pmwrightjr
asked on
Cross-domain authentication for SQL Server 2000
We operate a SQL2000 server (running on Server 2003) for the benefit of a number of public agencies. Up until recently, all participating domains were child domains of the parent domain in which the SQL Server lived and we had no issues with using Named Pipes or Winsock Netlib to connect clients to the SQL database.
Recently one of our partner agencies has established a new domain in a new forest and we created a trust to support continued access to our servers. All of the server connections are working except the most important one - this SQL Server 2000 server. SQL 2005 works, Exchange works, etc. but we cannot establish connections between workstations on the new domain and the SQL 2000 server. We get an error message of "Login failed for user 'testuser'. Reason: Not associated with a trusted SQL Server connection."
The DNS seems to be solid and a packet capture shows no evidence of failure of name resolution. It seems that the SQL negotiation doesn't recognize the trust and it seems that the domain functional level might be an issue as well. The forest functional level is Windows 2000 and the domain in which the SQL Server lives is Server 2003; the new domain is also Server 2003. I have removed all of the impediments to raising the functional level of the forest and hope to do that within the next few days but I'm not at all confident that doing so will change the problem.
Anyone have any ideas on establishing Windows authentication under the circumstances I have described?
Recently one of our partner agencies has established a new domain in a new forest and we created a trust to support continued access to our servers. All of the server connections are working except the most important one - this SQL Server 2000 server. SQL 2005 works, Exchange works, etc. but we cannot establish connections between workstations on the new domain and the SQL 2000 server. We get an error message of "Login failed for user 'testuser'. Reason: Not associated with a trusted SQL Server connection."
The DNS seems to be solid and a packet capture shows no evidence of failure of name resolution. It seems that the SQL negotiation doesn't recognize the trust and it seems that the domain functional level might be an issue as well. The forest functional level is Windows 2000 and the domain in which the SQL Server lives is Server 2003; the new domain is also Server 2003. I have removed all of the impediments to raising the functional level of the forest and hope to do that within the next few days but I'm not at all confident that doing so will change the problem.
Anyone have any ideas on establishing Windows authentication under the circumstances I have described?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER