DMZ to Domain Authentication – Mirrored Account
- This topic has 8 replies, 4 voices, and was last updated 11 years, 6 months ago by
.
-
Posts
-
Hi Guys,
Got a frustrating problem, I have a hosting network, Front end DMZ, web server (2003, IIS6), running on a couple of web servers behind an F5 load balancer.
These web server then connect to a database cluster through a second firewall. Due to it being a window cluster it has to be on a domain (obviously!!).
Now the problem I have is that we do not want to use SQL authentication, we have setup mirrored accounts (same username and password) on both web servers and the hosting domain.
When it tries to authenticate I get the following erro in the database event log, if I create a local account on the database server (with same username and password) then it works fine, but just not when using a domain account.
The reason I want to use a domain account is for when the cluster is failed over, I don’t want to setup permissions twice on the database for each local user.
Logon Failure:
Reason: Unknown user name or bad password
User Name: SUDS-TEST-WEB$
Domain: HOSTING
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: SUDS-TEST-WEB
Caller User Name: –
Caller Domain: –
Caller Logon ID: –
Caller Process ID: –
Transited Services: –
Source Network Address: –
Source Port: –I know this solution can work as I have it setup else where, the only difference is that the database cluster nodes are the domain controllers (yea yea, i know, not recommended) so we cannot have local users but it works perfectly with a domain user.
What is the difference? Pls help!
You must be logged in to reply to this topic.