During the installation of the Windows Connector for Workspace One Access, if you did not select the "Would you like to run the IDM Connector service as a domain user account?" option, or if you selected the option but specified a domain account that does not have the right to "Create, delete, and manage user accounts" in Active Directory, Kerberos cannot be initialized after installation. When you try to configure the Kerberos authentication adapter, you get an error message that states that Kerberos initialization failed and points to this KB article.

To install the Kerberos module in the Windows Connector a CA certificate for the Connector is required.
If a CA certificate is not in place then Kerberos installation will fail.

Follow these steps to resolve the issue:

1. Log in to the Windows connector machine and navigate to the <InstallerLocation>\IDM Connector\usr\local\horizon\scripts directory.
2. Right click "setupkerberos.bat" and select run as administrator.
3. Enter the username, in the format "DOMAIN\username", and password of a domain user that has the right to "Create, delete, and manage user accounts" in Active Directory. A confirmation message appears after the script has run successfully.
4. Log in to the VMware Identity Manager administration console and initialize the Kerberos authentication adapter for the connector.