Kerberos Configuration Manager for SQL Server error "unable to access user principal information from the system"

5

When I launch the Kerberos Configuration Manager for SQL Server and try to connect to the local machine it's on, I am getting the error "Kerberos Configuration Manager for SQL Server error "unable to access user principal information from the system"

Google searches return minimal results.

http://social.technet.microsoft.com/Forums/en-US/717d6821-f3f4-43a6-8bba-5eb4804df499/unable-to-access-user-principal-information-from-the-system-error-when-trying-to-launch-kerberos?forum=sqltools

http://social.msdn.microsoft.com/Forums/sqlserver/en-US/717d6821-f3f4-43a6-8bba-5eb4804df499/unable-to-access-user-principal-information-from-the-system-error-when-trying-to-launch-kerberos?forum=sqltools

I am working in a single domain with a single account. None of the users on this system are orphaned or displaying a GUID instead of their ID.

I really want to use this tool to help troubleshoot my Reporting Services kerberos issues.

The log generated by the tool is displaying the following errors:

9/16/2014 11:43:05 AM Info: Connect to WMI, \root\cimv2
9/16/2014 11:43:37 AM Error: Access of system information failed System.Runtime.InteropServices.COMException (0x80070035): The network path was not found.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.AccountManagement.SAMStoreCtx.ResolveCrossStoreRefToPrincipal(Object o)
   at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNextForeign()
   at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNext()
   at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.MoveNext()
   at System.Linq.Enumerable.Contains[TSource](IEnumerable`1 source, TSource value, IEqualityComparer`1 comparer)
   at KerberosCM.WMIHelper.TryIsUserLocalAdmin(SystemInfo si, UserPrincipal user, Boolean& isLocalAdmin)
9/17/2014 8:36:08 AM Info: Connect to WMI, \root\cimv2
9/17/2014 8:36:10 AM Error: Access of system information failed System.Runtime.InteropServices.COMException (0x80070035): The network path was not found.

   at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
   at System.DirectoryServices.DirectoryEntry.Bind()
   at System.DirectoryServices.DirectoryEntry.get_AdsObject()
   at System.DirectoryServices.PropertyValueCollection.PopulateList()
   at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
   at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
   at System.DirectoryServices.AccountManagement.SAMStoreCtx.ResolveCrossStoreRefToPrincipal(Object o)
   at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNextForeign()
   at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNext()
   at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.MoveNext()
   at System.Linq.Enumerable.Contains[TSource](IEnumerable`1 source, TSource value, IEqualityComparer`1 comparer)
   at KerberosCM.WMIHelper.TryIsUserLocalAdmin(SystemInfo si, UserPrincipal user, Boolean& isLocalAdmin)
windows-server-2008-r2
sql-server
kerberos
ssrs
asked on Server Fault Sep 16, 2014 by Geoff Dawdy • edited Sep 17, 2014 by Geoff Dawdy

6 Answers

11

I know this is a really old post, but for anyone that is still having this issue... I managed to work around it by going into my local administrators group on the server and clearing out any accounts showing up as a GUID.

Once I did that, I was able to launch the tool, fill in no server/user info and just hit connect. It logged right in after that.

(I know the original poster said he already checked for that, but this is what resolved this issue for me).

answered on Server Fault Mar 21, 2016 by Ben Sala
1

I know this thread is old, but I was having the same issue. In my case the Remote Registry service was not running. I have found that on some servers it is just running, and on others it shows Automatic (trigger start), and in both of those cases I can use the tool successfully. If the service is manual/disabled, etc... and not running, this error occurred.

answered on Server Fault Dec 2, 2016 by Richard Webster
1

Mine was similar to the other answers but slightly different. I had an account from another domain in the Local Administrators group. I'm not sure the exact type of trust that was present. After removing that account the tool was able to run.

answered on Server Fault Dec 21, 2016 by graz
1

I had the same issue on SQL 2016 hosted on a Windows Server 2016.

Running as admin didnt resolve my problem. I had to 'Run as a different user', then I logged in as my Active Directory domain admin. Then I was able to connect to the hosted SQL server.

answered on Server Fault Jun 5, 2017 by Dongminator
1

Got exactly the same problem, How I fixed it?

I went to local users and groups on the server with SPN issues Groups>Administrators> and removed any account that is not part of the same domain as the server.

I had a user account from another domain, after removing it and trying the App again it worked.

Cheers.

answered on Server Fault May 17, 2018 by Amani
0

In addition to removing the GUID entry from the local Administrator group, I had to run the tool remotely from another machine on the domain in order to avoid the System.Runtime.InteropServices.COMException

answered on Server Fault Jan 26, 2018 by djoyce

User contributions licensed under CC BY-SA 3.0