Saturday, February 25, 2012

"Multiple IP address in one SQL server" and "authentication problem

Hi all.
I really don't known where to post because I don't known what is my
problem, so let me explain.
I have a SQL Server with two ethernet cards, one used for me, IT
Department, and other used by normal users.
Every card is in a separated network (obviously):
192.168.1.100 with "db.domain.com" A record in DNS
172.16.10.100 with "db.public.domain.com" A record in DNS
This server is an AD domain computer with "db.domain.com" name, and the
DC is in 192.168.1.0/24 network.
I am in troubles when I try to connect with MSrSQL Management Studio
using db.public.domain.com... I doesn't works, I get an error similar to
"Login failed for user ''. The user is not associated with a trusted SQL
Server connection. [CLIENT: 172.16.10.101]"
If I change db.public.domain.com to a CNAME record pointing to
db.domain.com it works, but this is not desired because I want users to
use their network, 172.16.10.0/24.
Any issues? Any suggestions? Any idea? Please help me if you can :) I
tried to play with Service Principal Names (SPN's), but I can't manage
to connect with an A record.
Thanks in advance,
SergioNever use a multihomed server as a DC. So you need to either remove AD off
of this machine or remove one of the NIC's.
The link below has some info on this and I couldn't find the exact article
but I can guarantee you are going to have constant problems with this setup.
http://support.Microsoft.com/default.aspx?scid=kb;en-us;832478
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sergio Garcia" <sergio.garcia@.ds2.es> wrote in message
news:eQEPzDqUIHA.5980@.TK2MSFTNGP04.phx.gbl...
> Hi all.
> I really don't known where to post because I don't known what is my
> problem, so let me explain.
> I have a SQL Server with two ethernet cards, one used for me, IT
> Department, and other used by normal users.
> Every card is in a separated network (obviously):
> 192.168.1.100 with "db.domain.com" A record in DNS
> 172.16.10.100 with "db.public.domain.com" A record in DNS
> This server is an AD domain computer with "db.domain.com" name, and the DC
> is in 192.168.1.0/24 network.
> I am in troubles when I try to connect with MSrSQL Management Studio using
> db.public.domain.com... I doesn't works, I get an error similar to "Login
> failed for user ''. The user is not associated with a trusted SQL Server
> connection. [CLIENT: 172.16.10.101]"
> If I change db.public.domain.com to a CNAME record pointing to
> db.domain.com it works, but this is not desired because I want users to
> use their network, 172.16.10.0/24.
> Any issues? Any suggestions? Any idea? Please help me if you can :) I
> tried to play with Service Principal Names (SPN's), but I can't manage to
> connect with an A record.
> Thanks in advance,
> Sergio|||Sorry, I didn't explained well... it is not a DC, it is only a domain
member.
Paul Bergson [MVP-DS] wrote:
> Never use a multihomed server as a DC. So you need to either remove AD off
> of this machine or remove one of the NIC's.
> The link below has some info on this and I couldn't find the exact article
> but I can guarantee you are going to have constant problems with this setup.
> http://support.Microsoft.com/default.aspx?scid=kb;en-us;832478
>|||Sorry for the misunderstanding. I don't specifically see what the problem
is, but does this sql server allow SQL Server and AD authentication? If so
have you tried both methods? What about the Event Log what is the error you
are receiving?
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sergio Garcia" <sergio.garcia@.noreply.org> wrote in message
news:%23WIKzQtUIHA.1208@.TK2MSFTNGP03.phx.gbl...
> Sorry, I didn't explained well... it is not a DC, it is only a domain
> member.
>
> Paul Bergson [MVP-DS] wrote:
>> Never use a multihomed server as a DC. So you need to either remove AD
>> off of this machine or remove one of the NIC's.
>> The link below has some info on this and I couldn't find the exact
>> article but I can guarantee you are going to have constant problems with
>> this setup.
>> http://support.Microsoft.com/default.aspx?scid=kb;en-us;832478|||The SQL Server has the next configuration
_________ _______
| | | |
NIC1 --| SQL |-- NIC2 --| DC |
10.10.10.1 | | 10.20.10.1 | DNS |
host.pub.dom.com -- host.dom.com --
In 10.20.10.0/24 network there is a DC of dom.com domain and a DNS wich
has both A entries.
My problem is that in the same SQL Server, I want to connect to
host.pub.dom.com database server and I can't.
If I use "host.pub.dom.com" can't connect. KO
If I use "host.dom.com" I can connect. OK
If I use "10.10.10.1" address, I can connect. OK
If I use "10.20.10.1" address, I can connect. OK
If I change the A record, "host.pub.dom.com", to a CNAME record pointing
to "host.dom.com"... I can connect.
Also, there is a router linking both networks
Paul Bergson [MVP-DS] wrote:
> Sorry for the misunderstanding. I don't specifically see what the problem
> is, but does this sql server allow SQL Server and AD authentication? If so
> have you tried both methods? What about the Event Log what is the error you
> are receiving?
>|||The SQL Server has the next configuration
_________ _______
| | | |
NIC1 --| SQL |-- NIC2 --| DC |
10.10.10.1 | | 10.20.10.1 | DNS |
host.pub.dom.com -- host.dom.com --
In 10.20.10.0/24 network there is a DC of dom.com domain and a DNS wich
has both A entries.
My problem is that in the same SQL Server, I want to connect to
host.pub.dom.com database server and I can't.
If I use "host.pub.dom.com" can't connect. KO
If I use "host.dom.com" I can connect. OK
If I use "10.10.10.1" address, I can connect. OK
If I use "10.20.10.1" address, I can connect. OK
If I change the A record, "host.pub.dom.com", to a CNAME record pointing
to "host.dom.com"... I can connect.
Also, there is a router linking both networks
Paul Bergson [MVP-DS] wrote:
> Sorry for the misunderstanding. I don't specifically see what the problem
> is, but does this sql server allow SQL Server and AD authentication? If so
> have you tried both methods? What about the Event Log what is the error you
> are receiving?
>|||This sql box is not a router and the path host.pub.dom.com is not part of
your domain. The reason the cname works is you have it pointing to the
domain side.
I think you could get this to work if you loaded Routing and Remote Access,
but this is skewed.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sergio Garcia" <sergio.garcia@.noreply.org> wrote in message
news:47863DDF.6090604@.noreply.org...
> The SQL Server has the next configuration
> _________ _______
> | | | |
> NIC1 --| SQL |-- NIC2 --| DC |
> 10.10.10.1 | | 10.20.10.1 | DNS |
> host.pub.dom.com -- host.dom.com --
> In 10.20.10.0/24 network there is a DC of dom.com domain and a DNS wich
> has both A entries.
> My problem is that in the same SQL Server, I want to connect to
> host.pub.dom.com database server and I can't.
> If I use "host.pub.dom.com" can't connect. KO
> If I use "host.dom.com" I can connect. OK
> If I use "10.10.10.1" address, I can connect. OK
> If I use "10.20.10.1" address, I can connect. OK
> If I change the A record, "host.pub.dom.com", to a CNAME record pointing
> to "host.dom.com"... I can connect.
>
> Also, there is a router linking both networks
> Paul Bergson [MVP-DS] wrote:
>> Sorry for the misunderstanding. I don't specifically see what the
>> problem is, but does this sql server allow SQL Server and AD
>> authentication? If so have you tried both methods? What about the Event
>> Log what is the error you are receiving?

No comments:

Post a Comment