Hi there!
Often discussed, but not really solved in my opinion - the connection between the partners and the witness causes problems.
My case: Three Servers in the same domain, three endpoints on 5022 with windows negotiation, all endpoints can be reached by telnet from each server. Mirrorring works. So far so good.
But one of these partners is not able to connect to the witness. The witness' error log is full with that:
"2006-06-01 13:45:20.32 Logon Database Mirroring login attempt failed with error: 'Connection handshake failed. An OS call failed: (8009030c) 0x8009030c(Der Anmeldeversuch ist fehlgeschlagen.). State 67.'. [CLIENT: 130.143.205.54]"
My Endpoints are created like
CREATE ENDPOINT [EASYRIS_Mirroring]
AUTHORIZATION [code1\dephbrsaa1-sys108]
STATE=STARTED
AS TCP (LISTENER_PORT = 5022, LISTENER_IP = ALL)
FOR DATA_MIRRORING (ROLE = PARTNER, AUTHENTICATION = WINDOWS NEGOTIATE
, ENCRYPTION = SUPPORTED ALGORITHM RC4);
What catches my eyes is that
GRANT CONNECT ON ENDPOINT::EASYRIS_Mirroring TO [code1\dephbrsaa1-sys108];
doesn't cause these user to appear in the result set of
SELECT EP.name, SP.STATE,
CONVERT(nvarchar(38), suser_name(SP.grantor_principal_id))
AS GRANTOR,
SP.TYPE AS PERMISSION,
CONVERT(nvarchar(46),suser_name(SP.grantee_principal_id))
AS GRANTEE
FROM sys.server_permissions SP , sys.endpoints EP
WHERE SP.major_id = EP.endpoint_id
ORDER BY Permission,grantor, grantee;
By the way, these mentioned user is sysadmin and grantor.
Has anyone an idea?
Torsten
So,
The 8009030c error from the OS indicates that there is a login error at the OS level. SQL isn't involved with the networking protocol yet. So, look at the credentials that SQL Server is running under. There may need to be a restart of the SQL Server process to pick up the new credentials.
Thanks,
Mark
|||Hi Mark,
thanks, that was the missing information. I could resolve the issue:
It seems that 1. the SQL Server Processes of each partner and the wittness has to run under an equal domain user and 2. these domain user must be local admin.
Can someone confirm these thesis?
Thanks a lot, Torsten
|||You do not have to run all the same accounts and run as the SA to setup mirroring. It is just that the easiest way to setup mirroring is to have all the accounts be the same and SA.
You can use different accounts on the servers, but they need to be granted access to the other endpoints.
You can also run as local system accounts, but you need to setup certificattes. It is all in BOL.
Thanks,
Mark
No comments:
Post a Comment