1

Running v3.1 of the SQL Server Kerberos Configuration Manager (KerberosConfigMgr) on Windows Server 2012 against a SQL Server Developer 2016 instance on same server.

Running tool as admin (logged in to server as domain admin account).

Default blank details specified in the Kerberos tool. I have also tried entering details of another server running same version of SQL along with my domain admin user account details, with same result.

The application thinks for about 10 seconds then responds with error message "Unable to access User Principal information from the System"

Log has the following:

10/31/2017 2:41:09 AM Error: Access of User Principal information failed System.DirectoryServices.AccountManagement.PrincipalServerDownException: The server could not be contacted. ---> System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
   at System.DirectoryServices.Protocols.LdapConnection.Connect()
   at System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   --- End of inner exception stack trace ---
   at System.DirectoryServices.AccountManagement.PrincipalContext.ReadServerConfig(String serverName, ServerProperties& properties)
   at System.DirectoryServices.AccountManagement.PrincipalContext.DoServerVerifyAndPropRetrieval()
   at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name, String container, ContextOptions options, String userName, String password)
   at System.DirectoryServices.AccountManagement.PrincipalContext..ctor(ContextType contextType, String name)
   at KerberosCM.WMIHelper.TryGetUser(SystemInfo mi, UserPrincipal& user)

As a test, I have successfully run ADFind to get a listing of admin users from the default DC.

I have tried all solutions from this post to no avail (no orphaned GUID users in local administrators group, run tool as a different user account) Kerberos Configuration Manager for SQL Server error "unable to access user principal information from the system"

Any ideas what else I can do here?

Thomas
  • 4,155
  • 5
  • 21
  • 28
Luke Oglethorpe
  • 11
  • 1
  • 3
  • It says it can’t contact your ldap server. In other words it can’t contact your active directory server most likely. Are your DNS settings correct on the sql server? Primary DNS should be pointing to a DC. Whatever is causing this issue might be the same reason you are running this tool in he first place. Maybe start by explaining that also. – Appleoddity Oct 31 '17 at 03:40
  • Yes the server has primary DNS being a DC (and another as backup). I have been able to successfully query the directory on both DCs from the SQL Server using the ADFind tool. You are correct, I am running this Kerberos tool in order to troubleshoot deployment of a SQL Server Analysis Services project from within Visual Studio. All other AD auth with the server has been fine (eg from SQL Management Studio, RDP etc) – Luke Oglethorpe Oct 31 '17 at 04:18
  • Well, in an instance like this sometimes Wireshark is your best friend. Sometimes it takes seeing the traffic to determine what it is actually doing and failing on. Maybe you’ll see the DNS lookup or the connection attempt that is failing. – Appleoddity Oct 31 '17 at 04:23

1 Answers1

0

I ended up using Wireshark and could see that the ldap query made by KerberosConfigMgr was being successfully sent and responded to. I gave up on the KerberosConfigMgr issue and returned to my Analysis Services project and resolved other reasons why it wasn't deploying - the authentication seemed to be a red herring for other problems within the OLAP cube in Visual Studio. cc thanks to appleoddity

Luke Oglethorpe
  • 11
  • 1
  • 3