If we have a SQL Server 2000 database on our internal LAN and an
external IIS6 Server with ASP.NET pages using SQL Authentication talking
to the SQL Server through the Internet "cloud" via VPN/Firewall Gateway
devices on either end of the connection (with port 1433 enabled), would
the traffic over the VPN be transparent to SQL Server or do we need to
configure SQL Server to handle it? We are running Windows 2003 server.
Thanks
TimoSQL-- IIS --VPN--Internet--VPN
I'm asuming this is your configuration..
So if your configuration is like this, then once the VPN tunnel is made,
then whatever protocols you're using will be sent across the VPN.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Kevin,
Thanks for the reply. Actually, we will have two IIS Servers, IIS#1 on
our internal LAN used for intranet apps, IIS#2 external for internet
apps visible to the public. The configuration would be like this:
{LAN: IIS#1--SQL } --VPN--{tunnel}--VPN--IIS#2--{Internet}
If I understand you correctly, when SQL gets the request from the IIS#
2, the traffic will look to SQL no different from any other traffic over
port 1433, even though it has come through the tunnel.
Apart from making sure the VPN/Firewall has port 1433 open, is there
anything else required of the VPN to support traffic between SQL and
IIS#2?
Timo
In article <X3QoXmmJEHA.3088@.cpmsftngxa10.phx.gbl>,
kevmc@.online.microsoft.com says...
> SQL-- IIS --VPN--Internet--VPN
> I'm asuming this is your configuration..
> So if your configuration is like this, then once the VPN tunnel is made,
> then whatever protocols you're using will be sent across the VPN.
>
> Thanks,
> Kevin McDonnell
> Microsoft Corporation
> This posting is provided AS IS with no warranties, and confers no rights.|||From what I can see your analysis is correct.
Cheers
Ken
"Timo" <t@.anonymous.com> wrote in message
news:MPG.1aeed52797260409896be@.msnews.microsoft.com...
: Kevin,
: Thanks for the reply. Actually, we will have two IIS Servers, IIS#1 on
: our internal LAN used for intranet apps, IIS#2 external for internet
: apps visible to the public. The configuration would be like this:
:
: {LAN: IIS#1--SQL } --VPN--{tunnel}--VPN--IIS#2--{Internet}
:
: If I understand you correctly, when SQL gets the request from the IIS#
: 2, the traffic will look to SQL no different from any other traffic over
: port 1433, even though it has come through the tunnel.
:
: Apart from making sure the VPN/Firewall has port 1433 open, is there
: anything else required of the VPN to support traffic between SQL and
: IIS#2?
: Timo
:
: In article <X3QoXmmJEHA.3088@.cpmsftngxa10.phx.gbl>,
: kevmc@.online.microsoft.com says...
: >
: > SQL-- IIS --VPN--Internet--VPN
: >
: > I'm asuming this is your configuration..
: > So if your configuration is like this, then once the VPN tunnel is made,
: > then whatever protocols you're using will be sent across the VPN.
: >
: >
: >
: > Thanks,
: >
: > Kevin McDonnell
: > Microsoft Corporation
: >
: > This posting is provided AS IS with no warranties, and confers no
rights.|||previous post;
"If I understand you correctly, when SQL gets the request from the IIS#
2, the traffic will look to SQL no different from any other traffic over
port 1433, even though it has come through the tunnel.
"
Correct.
"Apart from making sure the VPN/Firewall has port 1433 open, is there
anything else required of the VPN to support traffic between SQL and
IIS#2?"
No.
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.|||Another question has arisen and we don't have a system in place
yet to determine the answer by trial and error.
When IIS6 on somedomain.com communicates with SQLServer2000 on
someotherdomain.net via a VPN, should the Connection String
specify the SQLServer by name with Standard Security:
"Data Source=OurSQLServer;Initial Catalog=pubs;User
Id=sa;Password=foo;"
Or should the Connection String use the IP address mode:
Data Source=xxx.xxx.xxx.xxx,1433;Network Library=DBMSSOCN;Initial
Catalog=pubs;User ID=sa;Password=foo;"
If the Connection String should use the IP address mode with
DBMSSOCN, should it specify the IP address of the firewall (and
let the firewall translate 1433 traffic to the SQLServer by NAT)
or should it specify the IP address of the actual SQL Server?
Thanks!
Timo|||So, if you're on the outside of the firewall, you're client machine has no
knowledge of how to resolve a netbios name on the
inside of the firewall. You should be able to use the IP address of the
firewall, and allow it to NAT to the internal server.
Otherwise, if you want to use the fqdn name, add an entry to your host
file, or lmhost file if you want to use the netbios name.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Showing posts with label iis6. Show all posts
Showing posts with label iis6. Show all posts
Friday, March 9, 2012
IIS6 connect to sql server on another machine w/windows authentication
Can someone point me at an article that tells how to allow theASP.net worker process to connect, via windows authentication, to aremote sql server instance ?
Start with:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/PAGHT000008.asp
The remote server access is in the connection string, specifying server and instance.
Jeff
|||Also make sure remote connections enabled on the remote SQL instnace. Check this KB:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;914277
IIS Fails back when prevent failback is checked
Howdy,
IIS6 Win2003.
Set up the group on Node1. During testing I can down Node1 and groups
and resources failover to Node2. After Node1 comes back online, the
IIS Service Group failsback to Node1. Did I miss something?
TIA for any assistance.
Bill
Bill,
Have you set the failback policy for the group to failback immediately? The default is "prevent failback".
Additional Information:
=====================
To set group failback policy
Open Cluster Administrator.
In the console tree, click the Groups folder.
In the details pane, click the appropriate group.
On the File menu, click Properties.
On the Failback tab, click Prevent failback or Allow failback.
If you click Allow failback, then either click Immediately, or click Failback between and set the time interval.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of
the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open Cluster Administrator, click Start, click Control Panel, double-click Administrative Tools, and then double-click Cluster Administrator.
To set the time interval for Failback between, enter numbers between 0 and 23 for the beginning and end of the interval. If the first number is greater than the second, the interval ends on the following day. The
numbers correspond to the local time of the cluster group, as read on a 24-hour clock.
It is important to set the failback time because you may not want failback to occur during hours of peak usage.
If no preferred owners are specified for the group, then failback does not occur.
Best Regards,
Uttam Parui
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection Program and to order your FREE Security Tool Kit, please visit http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their Microsoft software to better protect against viruses and security vulnerabilities. The easiest way to do this is to visit the following websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx
|||Uttam,
I have the failback property set to 'Prevent failback'. Yet the IIS
Services Group continues to 'Failback' when the Node comes back online.
It does not seem to interfere with the functionality of IIS running from
the other Node though. While looking at the properties of this Group I
did notice a differnce in the failover threshold and period. On the
other two groups the I have the Threshold set to 10 and the period set
to 6 hrs. Would this have an effect?
Thanks again,
Bill
*** Sent via Developersdex http://www.codecomments.com ***
Don't just participate in USENET...get rewarded for it!
|||Bll,
Shutdown node 1 and verify that all resources come online on node 2.
If you don't want to shut down node 1 then move all resources to node 2 and pause node 1. make sure that all resources are coming online on node 2. If it fails then see the errors in NT logs and cluster.log and fix
them first.
You mentioned something about the difference in group properties? What is the difference that you saw ?
You wrote "On the other two groups the I have the Threshold set to 10 and the period set to 6 hrs. ". This is the default. What are the values on the IIS group? Did someone change it from the default?
Best Regards,
Uttam Parui
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection Program and to order your FREE Security Tool Kit, please visit http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their Microsoft software to better protect against viruses and security vulnerabilities. The easiest way to do this is to visit the following websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx
|||Uttam,
If I down Node1, failover to Node2 works as designed no issues, when
Node1 comes back online, the IIS Services Group failsback to Node1.
There is no loss in functionality, IIS works as needed. It is just that
the Group fails back to the other Node.
I did Move the group to Node2 and it has stayed there, it is just during
failover from 1 to 2 that the anomialy occurs.
Settings were: Threshold 1, Period 2. I may have changed them some time
back (I fell off of testing for almost two months).
Thanks,
Bill
*** Sent via Developersdex http://www.codecomments.com ***
Don't just participate in USENET...get rewarded for it!
IIS6 Win2003.
Set up the group on Node1. During testing I can down Node1 and groups
and resources failover to Node2. After Node1 comes back online, the
IIS Service Group failsback to Node1. Did I miss something?
TIA for any assistance.
Bill
Bill,
Have you set the failback policy for the group to failback immediately? The default is "prevent failback".
Additional Information:
=====================
To set group failback policy
Open Cluster Administrator.
In the console tree, click the Groups folder.
In the details pane, click the appropriate group.
On the File menu, click Properties.
On the Failback tab, click Prevent failback or Allow failback.
If you click Allow failback, then either click Immediately, or click Failback between and set the time interval.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of
the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
To open Cluster Administrator, click Start, click Control Panel, double-click Administrative Tools, and then double-click Cluster Administrator.
To set the time interval for Failback between, enter numbers between 0 and 23 for the beginning and end of the interval. If the first number is greater than the second, the interval ends on the following day. The
numbers correspond to the local time of the cluster group, as read on a 24-hour clock.
It is important to set the failback time because you may not want failback to occur during hours of peak usage.
If no preferred owners are specified for the group, then failback does not occur.
Best Regards,
Uttam Parui
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection Program and to order your FREE Security Tool Kit, please visit http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their Microsoft software to better protect against viruses and security vulnerabilities. The easiest way to do this is to visit the following websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx
|||Uttam,
I have the failback property set to 'Prevent failback'. Yet the IIS
Services Group continues to 'Failback' when the Node comes back online.
It does not seem to interfere with the functionality of IIS running from
the other Node though. While looking at the properties of this Group I
did notice a differnce in the failover threshold and period. On the
other two groups the I have the Threshold set to 10 and the period set
to 6 hrs. Would this have an effect?
Thanks again,
Bill
*** Sent via Developersdex http://www.codecomments.com ***
Don't just participate in USENET...get rewarded for it!
|||Bll,
Shutdown node 1 and verify that all resources come online on node 2.
If you don't want to shut down node 1 then move all resources to node 2 and pause node 1. make sure that all resources are coming online on node 2. If it fails then see the errors in NT logs and cluster.log and fix
them first.
You mentioned something about the difference in group properties? What is the difference that you saw ?
You wrote "On the other two groups the I have the Threshold set to 10 and the period set to 6 hrs. ". This is the default. What are the values on the IIS group? Did someone change it from the default?
Best Regards,
Uttam Parui
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Are you secure? For information about the Strategic Technology Protection Program and to order your FREE Security Tool Kit, please visit http://www.microsoft.com/security.
Microsoft highly recommends that users with Internet access update their Microsoft software to better protect against viruses and security vulnerabilities. The easiest way to do this is to visit the following websites:
http://www.microsoft.com/protect
http://www.microsoft.com/security/guidance/default.mspx
|||Uttam,
If I down Node1, failover to Node2 works as designed no issues, when
Node1 comes back online, the IIS Services Group failsback to Node1.
There is no loss in functionality, IIS works as needed. It is just that
the Group fails back to the other Node.
I did Move the group to Node2 and it has stayed there, it is just during
failover from 1 to 2 that the anomialy occurs.
Settings were: Threshold 1, Period 2. I may have changed them some time
back (I fell off of testing for almost two months).
Thanks,
Bill
*** Sent via Developersdex http://www.codecomments.com ***
Don't just participate in USENET...get rewarded for it!
Subscribe to:
Posts (Atom)