(Cross post from newsgroup)
Attempting to implement Windows authentication between trusted domains. . .
I have a domain trust set up between two domains connected via persistent vpn:
REMOTE and HQ
sqlserv is: HQ\SQLSERV (SQL 2000 server)
client machine is: REMOTE\MACHINE1 (SQL 2005 tools)
I sucessfully added user REMOTE\User1 to system admins on HQ\SQLSERV I can login via Remote Desktop from REMOTE\MACHINE1 to HQ\SQLSERV and open SQL2000 Query Analyzer and query databases as REMOTE\User1
When running SQL2005 SQL Server Management Server on REMOTE\MACHINE1 logged on as REMOTE\User1
I cannot connect to HQ\SQLSERV.
I get:
TITLE:
Connect to Server
Cannot connect to HQ\SQLSERV.
ADDITIONAL INFORMATION: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. (Microsoft SQL Server, Error: 18452) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18452&LinkId=20476
BUTTONS: OK
Any ideas? What I am trying to do should be possible. Isn't it?
Check your connection info in SSMS on REMOTE\MACHINE1Check you have all the required DNS
Try osql -SSQLSERV -E|||
Mulhall wrote:
Check your connection info in SSMS on REMOTE\MACHINE1
fails on both named pipes and tcp/ip
Check you have all the required DNS
It appears the DNS replicates sucessfully as I have set up secondaries on both sides for the other domains.
I can ping from one side to the other.
I can assign rights from one side to the other, etc. . .
Try osql -SSQLSERV -E
same error|||
Ahhh. . .
found the problem. . .
forgot that we had moved all of our workstations into sets of ADS folders, one for general all purpose use where access via network was permitted to all authenticated users and one set that had access permissions specifically defined to only developers.
Had to give access to the remote developers group via group policy.
The easiest thing was -
Add a Local Domain Group on HQ - Remote Developers
Add REMOTE\Developers to HQ\Remote Developers
Add HQ\Remote Developers to 'Allow access from network' on the applicable gpo
Does that make sense?
Well, it works!!!
You know. . .
Somethings M$ does really really well - Active Directory/Policy Management/Name Service Administration, SQL Server!!!
Somethings they choke on - Visual Studio 6 (oh what a dog!)
At any rate, setting up this VPN and Domain trust was rather simple and straight forward!
No comments:
Post a Comment