|
Home > Archive > Microsoft Content Management Server > June 2005 > Configuring CMS, SPS, SQL, Active Directory
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Configuring CMS, SPS, SQL, Active Directory
|
|
| jtoulier 2005-06-21, 8:49 pm |
| Hello,
We have the following scenario:
The DMZ zone with:
* One single server (SRVDMZ) with CMS and SharePoint Portal Server
The Internal zone with:
* One server (SRVAD) with Active Directory
* One server with SQL Server (SRVSQL) and all related databases for CMS
and SPS. This server is member of the domain defined in SRVAD.
Between the DMZ and Internal zones we have opened only SQL port (1433),
we will not open Active Directory ports.
The CMS can connect via SQL Authentication and create its databases,
but when connecting SPS to SQL, SPS requires a Windows account so we
have a problem here since we can't access the AD resources we can't
connect to SQL.
Any idea how we can solve this problem?
Thanks a lot
Joseph Toulier
| |
| jawadak@gmail.com 2005-06-21, 8:49 pm |
| jtoulier this is more of Sharepoint Related question ...
Ok Here is the solution ...
Use Mirrored Account i.e. Local accounts with same name and Passwords
on both SPS Server and SQL Database to access the database from
Sharepoint. Thsi will not require you to open any other port ....
| |
| jtoulier 2005-06-21, 8:49 pm |
| Thanks,
We tried that solution creating on SRVDMZ and SRVSQL a local user named
'sps_admin' with the same password, member of Power Users, and defined
as a SQL Login with Security Administrator and Database Creator server
role but it failed.
All SPS components (search, job, index) are on SRVDMZ. When creating a
new SPS site 'SPS Site' on http://srvdmz:8081/ we had the following
error log.
14:26:07 Starting portal creation for 'SPS Site'.
14:26:07 Enter PortalInstaller.Install
14:26:07 Beginning Microsoft.SharePoint.Portal.Install.c installer
(Progress: 0)
14:26:08 Retrieving identity for application pool
'MSSharePointPortalAppPool'.
14:26:08 Application pool identity is 'gmdabarrientos\sps_admin'.
14:26:08 Application pool name is 'MSSharePointPortalAppPool'.
14:26:08 Site database server is 'SRVSQL'.
14:26:08 Service database server is 'SRVSQL'.
14:26:08 Unique database root name is 'SPSSite4'.
14:26:08 Enter CreateTeamSite
14:26:08 Virtual server Uri is 'http://srvdmz:8081/'
14:26:08 Creating SPGlobalAdmin object.
14:26:08 Opening virtual server.
14:26:08 Checking virtual server state.
14:26:08 Virtual server needs extend.
14:26:08 Extending virtual server 'http://srvdmz:8081/' using existing
AppPool 'MSSharePointPortalAppPool'...
14:26:09 Virtual server extended.
14:26:29 Enabling self-service site creation...
14:26:29 Self-service site creation enabled.
14:26:29 Exit CreateTeamSite
14:26:29 Enter CreatePortalSite
14:26:29 Looking up team site ID '67f90e51-64e2-47f4-ba49-451f293d4ef1'
in configuration database.
14:26:29 Updating site warning and maximum counts for portal site
database... (fe7e5fca-fd83-4ecb-8730-acb992e74d46)
14:26:29 Looking up virtual server ID
'6e450d23-8a0e-4ef6-9f18-bb7bd0180510' in configuration database.
14:26:29 Creating profile database 'SPSSite4_PROF' on server 'SRVSQL'.
14:26:30 Adding portal writer database role.
14:26:30 Granting dbo access to profile database for user
'srvdmz\sps_admin'.
14:26:30 Failed to create portal successfully SPS Site
14:26:30 Begin rollback operation for portal 'SPS Site'
14:26:30 Enter PortalInstaller.Rollback
14:26:30 Enter UnextendVirtualServer
14:26:30 Unextending virtual server 'http://srvdmz:8081/'.
(6e450d23-8a0e-4ef6-9f18-bb7bd0180510)
14:26:32 Exit UnextendVirtualServer
14:26:32 Exit PortalInstaller.Rollback
14:26:32 Portal creation job exception.
(status=PortalAdminJobStatusFailed) System.Data.SqlClient.SqlException:
Windows NT user or group 'srvdmz\sps_admin' not found. Check the name
again. Windows NT user or group 'srvdmz\sps_admin' not found. Check the
name again. at Microsoft.SharePoint.Portal.Data.a.c(SqlCommand A_0,
Boolean A_1) at Microsoft.SharePoint.Portal.Data.a.c(SqlCommand A_0,
Boolean A_1) at Microsoft.SharePoint.Portal.Data.a.b(SqlCommand A_0) at
Microsoft.SharePoint.Portal.Data.a.b(SqlCommand A_0) at
Microsoft.SharePoint.Portal.Topology.Database.b(a A_0, String A_1,
String A_2) at Microsoft.SharePoint.Portal.Install.c.a(j A_0, Uri A_1,
Guid A_2, String A_3, DatabaseService A_4, String A_5, String A_6) at
Microsoft.SharePoint.Portal.Install.c.a(IDictionary A_0) at
System.Configuration.Install.Installer.Install(IDictionary stateSaver)
at System.Configuration.Install.TransactedInstaller.Install(IDictionary
savedState)
14:26:32 Failed to create portal successfully SPS Site
14:26:32 Portal creation complete. (Status: PortalAdminJobStatusFailed)
Monday, 20 June 2005 14:27:22 Log file opened.
| |
| Spencer Harbar [MVP] 2005-06-22, 8:48 pm |
| SPS requires a domain to be supported.
The only way you will get the sps elements to work in your setup is to allow
AD related traffic thru the firewall.
However - there is a better solution....
place your current DMZ server in your Internal zone and configure
SPS/CMS/SQL etc to use domain accounts and integrated authentication. (just
as if it were an Intranet system)
then add a new box running ISA server 2004 web publishing into the DMZ -
which acts as a reverse proxy and 'publishes' your internal server to the
internet.
This is way more secure as the only traffic between the DMZ and your
Internal zone is HTTP/S.
Your current solution, as well as being unsupported, and impossible to get
working (SPS) passes the SQL authentication creds in plain text over 1433.
hth
Spence
www.mcmsfaq.com
"jtoulier" <jtoulier@yahoo.com> wrote in message
news:1119385386.528197.257590@z14g2000cwz.googlegroups.com...
> Hello,
>
> We have the following scenario:
>
> The DMZ zone with:
> * One single server (SRVDMZ) with CMS and SharePoint Portal Server
>
> The Internal zone with:
> * One server (SRVAD) with Active Directory
> * One server with SQL Server (SRVSQL) and all related databases for CMS
> and SPS. This server is member of the domain defined in SRVAD.
>
> Between the DMZ and Internal zones we have opened only SQL port (1433),
> we will not open Active Directory ports.
>
> The CMS can connect via SQL Authentication and create its databases,
> but when connecting SPS to SQL, SPS requires a Windows account so we
> have a problem here since we can't access the AD resources we can't
> connect to SQL.
>
> Any idea how we can solve this problem?
>
> Thanks a lot
>
> Joseph Toulier
>
|
|
|
|
|