New tool: "Microsoft Kerberos Configuration Manager for SQL Server" is ready to resolve your Kerberos/Connectivity issues

  • Article

 

You can download "Microsoft Kerberos Configuration Manager for SQL Server" from here  

 

Microsoft Kerberos Configuration Manager for SQL Server is a diagnostic tool that helps troubleshoot Kerberos related connectivity issues with SQL Server.

Kerberos authentication provides a highly secure method to authenticate client and server entities (security principals) on a network.  To use Kerberos authentication with SQL Server, a Service Principal Name (SPN) must be registered with Active Directory, which plays the role of the Key Distribution Center in a Windows domain.  In addition, many customers also enable delegation for multi tier applications using SQL Server.  In such a setup, it may be difficult to troubleshoot the connectivity problems with SQL Server when Kerberos authentication fails.

The Kerberos Configuration Manager for SQL Server is a diagnostic tool that helps troubleshoot Kerberos related connectivity issues with SQL Server.   It can perform the following functions:

  • Gather information on OS and Microsoft SQL Server instances installed on a server.
  • Report on all SPN and delegation configurations on the server.
  • Identify potential problems in SPNs and delegations.
  • Fix potential SPN problems.

Supported Operating System

       Windows 7, Windows 8, Windows Server 2008 R2 SP1, Windows Server 2012

       The following are required on the machine where the Kerberos Configuration Manager for SQL Server is launched: 

    • .Net framework 4.0 or higher

 

To Install:

  1. Download the 32bit or 64bit version of the Kerberos Configuration Manager installer that matches your computer’s OS architecture.
  2. Click Open to start the installation immediately or click Save to save the installation .msi file to disk and install it later.
  3. Accept the license term of this tool.
  4. Click Next to complete the installation.

To Launch the Tool:

  1. After the installation is complete successfully, double click the KerberosConfigMgr.exe  to launch the application.

To Generate SPN List from Command Line:

  1. Go to command line.
  2. Switch to the folder where KerberosConfigMgr.exe is.
  3. Type KerberosConfigMgr.exe -q -l
  4. For more command line option, type KerberosConfigMgr.exe -h

To Save a Server’s Kerberos Configuration Information:

  1. Connect to the target windows server.
  2. Click on Save button on the toolbar
  3. Specify the location where you want the file to be saved at.  It can be on a local drive or network share.
  4. The file will be saved as .XML format.

To View a Server’s Kerberos Configuration Information from Saved File:

  1. Click on the Load button on the toolbar.
  2. Open the XML file generated by Kerberos Configuration Manager.

To Generate a Script to Fix SPN from Command Line:

  1. Click on the Generate button for the SPN entry.
  2. The generated script can be used by a user who has privilege to fix the SPN on the server.

To See the Log Files for this Tool:

  1. By default, one log file is generated in the user’s application data folder.

To Get Help:
Option 1: Hover the mouse cursor over the command for tooltip. 
Option 2:  Run KerberosConfigMgr.exe –h from command line
Option 3: Click the Help button in the toolbar.