Comments
9 comments
-
Thanks for your inquiry about SQL Monitor.
Can you describe to me what kind of accounts that you are using and what permissions they have?
Is it the same permissions as designated on our documentation: https://documentation.red-gate.com/disp ... ermissions
Also do you have SSMS installed on the same machine as SQL Monitor?
If you do can your bring up the user for the base monitor in SSMS and try to access the machine in Domain B?
If you do not have SSMS installed on the same machine as SQL Monitor, can you do the same thing as above on a machine in the same domain as SQL Monitor? -
The only issue is with Windows authentication. I have two domains, let's say A and B. I have a SQLMonitor server on domain A. I have another one on domain B. The service account used for both of these domains is a single service account from domain A. It works fine in both domain A and domain B as this single service account has rights to the SQL servers in domain A and B. It has all the rights it needs to run and gather the data from SQL Monitor. There are no user rights issues for this.
The problem is that if I set up Windows Authentication then in domain A, when setting it up, I specify a windows account that is going to check AD to determine if other windows users have rights when they log in. In domain A the only account it will allow is a windows account from domain A. And in domain B the only windows account it will use is an account from domain B. This too isn't a problem as I can use a different account for each of the servers. The problem is on the SQL Monitor server on Domain A, I can't add users from Domain B. It says it can't find them. And on the SQL monitor server on domain B it won't allow me to add users from domain A. It can't find them. It appears that it can only authenticate a user in a single domain - even though domain A and domain B have a full trust relationship.
From the way this is working I it appears to me that windows authentication can only validate users in a single domain. -
I see,
Can you go into more detail on how your domain trust is setup?
Is it one way or two way trust? Is the trust transitive or nontransitive?
Is the trust between the domains configured in a special way, or is it a default two-way transitive trusts? -
I am seeing this exact problem. I don't have the information about the trust setups and don't care to find out right now.
I see this issue was posted over 3 years ago. We are still on version 7 for SQL Monitor and plan on updating to the latest version of 9. My question is did this issue get resolved in a later version or does it still exist and I'll just need to go back to the SQL Monitor credential method of letting people in which means its all shared password stuff and no way to know that your ADMIN password hasn't been shared outside of what it should have been. -
Yes the problem still exists. We are on the version 9. We have two domains and the trusted share is in place. But if the SQL monitor server is on DomainA, I cannot add users from DomanB. My workaround was to get user accounts in both domains.
-
Thank you for letting me know. It's sad that the problem still exists after more than 3 years.lehrsj24 said:Yes the problem still exists. We are on the version 9. We have two domains and the trusted share is in place. But if the SQL monitor server is on DomainA, I cannot add users from DomanB. My workaround was to get user accounts in both domains.
-
This is pretty sad. I'm running into this issue now as well and this application obviously doesn't support domain trusts. Proper AD integration is so rare!
-
It's worth updating this thread to highlight that this now works, but you'll need to be running version 10.1.2 or higher.
-
I noticed this recently in the release notes but haven't tried it yet. Thanks for addressing it!
Add comment
Please sign in to leave a comment.
Thanks