June 25, 2013 at 9:05 am
I am instating a SharePoint in an outside subnet, the SQL 2008 is in a different subnet.
the SharePoint install cannot connect to the SQL, complaining about the account not being form the same domain.
ALL servers and accounts are registered with the same domain.
Actually only if I try to troubleshoot by trying to use the ODBC connection from the outside server that I see the error of the account being Suspicious because it is from another domain. I did change the account with the same thing, I also moved both servers from the domain and back in.
Thanks
June 25, 2013 at 10:15 am
1samharris (6/25/2013)
I am instating a SharePoint in an outside subnet, the SQL 2008 is in a different subnet.the SharePoint install cannot connect to the SQL, complaining about the account not being form the same domain.
ALL servers and accounts are registered with the same domain.
Actually only if I try to troubleshoot by trying to use the ODBC connection from the outside server that I see the error of the account being Suspicious because it is from another domain. I did change the account with the same thing, I also moved both servers from the domain and back in.
Thanks
Your post is kind of unclear. Subnet differences (provided the difference subnets can talk to each other) are a non-issue for SQL and for AD. This "suspicious" message that you are getting where is it coming from SQL? AD? SharePoint? Please post the EXACT error message.
Also are you sure they are in the domain and not in a workgroup with the same name as the domain?
CEWII
June 25, 2013 at 10:28 am
the subnets 10.0.0.0/16 and 10.0.1.0/16 can talk, (for diagnosis I openeded all TCP / UDP and ICMP)
The error is a SQl error
the account is domain account and right now it has all the permissions.
the exact erro is:
the login is from an untrusted domain and cannot be used with windows authentication BUT it is a SQL erro 18452
Thanks
June 25, 2013 at 11:50 am
Ok that tells me that the account that is trying to access the SQL is from an AD domain that is different than the one that SQL is in AND that the AD domain SQL is on does not trust the one being used. Which I'm guessing is something like this:
DMZDomain\SharepointSQLUser
InternalDomain\SQLServiceUser
The DMZDomain would rarely be trusted by the InternalDomain but the InternalDomain would often be trusted by the DMZDomain if communication were allowed between them..
That error message is pretty clear, sharepoint is trying to use a login that is not trusted by the domain. As a side note I think I have seen this error when logged into a local account on a machine that was then trying to use trusted authentication to SQL.
CEWII
June 25, 2013 at 2:20 pm
Actually there is only one domain and all elements discussed
Are members of the same domain. That is what is trange
June 25, 2013 at 2:28 pm
Are the sharepoint services logging in with a domain account? Basically are you sure sharepoint is trying to connect using the credentials you think it is? Was the sharepoint computer in another domain when sharepoint was installed?
I'm grasping here for anything, because I agree, its weird.
CEWII
June 25, 2013 at 3:30 pm
SharePoint services I think will start once you go through the configuration, which what I was going thourgh on the second screen where it asks to sql server and credentials. therefore the services are not up yet.
Now I started thinking about Kerberos, I am using NTLM, I know that SharePoint would ask for that but I have not even gotten to that part yet.
Also worth mentioning, this is on Amazon hosting with a VPS.
Thanks
June 26, 2013 at 7:36 am
1samharris (6/25/2013)
the subnets 10.0.0.0/16 and 10.0.1.0/16 can talk, (for diagnosis I openeded all TCP / UDP and ICMP)The error is a SQl error
the account is domain account and right now it has all the permissions.
the exact erro is:
the login is from an untrusted domain and cannot be used with windows authentication BUT it is a SQL erro 18452
Thanks
They aren't two subnets. The mask /16 represents 10.0.x.x. The problem is not there as we seem to be looking at a single subnet.
Have you checked that TCP\IP is enabled within the SQL Configuration Manager and that the SQL Server Browser Service is enabled in the Windows Services?
June 28, 2013 at 11:45 am
UPDATE: Since this is an instance under Amazon AWS, I created a ticket and eventually got help.
the issues ended up to be not related to sharepoint or SQL, it was a security conflict between two policies, one governing the internal subnet and one governing the DMZ.
Within those two, I did not have EXPLICIT exception to allow certain traffic between both.
Thank you guys for your informative questions.
June 28, 2013 at 12:02 pm
Thanks for the update.
CEWII
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply