Re: Delegation Failure
From: Paul L (nospam_at_loring.net)
Date: 01/29/04
- Next message: Russell Fields: "Re: authentication issues"
- Previous message: fernando diaz: "store procedure debugging error"
- In reply to: Les Connor [SBS MVP]: "Re: Delegation Failure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jan 2004 10:45:46 -0500
Les,
It was "wrongly" posted to the 3 (whole bunch?) newsgroups for the systems
involved. I have a problem that could be in any of the 3 places, SBS, SQL
or AD.
Furthermore, I have no idea what you are trying to say in your reply.
-Paul
"Les Connor [SBS MVP]" <les.connor@DEL.cfive.ca> wrote in message
news:ekZiRmf5DHA.2720@TK2MSFTNGP09.phx.gbl...
> Let's be careful here ;-).
>
> This is kind of an SBS question, it was wrongly cross posted to a whole
> bunch of newsgroups and the discussion might not necessarily accurately
> reflect an SBS scenario. Such as the following:
>
> > Generally speaking, running two important services on one machine is
> unsafe.
> > If one is compromised, the other one will fall too. We do not recommend
> > running anything on a DC.
>
> --
> Les Connor [SBS MVP]
> -------------------------------------
> SBS Rocks !
>
>
>
> "Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in message
> news:eSmSyWe5DHA.2556@TK2MSFTNGP09.phx.gbl...
> > What service account is SQL using? NetworkService or LocalSystem? Note
> that
> > when it was living on a member server, those accounts were mapped to the
> > computer account, and this account was used when SQL was accessing
network
> > resources. Now, when SQL lives on the DC, so called "loopback
> > authentication" is taking place, and SQL comes to DC authenticated as
> > NetworkServer or LocalSystem, respectively.
> >
> > Generally speaking, running two important services on one machine is
> unsafe.
> > If one is compromised, the other one will fall too. We do not recommend
> > running anything on a DC.
> >
> > --
> > Dmitri Gavrilov
> > SDE, Active Directory Core
> >
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> > Use of included script samples are subject to the terms specified at
> > http://www.microsoft.com/info/cpyright.htm
> >
> > "Paul L" <nospam@loring.net> wrote in message
> > news:u5x2oRc5DHA.2392@TK2MSFTNGP11.phx.gbl...
> > > I have a domain with SBS2003 server running IIS on one machine and
> Windows
> > > Server 2003 running SQL 2000 on another. IIS uses integrated
> > authentication
> > > only, and delegation between IIS and SQL was working as advertised
(all
> > the
> > > right checkboxes in Active Dir we set correctly, SQL used the
> > authenticated
> > > client, etc).
> > >
> > > We recently added the server with SQL as a Domain Controller so it
could
> > be
> > > used as a backup. Once it came on line, delegation stopped working,
and
> > IIS
> > > attempts to log in to SQL as the 'NT AUTHORITY\ANONYMOUS LOGON' user,
> > which,
> > > of course, fails.
> > >
> > > I am going to remove the DC off of the SQL server, but I though
someone
> > > might know why having the second DC on the SQL server kills
delegation.
> > >
> > > Thanks,
> > > Paul
> > >
> > >
> > >
> >
> >
>
>
- Next message: Russell Fields: "Re: authentication issues"
- Previous message: fernando diaz: "store procedure debugging error"
- In reply to: Les Connor [SBS MVP]: "Re: Delegation Failure"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
