Kerberos authentication provides a highly secure method to authenticate client and server entities (security principals) on a network. To use Kerberos authentication with SQL Server, a Service Principal Name (SPN) must be registered with Active Directory, which plays the role of the Key Distribution Center in a Windows domain. In addition, many customers also enable delegation for multi-tier applications using SQL Server. In such a setup, it may be difficult to troubleshoot the connectivity problems with SQL Server when Kerberos authentication fails.
Here are some additional reading materials for your reference.
- Kerberos Authentication Overview
- How to use Kerberos authentication in SQL Server
- Register a Service Principal Name (SPN) for Kerberos Connections
- Delegating authentication
- Troubleshooting Kerberos Delegation
- Solving Connectivity errors to SQL Server
Why use this tool?
The Kerberos Configuration Manager for SQL Server is a diagnostic tool that helps troubleshoot Kerberos related connectivity issues with SQL Server, SQL Server Reporting Services, and SQL Server Analysis Services. It can perform the following functions:
- Gather information on OS and Microsoft SQL Server instances installed on a server.
- Report on all SPN and delegation configurations and Always On Availability Group Listeners installed on a server.
- Identify potential problems in SPNs and delegations.
- Fix potential SPN problems.
This release (v4.0) adds support for Always On Availability Group Listeners.
To download the tool https://www.microsoft.com/en-us/download/details.aspx?id=39046.