Undoing configuration of Kerberos constrained delegation in IAG SP1

  • Article

Applies To: Intelligent Application Gateway (IAG)

To undo IAG SP1 configuration for Kerberos constrained delegation and revert to the previous configuration, do the following:

Undoing Kerberos constrained delegation in IAG and ISA

To undo Kerberos constrained delegation in IAG and ISA

  1. On the computer where the IAG is installed, open a command line, type the following, and then press ENTER:

    IAG_KCD_tool.exe Clear

  2. On the IAG Password dialog box, type your IAG Configuration password, and then click OK.

  3. On the IAG KCD Support Tool dialog box, click Reset.

    The IAG Configuration program opens. All the configured trunk information is updated (for example, the original external IP addresses are restored to the configured trunks).

To undo Kerberos constrained delegation for specific trunks or applications

  1. Repeat steps 1-3, as described in Configuring Kerberos constrained delegation in IAG SP1 in the "To configure IAG and ISA Server settings" procedure.

  2. On the IAG KCD Support Tool dialog box, in the IAG KCD Trunks and Applications section, clear the check box of the trunks or applications for which you want to undo configure to Kerberos constrained delegation.

  3. Complete the procedure, as described in steps 6-8 in Configuring Kerberos constrained delegation in IAG SP1 in the To configure IAG and ISA Server settings procedure.

Clearing the domain controller of server principal names (SPNs)

You can perform this procedure from the computer where the IAG is installed or from a different computer. If you perform this procedure from a different computer it must belong to the domain and have .NET Framework version 2.0 installed.

To clear the domain controller via the computer where the IAG is installed

  • On the computer where the IAG is installed, open a command line, type the following, and then press ENTER:

    IAG_KCD_AD_tool.exe Clear

To clear the domain controller via a different computer

  1. Copy IAG_KCD_AD_tool.exe from the IAG computer to the computer from which you want to run the tool.

  2. On the computer where you run the tool, open a command line and navigate to the location of the file. Type the following, and then press ENTER:IAG_KCD_AD_tool.exe Clear