1 Reply Latest reply on Apr 2, 2018 5:44 PM by Carisa Chang

    Kerberos Configuration while switching to BackUp Primary

    Nagarajan R

      Hi All,


      We have a HA and Failover Tableau Server configuration with one Primary, two workers and one back up primary (in case of a failure with original primary).

      Kerberos is configured successfully with original primary and worker setup.


      However can you please let us know if "Enabling Kerberos, exporting kerberos configuration script and AD admin sharing a new keytab file should be done again for back up primary.

      I have this clarification because when primary changes, host name changes as well and SPNs would be different as compared to SPNs in original primary.


      Also I wish to understand how workers would get configured or react when this switchover happens with kerberos configuration.


      Please help!!


      Thank you

        • 1. Re: Kerberos Configuration while switching to BackUp Primary
          Carisa Chang

          Hi there!


          Do you have a load balancer/proxy in front of Tableau Server? Typically in this situation, you'd place a load balancer in front of Tableau Server - and use the load balancer url when configuring Tableau Server for Kerberos. Using this approach, the same keytab and configuration files could be used for the active and backup primary computers.


          Configure Kerberos

          Note: Verify the host names in the setspn lines of the script. If you are using an external load balancer or a reverse proxy, the host names should match the name you used when you configured Tableau Server for the load balancer or proxy. If you have not configured Tableau Server for your proxy or external load balancer, do that and then re-export the Kerberos configuration script to ensure it has the correct host names. See Add a Load Balancer and Configuring Proxies for Tableau Server.