 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / July 2008SQL Server w/ Redundant Domain Controllers
We have an application that connects to SQL Server using Windows authentication, and we have two AD Domain Controllers. Both DCs also run DNS, and the SQL server is configured to point to both. However, if one of the domain controllers becomes unavailable (the one configured first in the DNS order), then authentication to the DB fails and the following two events are logged on the SQL server: SSPI handshake failed with error code 0x80090304 while establishing a connection with integrated security; the connection has been closed. Login failed for user ''. The user is not associated with a trusted SQL Server connection. Will SQL server failover to the other DC, and how long should that take? Check with your DNS administrator. Your DNS servers should talk to your domain controllers if they're configured to be AD-integrated. Your DNS servers might be the problem > We have an application that connects to SQL Server using Windows > authentication, and we have two AD Domain Controllers. Both DCs also run [quoted text clipped - 13 lines] > > Will SQL server failover to the other DC, and how long should that take? The domain controllers are the DNS servers and they are configured on the SQL server as the primary (DC1) and secondary (DC2). When DC1 is shutdown, rather than immediately failing over to DC2, authentication requests to SQL server fail with the SSPI error below. However, DNS resolution continues to work and if SQL server is restarted it will authenticate against DC2. I'm wondering how long it should take for authentication requests to switch to DC2, if DC1 becomes unavailable. The application that uses the SQL server is crashing when it fails to connect to the database. > Check with your DNS administrator. Your DNS servers should talk to your > domain controllers if they're configured to be AD-integrated. Your DNS [quoted text clipped - 17 lines] > > > > Will SQL server failover to the other DC, and how long should that take? Check your AD logs to see if it does authenticate correctly. Furthermore, check if the service account password has been changed when the service restart fails > The domain controllers are the DNS servers and they are configured on the > SQL [quoted text clipped - 35 lines] >> > Will SQL server failover to the other DC, and how long should that >> > take? As I right this logon failure depends of Global Catalog unavailability. I think what unavailable DC is Global Catalog (GC) and second DC is NOT GC. You can turn on GC checkbox in Active Directory Sites and Services console (found you second DC, select NTDS Settings in this server, right click on NTDS Settings and select "Properties" menu item), waiting few minutes and try again. |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.