13.2 Using Windows Authentication

13.2 Using Windows Authentication

13.2.1 Endpoint

The endpoint for database mirroring has a special purpose. The endpoint listens on a unique TCP port number, sending and receiving messages through this TCP interface between the server instances participating in the database mirroring session.

The syntax for the endpoint URL is:tcp://< computer name >.< domain segment >[.< domain segment >]:< port >. When configuring the endpoint, if only the computer name is filled in, the configuration wizard will pop up a warning message with the FQDN or IP address recommended.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6D/AC/wKioL1VpdqfibLhQAAEAT03tgo4110.jpg "title=" Fqdn.png "alt=" Wkiol1vpdqfiblhqaaeat03tgo4110.jpg "/>

by default, the SQL Server instance does not contain a database mirroring endpoint. When you establish a database mirroring session, you must create them manually or automatically create endpoints from the Configuration Wizard. the system administrator must create the endpoints separately in each server instance that will participate in database mirroring. Note that if multiple server instances on a given computer require a database mirroring endpoint, specify a different port number for each endpoint.

Tips:

Endpoints are used only for communication between the principal server and the mirror server, and the database mirroring endpoint is not used when the client connects to the principal server.

The FQDN (Fully qualified domain name, fully qualified domain name) is comprised of the computer's hostname (hostname) and the full path domain name. Because it contains the full network path, it can logically represent the network location of the host. For example, if the computer SQLSVR2 joined the localdomain.local domain, the FQDN of this computer is SQLSVR2.localdomain.local.

13.2.2 Preparing the login name

If both the principal and mirror server instances are started with a domain account, Windows authentication can be used to access the endpoints of database mirroring. It is recommended to use a domain account, which simplifies the security configuration of the database.

When you establish a database mirroring session, you must manually create a login for the domain account on the principal server and the mirror server, or create it automatically by the Configuration Wizard. You must also grant connect permission to the login to connect to the database mirroring endpoint of the instance.

Tips:

If both the principal and mirror server instances are started by using a local account, authentication can be achieved through the "impersonation" of the Windows account. That is, a user account with the same name is created on both computers, and the password for this account is the same on both computers.

13.2.3 Creating endpoints

In the primary interface of the database mirroring configuration, click Configure security to begin configuring database mirroring.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6D/B0/wKiom1VpaX6Bs8qhAAK77zzD6KU576.jpg "title=" Configuration security 0.png "alt=" Wkiom1vpax6bs8qhaak77zzd6ku576.jpg "/>

In the Configure Database Mirroring Security Wizard window, click Next to skip the start page.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6D/B0/wKiom1VpaRazSocSAAGTmmxBoWo985.jpg "style=" float: none; "title=" Configuration Security 1.png "alt=" Wkiom1vparazsocsaagtmmxbowo985.jpg "/>

The witness server is currently not configured, so select No when you answer "Whether you are sure you want to configure security to include a witness server instance."

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6D/AC/wKioL1VpaqvxWAAUAAFvVkBPIU0644.jpg "style=" float: none; "title=" Configuration security 2.png "alt=" Wkiol1vpaqvxwaauaafvvkbpiu0644.jpg "/>

On the principal server instance page, the Configuration Wizard uses port 5022 to listen by default.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6D/B0/wKiom1VpaRbgtQn-AAHDKt27oBc836.jpg "style=" float: none; "title=" Configuration Security 3.png "alt=" Wkiom1vparbgtqn-aahdkt27obc836.jpg "/>

On the mirror server instance page, click the Connect button to connect to the mirror server instance. The configuration Wizard assigns the listener port to it by default. When connecting to a mirror server, be aware that you are using a privileged logon account that must have permissions to create endpoints and logins on the mirror server.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6D/AC/wKioL1VpaqvRNK11AAHT_NAgEKs719.jpg "style=" float: none; "title=" Configuration Security 4.png "alt=" Wkiol1vpaqvrnk11aaht_nageks719.jpg "/>

On the Service Accounts page, specify a domain account for the principal and the mirror, respectively. The configuration Wizard creates logins for these accounts and grants them CONNECT permissions on the endpoints.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6D/B0/wKiom1VpaRegQdh-AAGxHKRSPfU455.jpg "style=" float: none; "title=" Configuration Security 6.png "alt=" Wkiom1vparegqdh-aagxhkrspfu455.jpg "/>

Confirm the configuration, and then click Finish to start the configuration.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6D/AC/wKioL1VpaqzgkTmbAAIj_T-wsbo471.jpg "style=" float: none; "title=" Configuration Security 7.png "alt=" Wkiol1vpaqzgktmbaaij_t-wsbo471.jpg "/>

After the configuration is complete, check the status of each operation.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6D/B0/wKiom1VpaRjxxTeHAAFm_d95jwE360.jpg "style=" float: none; "title=" Configuration Security 8.png "alt=" Wkiom1vparjxxtehaafm_d95jwe360.jpg "/>

13.2.4 Start Mirroring

After you complete the Configure security procedure, the Configuration Wizard automatically asks whether to start mirroring immediately. To start mirroring immediately, click Start Mirroring.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/6D/B1/wKiom1VpdEzQSEhuAAGLSDIOVdI174.jpg "title=" Start mirroring Ask. png "alt=" wkiom1vpdezqsehuaaglsdiovdi174.jpg "/>

If you click Do not start mirroring, you are returned to the main interface of the database mirroring configuration. You can click Start mirroring on the configuration screen.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6D/AC/wKioL1VpdhjBmINCAALeSltNaZ0673.jpg "title=" Start mirroring Start. png "alt=" wkiol1vpdhjbmincaalesltnaz0673.jpg "/>

13.2.5 Confirmation

After you start mirroring, you need to confirm the following items.

(1) Login name

The configuration wizard will automatically create a login for your Windows account if you do not check the specified login name.

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/6D/B1/wKiom1VpdX2x10qMAAJPk561hJ4092.jpg "title=" Login properties. png "alt=" wkiom1vpdx2x10qmaajpk561hj4092.jpg "/>

(2) Status of the principal database and the secondary database

After the configuration succeeds, the status of the principal database should be "principal, synchronized," and the status of the mirror database should be "mirrored, synchronized/restoring ...".

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/6D/AD/wKioL1VpeLfRwVR2AAPJWCfhD00573.jpg "title=" state. png "alt=" Wkiol1vpelfrwvr2aapjwcfhd00573.jpg "/>

This article from "SQLServer2014 series" blog, declined reprint!

13.2 Using Windows Authentication