Re: Using trusted database connection across domains

Hi Dave,
Thank you for your response.

Regarding your concern, "I feel it is a shame that such a great technology like trusted database connections are of so limited value. I can't believe that many enterprise web application have the
customer-facing web server in the same network and domain as the SQL server machine, which means (as I understand from you) that these application cannot use trusted connections.",

It does not mean that trusted connections cannot be established. Trusted database connection can be established but via NTLM authentication instead of Kerberos in this case. I recommend
that you first check if you can access a network share folder by using NTLM authentication between your web server and database server. If not, contact your network administrator to check why
NTLM authentication cannot work in your environment. Once this issue can be resolved, you should be able to use Windows NTLM authentication for a database trusted connection by following
the steps I mentioned in my last response.

From your former descriptions, I think that you might be an expert on Unix or Linux and have not got into the habit of using Windows operating system. I appreciate that you could give more
understandings on Windows. After all Windows is a different OS from Unix and Linux, and it is normal that they show different behaviors for some functions. That also leads to different
application architectures on these different OS platforms.

Also I would like to let you know that since your question is essentially a Windows security question and our SQL Server newsgroup is not the best place for deeply discussing such a kind of
advisory question. If you are interested in such Windows security questions, you may have a new post at microsoft.public.windows.server.security for wider audience.

Please feel free to let me know if you have any other questions or concerns. I am very glad to work with you for further assistance.

Best regards,
Charles Wang
Microsoft Online Community Support
=========================================================
Delighting our customers is our #1 priority. We welcome your
comments and suggestions about how we can improve the
support we provide to you. Please feel free to let my manager
know what you think of the level of service provided. You can
send feedback directly to my manager at: msdnmg@xxxxxxxxxxxxxx
=========================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
=========================================================





.