Saturday, February 25, 2012

"Multiple IP address in one SQL server" and "authentication problem with AD"

Never use a multihomed server as a DC. So you need to either remove AD off
of this machine or remove one of the NIC's.
The link below has some info on this and I couldn't find the exact article
but I can guarantee you are going to have constant problems with this setup.
http://support.Microsoft.com/default.aspx?scid=kb;en-us;832478
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sergio Garcia" <sergio.garcia@.ds2.es> wrote in message
news:eQEPzDqUIHA.5980@.TK2MSFTNGP04.phx.gbl...
> Hi all.
> I really don't known where to post because I don't known what is my
> problem, so let me explain.
> I have a SQL Server with two ethernet cards, one used for me, IT
> Department, and other used by normal users.
> Every card is in a separated network (obviously):
> 192.168.1.100 with "db.domain.com" A record in DNS
> 172.16.10.100 with "db.public.domain.com" A record in DNS
> This server is an AD domain computer with "db.domain.com" name, and the DC
> is in 192.168.1.0/24 network.
> I am in troubles when I try to connect with MSrSQL Management Studio using
> db.public.domain.com... I doesn't works, I get an error similar to "Login
> failed for user ''. The user is not associated with a trusted SQL Server
> connection. [CLIENT: 172.16.10.101]"
> If I change db.public.domain.com to a CNAME record pointing to
> db.domain.com it works, but this is not desired because I want users to
> use their network, 172.16.10.0/24.
> Any issues? Any suggestions? Any idea? Please help me if you can I
> tried to play with Service Principal Names (SPN's), but I can't manage to
> connect with an A record.
> Thanks in advance,
> Sergio
Sorry for the misunderstanding. I don't specifically see what the problem
is, but does this sql server allow SQL Server and AD authentication? If so
have you tried both methods? What about the Event Log what is the error you
are receiving?
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sergio Garcia" <sergio.garcia@.noreply.org> wrote in message
news:%23WIKzQtUIHA.1208@.TK2MSFTNGP03.phx.gbl...[vbcol=seagreen]
> Sorry, I didn't explained well... it is not a DC, it is only a domain
> member.
>
> Paul Bergson [MVP-DS] wrote:
|||Hi
Which domain is machine that you are connecting from in and have you tried
to change it?
Are you using SQL Authentication?
John
"Sergio Garcia" wrote:

> The SQL Server has the next configuration
> _________ _______
> | | | |
> NIC1 --| SQL |-- NIC2 --| DC |
> 10.10.10.1 | | 10.20.10.1 | DNS |
> host.pub.dom.com -- host.dom.com --
> In 10.20.10.0/24 network there is a DC of dom.com domain and a DNS wich
> has both A entries.
> My problem is that in the same SQL Server, I want to connect to
> host.pub.dom.com database server and I can't.
> If I use "host.pub.dom.com" can't connect. KO
> If I use "host.dom.com" I can connect. OK
> If I use "10.10.10.1" address, I can connect. OK
> If I use "10.20.10.1" address, I can connect. OK
> If I change the A record, "host.pub.dom.com", to a CNAME record pointing
> to "host.dom.com"... I can connect.
>
> Also, there is a router linking both networks
> Paul Bergson [MVP-DS] wrote:
>
|||Hi
Who are you logging into the machine as?
John
"Sergio Garcia" wrote:

> That machine is the same SQL Server. I can connect even to "localhost".
> If I use SQL Authentication it works, but with Windows authentication
> doesn't.
> Thanks very much.
> John Bell wrote:
>
|||Hi
If you can connect to host.pub.dom.com as a SQL User it is not the
resolution of the machine that has cause the problem.
If you can connect to host.dom.com as a Windows User host.dom.com\user it is
not the permissions for host.dom.com\user that is the issue.
If you can connect to host.pub.dom.com as a Windows User
host.pub.dom.com\user it is not the permissions for host.dom.com\user that is
the issue.
If you can connect to host.pub.dom.com as a Windows User host.dom.com\user I
suspect that it is something like the trust relationship between the two
domains that is the issue.
John
"Sergio Garcia" wrote:

> Ok, I will try to give you more information
> I am using a user who has permissions enough. It is a domain user, not a
> SQL user.
> Thanks for your help...
>
> John Bell wrote:
>
|||This sql box is not a router and the path host.pub.dom.com is not part of
your domain. The reason the cname works is you have it pointing to the
domain side.
I think you could get this to work if you loaded Routing and Remote Access,
but this is skewed.
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Sergio Garcia" <sergio.garcia@.noreply.org> wrote in message
news:47863DDF.6090604@.noreply.org...[vbcol=seagreen]
> The SQL Server has the next configuration
> _________ _______
> | | | |
> NIC1 --| SQL |-- NIC2 --| DC |
> 10.10.10.1 | | 10.20.10.1 | DNS |
> host.pub.dom.com -- host.dom.com --
> In 10.20.10.0/24 network there is a DC of dom.com domain and a DNS wich
> has both A entries.
> My problem is that in the same SQL Server, I want to connect to
> host.pub.dom.com database server and I can't.
> If I use "host.pub.dom.com" can't connect. KO
> If I use "host.dom.com" I can connect. OK
> If I use "10.10.10.1" address, I can connect. OK
> If I use "10.20.10.1" address, I can connect. OK
> If I change the A record, "host.pub.dom.com", to a CNAME record pointing
> to "host.dom.com"... I can connect.
>
> Also, there is a router linking both networks
> Paul Bergson [MVP-DS] wrote:

No comments:

Post a Comment