5

When I launch the Kerberos Configuration Manager for SQL Server and try to connect to the local machine it's on, I am getting the error "Kerberos Configuration Manager for SQL Server error "unable to access user principal information from the system"

Google searches return minimal results.

http://social.technet.microsoft.com/Forums/en-US/717d6821-f3f4-43a6-8bba-5eb4804df499/unable-to-access-user-principal-information-from-the-system-error-when-trying-to-launch-kerberos?forum=sqltools

http://social.msdn.microsoft.com/Forums/sqlserver/en-US/717d6821-f3f4-43a6-8bba-5eb4804df499/unable-to-access-user-principal-information-from-the-system-error-when-trying-to-launch-kerberos?forum=sqltools

I am working in a single domain with a single account. None of the users on this system are orphaned or displaying a GUID instead of their ID.

I really want to use this tool to help troubleshoot my Reporting Services kerberos issues.

The log generated by the tool is displaying the following errors:

9/16/2014 11:43:05 AM Info: Connect to WMI, \root\cimv2
9/16/2014 11:43:37 AM Error: Access of system information failed System.Runtime.InteropServices.COMException (0x80070035): The network path was not found.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.AccountManagement.SAMStoreCtx.ResolveCrossStoreRefToPrincipal(Object o)
   at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNextForeign()
   at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNext()
   at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.MoveNext()
   at System.Linq.Enumerable.Contains[TSource](IEnumerable`1 source, TSource value, IEqualityComparer`1 comparer)
   at KerberosCM.WMIHelper.TryIsUserLocalAdmin(SystemInfo si, UserPrincipal user, Boolean& isLocalAdmin)
9/17/2014 8:36:08 AM Info: Connect to WMI, \root\cimv2
9/17/2014 8:36:10 AM Error: Access of system information failed System.Runtime.InteropServices.COMException (0x80070035): The network path was not found.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.AccountManagement.SAMStoreCtx.ResolveCrossStoreRefToPrincipal(Object o)
   at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNextForeign()
   at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNext()
   at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.MoveNext()
   at System.Linq.Enumerable.Contains[TSource](IEnumerable`1 source, TSource value, IEqualityComparer`1 comparer)
   at KerberosCM.WMIHelper.TryIsUserLocalAdmin(SystemInfo si, UserPrincipal user, Boolean& isLocalAdmin)
Geoff Dawdy
  • 213
  • 1
  • 2
  • 9
  • I suppose your permissions are sufficient, right? – spaghettidba Sep 17 '14 at 15:53
  • What permissions do I need? I'm in the administrators group on the server. I've installed it on the server and I'm connecting locally. I can perform setspn -l commands so I should have sufficient permissions. – Geoff Dawdy Sep 17 '14 at 16:00
  • Are you running it as a local user or domain user? Are you giving it the local or domain user credentials (when it asks)? – Sean Gallardy - Mostly Retired Sep 17 '14 at 20:16
  • I am running it as the account which I'm logged into the server as, which is a domain user. I'm not giving it any credentials since I am connecting to the local machine. I have tried providing the domain user credentials as well and that didn't work either. – Geoff Dawdy Sep 17 '14 at 20:21
  • When you "point it" to the local machine, are you using the FQDN, short name, or something else? Try using the FQDN and supplying the domain credentials. – Sean Gallardy - Mostly Retired Sep 17 '14 at 21:23
  • The instructions for the tool state no server name needs to be entered. However, I've tried it both ways and they still fail. – Geoff Dawdy Sep 17 '14 at 22:30
  • Is there anything in the Kerberos Configuration Manager Log file that provides more details on what is happening? Files are located in the following path: C:\Users\\AppData\Roaming\Microsoft\KerberosConfigMgr – Adam S. Sep 17 '14 at 21:38
  • Adam, thank you so much for responding to my tweet. I've updated the question to include the errors showing up in the log. – Geoff Dawdy Sep 17 '14 at 22:26
  • When you run it, try either setting it to run as an administrator or right-clicking and choosing run as admin when launching. – Sean Gallardy - Mostly Retired Sep 18 '14 at 16:50
  • I tried that as well. Still not working. – Geoff Dawdy Sep 18 '14 at 17:10
  • have you managed to resoble this problem? – Zerg00s Mar 11 '15 at 08:52

6 Answers6

11

I know this is a really old post, but for anyone that is still having this issue... I managed to work around it by going into my local administrators group on the server and clearing out any accounts showing up as a GUID.

Once I did that, I was able to launch the tool, fill in no server/user info and just hit connect. It logged right in after that.

(I know the original poster said he already checked for that, but this is what resolved this issue for me).

Ben Sala
  • 126
  • 2
  • 3
1

I know this thread is old, but I was having the same issue. In my case the Remote Registry service was not running. I have found that on some servers it is just running, and on others it shows Automatic (trigger start), and in both of those cases I can use the tool successfully. If the service is manual/disabled, etc... and not running, this error occurred.

Richard Webster
  • 11
  • 1
1

Mine was similar to the other answers but slightly different. I had an account from another domain in the Local Administrators group. I'm not sure the exact type of trust that was present. After removing that account the tool was able to run.

graz
  • 11
  • 1
1

I had the same issue on SQL 2016 hosted on a Windows Server 2016.

Running as admin didnt resolve my problem. I had to 'Run as a different user', then I logged in as my Active Directory domain admin. Then I was able to connect to the hosted SQL server.

Dongminator
  • 111
  • 2
1

Got exactly the same problem, How I fixed it?

I went to local users and groups on the server with SPN issues Groups>Administrators> and removed any account that is not part of the same domain as the server.

I had a user account from another domain, after removing it and trying the App again it worked.

Cheers.

Amani
  • 11
  • 1
0

In addition to removing the GUID entry from the local Administrator group, I had to run the tool remotely from another machine on the domain in order to avoid the System.Runtime.InteropServices.COMException

djoyce
  • 103
  • 2