Skip to main content

Kerberos Configuration Manager for SQL Server v3

By David Postlethwaite

I’m speaking about Kerberos for the SQL DBA at SQL Saturdays in Oslo, Gothenburg and Utrecht in September 2015.
Kerberos is one of those things that can drive you nuts and it’s easy to get it wrong.


If you are not aware Microsoft have produced a program to help SQL Server DBAs called Kerberos Configuration Manager (KCM). This is an excellent tool to help you to configure and check your SPNs for a SQL Server instance.


During my preparations for SQL Saturday I have come across a problem with it. I’ve been using KCM version 2 for the last year but this didn’t support SQL 2014 instances so I upgraded to version 3. This is much improved - as well as recognising SQL 2014 it now supports Analysis Services as well.
However I hit a problem with v3. It works fine on a Windows server with SQL 2014 installed, here it will recognise any older instance installed on that server as well but if you have a server with only an older version of SQL (in my case just SQL 2012) then it won’t recognise that instance and displays an error saying no SQL Server found.
Looking in the error log KCM reads the WMI to find the SQL information. With v3 it looks in root\Microsoft\SqlServer\ComputerManagement12 . This will only exist if SQL 2014 has been installed and this explains why it couldn’t find my SQL 2012 instance.


I uninstalled v3 and reinstalled v2 and that found my SQL 2012 server without issue.


Looking at the logs v2 looks in root\Microsoft\SqlServer\ComputerManagement11. I suspect that if you only have a SQL 2008 or 2005  instance it won’t work for you either.

I’d be interested to hear from anyone who has also encountered this problem and if they have found a fix.

Comments

Popular posts from this blog

SQL Server 2012 and Virtual Service Accounts

This post is written by David Postlethwaite
If you are using SQL Server 2012 you will probably have noticed that the default account for the SQL services has changed from that used in previous versions. With SQL 2005 and 2008 the default account for SQL service and SQL Agent service was “NT Authority\System”. This is one the built in accounts on a Windows machine, managed by the machine and selectable from a dedicated dropdown list

The Network Service account was introduced in Windows 2003 as an alternative to using the LocalSystem account, which has full local system privileges on the local machine, a major security concern.
The Network Service has limited local privileges easing these security concerns but when many services on a machine use the Network Service account it becomes harder to track which service is actually accessing resources and performing actions, because all the services are using the one Network Service account.
Also, this account, by default, has sysadmin per…

Always Encrypted

By David Postlethwaite

Always Encrypted is new features in SQL Server 2016 and it is also available in Azure SQL Database. Here you can encrypt columns in a table with a master key and a certificate so that they will appear as encrypted strings to those who don’t have the required certificate installed on their pc.
Once the certificate is installed on the computer then the unencrypted data can then be seen as normal.

The data passes from database to your application as the encrypted value, only the application with the correct certificate can unencrypt the data so it is secure across the wire. This will go some way to resolving the concern of people worried about putting their sensitive data on a shared server in the cloud such as Microsoft Azure and accessing the data across the Internet.

At the time of writing Always Encrypted is only supported with ADO.NET 4.6, JDBC 6.0 and ODBC 13.1 but expect other driver to become available.

The calling application (including SSMS) must also hav…

New in SQL Server 2017: Graph Databases

David has recorded and published a video of his presentation on SQL Server Graph Database. In his video which you can watch below, David provides an excellent introduction into SQL Server 2017 Graph Databases. In his presentation he looks at Tennis results at tournaments for  his favourite player "The Fed"  Rodger Federer.

David  shows how to set up graph database and work with them in SQL Server 2017.

Graph Database is not new. Other vendors have had graph database capabilities for some time so Microsoft are quite late to the market. In David presentation it appears that Microsoft have done a reasonable job of implementing some of the graph database features but he does point some of the limitations of the Microsoft product too and suggests that it is not ready for production yet but Microsoft seem serious about this feature.

Please watch the video and feel free to leave a comment or feedback - David is delivering a version of this talk on Graph databases in SQL Saturday Ka…