Re: Delegation Failure
From: Les Connor [SBS MVP] (les.connor_at_DEL.cfive.ca)
Date: 01/29/04
- Next message: Wei Ci Zhou: "Re: Where to place Stored Procedure?"
- Previous message: Miriam: "authentication issues"
- In reply to: Dmitri Gavrilov [MSFT]: "Re: Delegation Failure"
- Next in thread: Paul L: "Re: Delegation Failure"
- Reply: Paul L: "Re: Delegation Failure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jan 2004 17:50:52 -0600
Let's be careful here ;-).
This is kind of an SBS question, it was wrongly cross posted to a whole
bunch of newsgroups and the discussion might not necessarily accurately
reflect an SBS scenario. Such as the following:
> Generally speaking, running two important services on one machine is
unsafe.
> If one is compromised, the other one will fall too. We do not recommend
> running anything on a DC.
-- Les Connor [SBS MVP] ------------------------------------- SBS Rocks ! "Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in message news:eSmSyWe5DHA.2556@TK2MSFTNGP09.phx.gbl... > What service account is SQL using? NetworkService or LocalSystem? Note that > when it was living on a member server, those accounts were mapped to the > computer account, and this account was used when SQL was accessing network > resources. Now, when SQL lives on the DC, so called "loopback > authentication" is taking place, and SQL comes to DC authenticated as > NetworkServer or LocalSystem, respectively. > > Generally speaking, running two important services on one machine is unsafe. > If one is compromised, the other one will fall too. We do not recommend > running anything on a DC. > > -- > Dmitri Gavrilov > SDE, Active Directory Core > > This posting is provided "AS IS" with no warranties, and confers no rights. > Use of included script samples are subject to the terms specified at > http://www.microsoft.com/info/cpyright.htm > > "Paul L" <nospam@loring.net> wrote in message > news:u5x2oRc5DHA.2392@TK2MSFTNGP11.phx.gbl... > > I have a domain with SBS2003 server running IIS on one machine and Windows > > Server 2003 running SQL 2000 on another. IIS uses integrated > authentication > > only, and delegation between IIS and SQL was working as advertised (all > the > > right checkboxes in Active Dir we set correctly, SQL used the > authenticated > > client, etc). > > > > We recently added the server with SQL as a Domain Controller so it could > be > > used as a backup. Once it came on line, delegation stopped working, and > IIS > > attempts to log in to SQL as the 'NT AUTHORITY\ANONYMOUS LOGON' user, > which, > > of course, fails. > > > > I am going to remove the DC off of the SQL server, but I though someone > > might know why having the second DC on the SQL server kills delegation. > > > > Thanks, > > Paul > > > > > > > >
- Next message: Wei Ci Zhou: "Re: Where to place Stored Procedure?"
- Previous message: Miriam: "authentication issues"
- In reply to: Dmitri Gavrilov [MSFT]: "Re: Delegation Failure"
- Next in thread: Paul L: "Re: Delegation Failure"
- Reply: Paul L: "Re: Delegation Failure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
