May 16, 2009 at 6:37 am
I have a strange situation. The setup is as follows.
I have databases on a central W2K3 stand alone server in the US. This server runs a number of applications SQL in SQL2K5 and IIS 6.
In the UK I have a W2K3 MSSQL2K5 server which is a DC on an internal Firewalled network. There is no direct connection between the servers.
There are two databases on the US server that need to be replicated (Merge) with databases on the UK server. To avoid exposing things I have created a web Publication and subscription to the UK server on the US one using scripts. I also installed a private certificate on the US server with the IIS Resource Kit.
Then on the Uk server I created the subscription via a script. I also logged on from this server via a browser and installed the certificate.
After starting the synchronization everything is working. Both jobs run with success and changes flow between the two servers.
Now comes the problem. I have now noticed that when I VPN and RDP to the Subscription Server in the UK everything runs correctly. However as soon as I logoff the job continues to run but fails with the following message: -
Message
-XSUBSYSTEM Merge
-XSERVER EUW2S007
-XCMDLINE 0
-XCancelEventHandle 0000086C
-XParentProcessHandle 0000076C
2009-05-16 11:30:01.141 Connecting to Subscriber '
2009-05-16 11:30:01.375 Connecting to Subscriber '
2009-05-16 11:30:01.422 The upload message to be sent to Publisher '
2009-05-16 11:30:01.422 The merge process is using Exchange ID '575B8A2F-5C8B-462B-9A34-94E85674FE31' for this web synchronization session.
2009-05-16 11:30:02.250 A security error occurred
2009-05-16 11:30:02.250 Category:NULL
Source: Merge Process
Number: -2147209329
Message: A security error occurred
2009-05-16 11:30:02.250 Category:NULL
Source: Merge Process(Web Sync Client)
Number: -2147023888
Message: The Merge Agent could not connect to the URL 'https://
However as soon as I am logged on again the next time the job runs it succeeds with no other changes.
Surely there must be a way of getting the job to complete without being logged on at the UK server. I suspect that it is probably a security policy somewhere that is stopping it but would be glad of any pointers anyone may have.
Hope that is clear.
Many thanks
Les
May 16, 2009 at 7:05 am
To do anything with jobs in Asp.net the Agent must run with admin permissions so now that the job runs in the context of your permissions you have to create a proxy with your account to run the Agent in both boxes. On a side note you need to take a look at the default IIS6 folder permissions which your SQL Server Agent needs.
http://support.microsoft.com/kb/812614
Kind regards,
Gift Peddie
May 16, 2009 at 7:28 am
Thanks I will go through that document. However to try and isolate the problem and eliminate security issues I did try running the agent on the UK server under a domain admin account and using the US server admin credentials to make the connection. to the US serevr This had with the same result.
May 16, 2009 at 7:34 am
Then the next thing to try is to give Network Service account if you are using it to run Asp.net enough permisisons in both SQL Server on the network level, SQL Server server level and the database level.
Kind regards,
Gift Peddie
May 16, 2009 at 7:49 am
Are we taking about the SQL Server Agent Properties Service on the Subscriber machine.
Just checked and that is running under the Local System Account and it is NOT checked to allow the Service account to Interact with the desktop.
Is this at least part of the problem?
May 16, 2009 at 8:08 am
That is the problem when the agent runs under local system it does not have access to network resources so replication fails, Microsoft have known this since 7.0.
Kind regards,
Gift Peddie
Viewing 6 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply