Setting up mirroring in untrusted domain environment using Sql server 2008 R2

0

I have setup mirroring only with principle and mirror in untrusted domain environment using certificates. I have successfully tested the mirroring session by doing a manual failover. But I see a lot of login failures in the mirror server saying

Login failed for user 'NT AUTHORITY\LOCAL SERVICE'. Reason: Failed to open the explicitly specified database. [CLIENT: ]

SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.

Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

I am not using windows authentication for mirroring. Can someone please suggest the way to avoid these errors from appearing in the error log. Also why is the principle server still trying to use windows authentication?

sql
sql-server
sql-server-2008
mirroring
high-availability
asked on Stack Overflow Dec 13, 2010 by kishore • edited Dec 13, 2010 by marc_s

2 Answers

2

Those failures are not from the mirroring connection. Those errors are from your client trying to connect to the mirror instance.

The first error is from a local service that is attempting to open an explicit database that is offline (perhaps is trying to connect to the mirrored database). The second error is from a client that had failed the SSPI handshake. And the third one is from a client that has succeeded the hansdhake but is not trusted.

You have to verify your client apps connection strings and, your agent jobs etc etc and see who is attempting these connections.

answered on Stack Overflow Dec 13, 2010 by Remus Rusanu
1

ok as follows: in the mirror monitoring tool you can set the connection / authentication it should use. Your probably best of removing the connections in the monitoring tool and reregistering them according to the accounts you have set in the endpoints.

answered on Stack Overflow May 25, 2011 by Laurens

User contributions licensed under CC BY-SA 3.0