Released: update for Kerberos Configuration Manager for SQL Server

Pedro Lopes · ‎Jan 17 2020

The Kerberos Configuration Manager for SQL Server is a diagnostic tool that helps troubleshoot Kerberos related connectivity issues with SQL Server, SQL Server Reporting Services (SSRS), and SQL Server Analysis Services (SSAS). It can perform the following functions:

Collect information about operating system (OS), Microsoft SQL Server instances, and Always On Availability Group Listeners installed on a server.
Report all Service Principal Name (SPN) and delegation configurations on the server.
Identify potential problems in SPNs and delegations.
Fix potential SPN problems.

The new release (v4.2) adds support for SQL Server 2019.

You can download the tool here, as well as read its install and usage instructions.

TeunvdB · ‎Jan 20 2020

Hi Pedro,

First of all thank you for the latest version! I've been using this tool for quite some time now and it works great.

One remark though; If you're using GMSA accounts for your SQL Server this till will set them, and if you run the tool again it will give the status "Misplaced". When you fix it and check again same story...

When i check it via setspn -l accountname it shows the SPN that was set via the tool...

It would be great if this could be addressed and fixed as well.

Any thoughts about this?

Thank you.

Teun

DVKalashnikov · ‎Jan 24 2020

Thanks for the update, @Pedro Lopes !

Support SQL Server 2019 is what was really missing in the previous version. Great job!

pgriffith · ‎Feb 21 2020

Are there circumstances where SPN with the HOSTNAME/ NETBIOS name is needed along with the default SPNs with Fully Qualified Domain Name (FQDN)? This rumor can be found here https://blogs.msdn.microsoft.com/dataaccesstechnologies/2016/04/27/sqlcmd-2014-fails-to-authenticate.... Would this also apply when running SQL Server under a domain service account? I have noticed the new release (4.2) refuses to install over the old release, falsely claiming that a newer release is already installed.

Pedro Lopes · ‎Feb 21 2020

@pgriffith that is a SQLCMD requirement and uncommon. The tool generates all required SPNs as stated in https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-...

TeunvdB · ‎Feb 22 2020

@Pedro Lopes any feedback on my question ? :)

Pedro Lopes · ‎Feb 24 2020

@TeunvdB are you using an admin account to run the tool? Check the logs under %APPDATA%\Microsoft\KerberosConfigMgr and look for “Attempting to remove SPN ..” and “Attempting to add SPN...“ messages, what do you see there?

TeunvdB · ‎Mar 16 2020

@Pedro Lopes Sorry for the late reponse. We did this last Friday again.

10-3-2020 14:45:23 Info: Attempting to fix SPN issue
10-3-2020 14:45:23 Info: Attempting to remove SPN MSSQLSvc/SERVERNAME.my.domain.com from account eu\GMSAACCOUNT$ on domain my.domain.com .
10-3-2020 14:45:23 Info: Attempting to add SPN MSSQLSvc/SERVERNAME.my.domain.com for account eu\GMSAACCOUNT$ on domain my.domain.com .
10-3-2020 14:45:23 Info: Attempting to add SPN MSSQLSvc/SERVERNAME.my.domain.com for account PACCAR-EU\GMSAACCOUNT$ on domain my.domain.com .
10-3-2020 14:45:24 Info: SPNs appear to be assigned appropriately.
10-3-2020 14:45:24 Info: Attempting to remove SPN MSSQLSvc/SERVERNAME.my.domain.com:1433 from account eu\GMSAACCOUNT$ on domain my.domain.com .
10-3-2020 14:45:24 Info: Attempting to add SPN MSSQLSvc/SERVERNAME.my.domain.com:1433 for account eu\GMSAACCOUNT$ on domain my.domain.com .
10-3-2020 14:45:24 Info: Attempting to add SPN MSSQLSvc/SERVERNAME.my.domain.com:1433 for account PACCAR-EU\GMSAACCOUNT$ on domain my.domain.com .
10-3-2020 14:45:24 Info: SPNs appear to be assigned appropriately.

According to SQL Server it is ok:

However when i look in the tool:

Is this sufficient information ?

Thanks, Teun vd Biggelaar

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Released: update for Kerberos Configuration Manager for SQL Server