debug this that far with public symbols, though there may be other cases where this could occur.
I can confirm the same as we’ve been battling this for about two months, with both manual and automated builds. The user and automation accounts are members of a domain group, and the domain group is Administrator and sysadmin.
There was a custom instance role created and that same group was a member. There were no DENY’s in that role (not that should matter with sysadmin).
Removing the domain group from the custom role solved the issue. We did not need to remove the role. Adding the accounts directly to sysadmin did not work either.