August 28, 2012 at 12:40 am
Hi,
Does SQL Engine service account should be domain account? or can we possible to configure configure local user account?
currently prinicipal & mirror servers are running member of corparate domain.
thanks
August 28, 2012 at 12:57 am
BOL could have answered your question with minimal effort but since you're being lazy and I'm feeling generous I'll copy and paste for you.
Under Windows Authentication, each server instance logs in to the other side using the Windows credentials of the Windows user account under which the process is running. For this reason, Windows Authentication requires that SQL Server services must run as domain users in trusted domains or as network services.
To authenticate both ends of a connection, Windows Authentication uses the credentials of the Windows user account on which the SQL Server instances are running. Therefore, the user account of each server instance must have the permissions needed to log in and send messages to each of the other server instances.
In some situations, such as when server instances are not in trusted domains or when SQL Server is running as a local service, Windows Authentication is unavailable. In such cases, instead of user credentials, certificates are required to authenticate connection requests. The mirroring endpoint of each server instance must be configured with its own locally created certificate.
You have just created extra work for me now because I'm going to go and change my signature 🙂
August 28, 2012 at 1:32 am
thanks for reply...
Ok, domain account should be required to configure database mirroring also principal & mirror server SQL engine should be running same domain account.
Does domain account should be added into domain administrators group or added into local administrators group?
what is the server restart procedure after mirroring configured both server? if any patch applied from WSUS server.
August 28, 2012 at 2:48 am
No, they don't both need to be running under the same account, but each account will need to have a login on the other server and the necessary privileges.
There is no requirement for your SQL Server service account to be a member of Local Admins and definitely not, never, ever a member of Domain Admins!
August 28, 2012 at 3:44 am
As per domain policy, SQL service account not given to permission for login that server.
Can we possible configure NT authority /Network service - this account assign SQL engine for mirroring setup both the server
thanks
August 28, 2012 at 4:16 am
I've not set it up that way personally but, as per my earlier post, BOL says you can!
August 28, 2012 at 5:59 am
one more question?
As per BOL http://msdn.microsoft.com/en-us/library/ms189434(v=SQL.105).aspx
when using windows authentication, SQL Engine account should be domain account for configure database mirroring.
as per my current instance can login mixed mode authentication such as users 'sa', 'administrator'
Can we use like this as below
Principal
Specify the service account of the principal server instance.
Principal servername\Administrator
Mirror
Specify the service account of the mirror server instance.
Mirror servername\Administrator
But SQL server service account running local user account for example
1. Principal servername\SQLServEngine - for MSSQL
2. Principal servername\SQLServAgent - for Agent
Both user added into login at sqlserver instance.
thanks
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply