DMZ to Domain Authentication – Mirrored Account

Home Forums Microsoft Networking and Management Services Active Directory DMZ to Domain Authentication – Mirrored Account

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    topper
    Member
    #143028

    Hi Guys,

    Got a frustrating problem, I have a hosting network, Front end DMZ, web server (2003, IIS6), running on a couple of web servers behind an F5 load balancer.

    These web server then connect to a database cluster through a second firewall. Due to it being a window cluster it has to be on a domain (obviously!!).

    Now the problem I have is that we do not want to use SQL authentication, we have setup mirrored accounts (same username and password) on both web servers and the hosting domain.

    When it tries to authenticate I get the following erro in the database event log, if I create a local account on the database server (with same username and password) then it works fine, but just not when using a domain account.

    The reason I want to use a domain account is for when the cluster is failed over, I don’t want to setup permissions twice on the database for each local user.

    Logon Failure:
    Reason: Unknown user name or bad password
    User Name: SUDS-TEST-WEB$
    Domain: HOSTING
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Workstation Name: SUDS-TEST-WEB
    Caller User Name: –
    Caller Domain: –
    Caller Logon ID: –
    Caller Process ID: –
    Transited Services: –
    Source Network Address: –
    Source Port: –

    I know this solution can work as I have it setup else where, the only difference is that the database cluster nodes are the domain controllers (yea yea, i know, not recommended) so we cannot have local users but it works perfectly with a domain user.

    What is the difference? Pls help!

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.