September 27, 2011 at 9:30 am
Hello,
I need to set up transactional replication where publisher and dedicated distributor are in different domains.
First of all, is it possible to have transactional replication possible with Pub and dist in different domains?
If yes, here is the more info.
Distributor is 2008 R2 version in domain A and Publisher is 2005 version in domain B. Distributor and subscribers are in the same domain so there is no connectivity issue there.
Both the domains are trusted.
Publisher has to use Distributor_admin account to connect to distributor.
But I am not sure under what domain or local account should the log reader and snapshot agent security configured while creating publication to make it work?
Thanks,
:unsure:
September 27, 2011 at 11:21 am
You will need to use a domain account for this. Pick one and give it the appropriate access on the publisher, and then set the log reader/etc to use that account.
September 27, 2011 at 11:43 am
Derrick Smith (9/27/2011)
You will need to use a domain account for this. Pick one and give it the appropriate access on the publisher, and then set the log reader/etc to use that account.
I tried adding domain accounts to both the servers ( I mean domain A account to domain B and vice versa and made them sysadmin ). It has not worked so far.
I guess, if Publishr and distributor can exist in different domain for sure, I will try to figure out the permissions.
Can someone please confirm that Pub and dist can be on different trusted domains?
Thanks,
Aashini
September 27, 2011 at 11:48 am
I've set it up that way in the past but if you're having issues on your network getting it to work you could always try using a SQL login instead of a domain account (since sql logins are independent anyway).
September 27, 2011 at 11:49 am
edit - double clicked...whoops.
September 27, 2011 at 11:55 am
Derrick Smith (9/27/2011)
I've set it up that way in the past but if you're having issues on your network getting it to work you could always try using a SQL login instead of a domain account (since sql logins are independent anyway).
Thanks Derrick
As long as I have confirmation from somene that it is possible, I will figure out the issue with connectivity. I just wanted to verify the cross domain thing as I have tried all kind of set ups in last 2 days- using sql logins rather than impersonating security, domain A login with sysadmin permissions, domain B login with sysadmin permission, full name i.e database.domain.edu\instance name, with and without port etc..So, i had tarted questioning whether this is the limitation of replication.
Funny thing is that I can ping Pub from distributor and dist from publisher. So, I never thought I will have such a hard time setting up this replication.
Oh well..Thanks for the reply. I really appreciate it.
September 27, 2011 at 12:01 pm
If nothing is working for you, it sounds like you might have some other issues...possibly network related.
Can you ping the publisher from the distributor using only the hostname (not the FQDN)? I've had to work around issues like that by adding a hosts file entry with a dummy name and the FQDN to the server I'm trying to connect from.
What errors are you getting when you try to connect with either a domain account or with a sql login?
It's absolutely doable and it might just be a simple config setting and not something you're doing.
September 29, 2011 at 8:57 am
Ok. It's fixed now.
I had to go to replication related linked servers on publisher and distributor, retype the password for sql accounts to be used for connection and enable 'allow data access' option.
Never had to do this before but this is what it is.
Aashini
September 29, 2011 at 9:06 am
Just a note: If the servers are on 2 different domains, you will not be able to use a domain account because one will never authenticate to the other. SQL Server authentication is the only way to do this.
Thanks,
Jared
Jared
CE - Microsoft
October 3, 2011 at 2:09 am
Set SPN for your domain user.
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply