We are pleased to announce the latest generally-available (GA) of Microsoft Kerberos Configuration Manager for SQL Server.
Note : this replaces the previously released v4.0.
Kerberos authentication provides a highly secure method to authenticate client and server entities (security principals) on a network. To use Kerberos authentication with SQL Server, a Service Principal Name (SPN) must be registered with Active Directory, which plays the role of the Key Distribution Center in a Windows domain. In addition, many customers also enable delegation for multi-tier applications using SQL Server. In such a setup, it may be difficult to troubleshoot the connectivity problems with SQL Server when Kerberos authentication fails.
Here are some additional reading materials for your reference.
- Kerberos Authentication Overview
- How to use Kerberos authentication in SQL Server
- Register a Service Principal Name (SPN) for Kerberos Connections
- Delegating authentication
- Troubleshooting Kerberos Delegation
- Solving Connectivity errors to SQL Server
Why use this tool?
The Kerberos Configuration Manager for SQL Server is a diagnostic tool that helps troubleshoot Kerberos related connectivity issues with SQL Server, SQL Server Reporting Services, and SQL Server Analysis Services. It can perform the following functions:
- Gather information on OS and Microsoft SQL Server instances installed on a server.
- Report on all SPN and delegation configurations and Always On Availability Group Listeners installed on a server.
- Identify potential problems in SPNs and delegations.
- Fix potential SPN problems.
This release (v4.1) adds support for Always On Availability Group Listeners, and fixes SPN format incompatibility with Windows Server 2008 and 2008 R2 (introduced in v4.0).
- Microsoft Kerberos Configuration Manager for SQL Server requires a user with permission to connect to the WMI service on any machine its connecting to. For more information, refer to Securing a Remote WMI Connection.
- For Always On Availability Group Listeners discovery, run this tool from the owner node.
- Also, if needed for troubleshooting, the Kerberos Configuration Manager for SQL Server creates a log file in %AppData%\Microsoft\KerberosConfigMgr.