March 13, 2016 at 8:29 am
We have a W2k8r2 forest. One rootdomain, local.com, and 2 child domains, child1.local.com and child2.local.com.
About 400 Windows 7 clients. We are outsourcing our desktop environment. Vdi.com is going to host our desktops(VDI's)
We will create a 1 way nontransitive selective external trust between child1.local.com and vdi.com. Also in both domain we have to create DNS conditional forwarders
Active directory users are in child1.local.com, and about 10 SQL 2008r2/2012 servers.
vdi.com wants migrates the users in child1.local.com to their domain. So steve@child1.local.com will be come steve@vdi.com. If steve@vdi.com logs-on a vdi client in the vdi.com domain, starts a application that connects to a SQL server in child1.local.com, we will get a windows pop-up for the user credentials, are access denied issues. steve@vdi.com account is not known in the local.com domain where the SQL server reside. How to solve this SSO issue?
Thanks
March 13, 2016 at 9:31 am
My initial and probably unhelpful reaction to your question is "Fire those idiots and find a company that actually knows what the hell they're doing". I don't know much about such host migrations but it seems to me that, if they've actually done this before, they should have anticipated this problem and (not sure of the terminology so forgive me if incorrect ) created the necessary aliases and other redirection to keep this problem from appearing right out of the gate.
--Jeff Moden
Change is inevitable... Change for the better is not.
March 13, 2016 at 12:45 pm
BEM. Thank you for you're honest reply.
I've asked them about this SSO issue we will have, but didn't get a satisfied answer. They will do some more research. And they told management that they have done those migrations a few times.. Don't thinks so..
I'm not a DBA, but know little bit about SQL.
This is a new situation for me, so i don't have the knowledge to really pinpoint all the issues we can encounter. The same SSO issues i will have with other tools. Exchange is one of them.
Current permission on resources/shares is going to be an issue also if user are migrated. Anyway, i have to convinced management that his is not a good idea.
In this case i know some of the SQL issues i can encounter, but not all of them, how to solve them or create workarounds. Why this migration is a bad or good idea
I agree with you Jeff, but management is going to need more from me then calling them idiots 🙂
Thanks
March 13, 2016 at 2:24 pm
steve.wouden (3/13/2016)
I agree with you Jeff, but management is going to need more from me then calling them idiots 🙂Thanks
Heh... totally agreed especially since it was probably that same management team that hired them. 😀
I think that, at this point, you're going to have to trust them to do what is right because it sounds like they've been hired to take care of the long run. I think the best you can do is to register "tickets" with them when you find an issue so that you at least have a written record of what problems have occurred and what they've done to fix them so that nothing slips between the cracks. Worse yet, you're going to have to maintain a healthy relationship with them because it's now their ball and bat. When you find a problem, be kind in how you convey it. If they're actually worth their salt, they'll rise to the occasion and fix it.
As a bit of a sidebar and to set further expectations, these types of migrations are fraught with problems and the occurrence of the unexpected even for highly skilled, well experienced companies. They might have actually planned for the types of problems you're experiencing and simply haven't completed the migration in total, yet.
Keep a stiff upper lip and have lot's of patience. It's probably the best thing that you can do at this point.
--Jeff Moden
Change is inevitable... Change for the better is not.
March 16, 2016 at 4:19 am
Good points Jeff, I completely agree!
Raising problem tickets is the only workable way forward.
Management should work out for themselves they need to escalate and arrange video links or face to face meetings between the technical teams to get this solved (but suggesting this cannot harm you).
Jeff is right that these type of things can be very hard to get working smoothly. Hopefully your organisation will have someone at technical architect level who is planning this process. Getting the trusts to work should be a stage-by-stage process so that issues can be isolated. Getting SSO to work with IIS and SQL is near the bottom of the stack.
When things are finally working, the technical teams need to have an agreed problem resolution and escalation process, as you will undoubtedly get further issues at some point.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply