I've got a group of managed stack server which are hosted on OVH.
Servers are out Microsoft and based on CentOS 7.
I want to make something like that but not with AzureVM:
https://learn.microsoft.com/fr-fr/azure/active-directory/fundamentals/auth-ssh
I tried to connect it to Azure AD to authentificate ssh connections between my private domain and the hosted domain but I didn't joined the managed domain.
I followed this microsoft page
https://learn.microsoft.com/fr-fr/azure/active-directory-domain-services/join-rhel-linux-vm
sudo realm discover <managed domain>
returned me:
realm: No such realm found: <managed domain>
Have you got an idea?
Related
I didn't want to comment on a similar issue which has already been covered on How to give access to Azure-sql server over p2s vpn for developers, I am essentially following on from that.
I have got point to site VPN configured. I can access SQL Server using the IP address from the virtual network when using SQL Server authentication.
I do have a private endpoint configured using a more friendly name mydb.privatelink.database.windows.net. The problem here is that using this with Azure AD authentication means that it is trying to use my public IP which isn't allowed on the SQL Server firewall and disregarding my P2S VPN connection.
I got SQL login working using the tips in the link above, however what I want to get working is Azure AD with MFA. If I use the vnet IP address which works for SQL Server authentication, and select Azure AD authentication with MFA, I get the error
Cannot open server "10.1.1.x" requested by the login. The login failed. Microsoft SQL server Error 40532.
One of my objectives is to provide connectivity to SQL Server without having to allow the public IP address of several users.
Cannot open server "10.1.1.x" requested by the login. The login failed. Microsoft SQL server Error 40532
To solve the above error, you should follow your username with '#servername' (where Servername is the name of your SQL server).
In "Firewalls and virtual networks" of your SQL server, if you marked "Deny public network access" to yes then you will not be able to access the public IP Address, so set it to No to access public IP Address.
For more details on the above, kindly refer to the below documentation link given: -
https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql#deny-public-network-access
I had the exactly same problem and I've found a solution for that: you need to update the host file (C:\Windows\System32\drivers\etc) and add an try with your private endpoint IP and the database host name. This way, the authentication using MFA will work fine and you don't need to add your local IP to the database firewall, since it will be using the VPN connection. Example to add to the host file:
10.2.0.8 prismhcmdev.database.windows.net
We have multiple IIS web applications running on multiple web servers that connect to a SQL Server on a separate machine on the same domain.
Everything was running smoothly for over a year, then we had some major network issues. There was a problem with the replication between the primary and secondary domain controllers. There was an issue with Distributed File System services, Event ID 14530 ("DFS could not access its private data from the Active Directory.").
We got the network issues sorted out apparently, except now, none of the IIS web applications can connect to the SQL Server. We are using Windows Authentication. The error message is "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication." This is weird because we have verified that both the web servers and the SQL Server are in fact on the domain.
To make things weirder, the Network Admin removed the SQL Server from the domain and rejoined it, and the websites worked again... but only for a few minutes. Then the same error started occurring again!
The Network Admin and I have been working on this issue for several days. Any ideas would be appreciated.
Edit:
We can connect using SSMS. Also, applications that do not use IIS can connect. For example, we have a developer with some Fox and Cloud applications that use connection strings that can connect.
We have tried removing and re-adding the web servers to the domain.
The errors in the SQL Server log are as follows:
Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
Error: 18452, Severity: 14, State: 1.
SSPI handshake failed with error code 0x80090311 while establishing a connection with integrated security; the connection has been closed.
Error: 17806, Severity: 20, State: 2.
Edit 2:
The system log on one of the web servers contained this error this morning:
This computer could not authenticate with [domain controller], a Windows domain controller for domain [domain name], and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
Edit 3:
I have tried pretty much everything suggested in this thread, including making sure the user was not locked out, the password was not expired, and the hosts file did not contain an invalid entry for localhost.
Double Hop Delegation: Error retrieving for user IIS APPPOOL. The underlying provider failed on Open. Login failed for user 'Domain\WebVM$'.
I'm setting up a IIS VM server to access a separate SQL Server VM, both machines running Windows Server 2016 and running on intranet. We're using windows authentication, and attemping to impersonate users through the machine account on IIS VM server machine. We are building / deploying MVC IIS bits using ASP.NET Core.
I'm hitting the above (machine account login) error after having configured everything I can think of and referred to several postings. I've configured the following main items:
Web Site setup with Windows Authentication, and ASP.NET Impersonation enabled, all other auth types disabled.
Web Site Config Editor set "system.webServer/security/authentication/windowsAuthentication" : useKernelMode to True
App Pool running .NET CLR Version "No Managed Code"
App Pool using Classic Managed Pipeline Mode
App Pool running as ApplicationPoolIdentity
Confirmed HOST SPN registered for IIS VM machine account in AD (with setspn -L IISVMServer)
Confirmed HOST SPN registered for SQL Server VM machine account in AD
Confirmed ServiceClass/Host:Port registered for SQL Server VM in AD
Registered SPN for IIS server machine account "Trust this computer for delegation to any service (Kerberos only)
Plan to lock down to constrained delegation after getting unconstrained delegation working
Tried running with / without web.config : "system.web identity impersonate="true" /system.web"
I previously posted Kerberos Double Hop Delegation with ASP.NET Core (4.5.2) which is indirectly related to this posting.
thanks, dave
Iam using SQL server 2000 SP4 and iam running a website on localhost.
This worked great, i moved to hostgator to run my websites there.
I changed the IP in inc.config.php but i still get an error when i visit my website.
Core-Error: Failed to connect to database!
Error: Please check if MSSQL-service is running and reachable (firewall, etc.).
I added firewall rules for the ports that are needed and also added sqlserv.exe to the firewall to allow this. The service is up because my client can still connect to my local hosted website.
Do i need to enable remote connection from MSSQL 2000 ?
http://webtest.demoniz.com
I am trying to connect to SQL Server 2012 on a separate domain to Visual Studio/ my computer. (It’s my personal machine on a workgroup).
I have access to the server and can log in fine with SQL authentication but want to log on via Windows Authentication. When I try I get the following error:
The login is from an untrusted domain and cannot be used with Windows Authentication.
This is on the data connection of Visual Studio- nothing to do with any code.
How do I make the domain trusted (without login via AD on my machine) or get around this issue?
I tried using Control Panel credential manager but with no luck.
Thank You
That is a setting on the domain controller, not on your computer. The domain the SQL Server is in needs to trust the domain you are login in from. As you have a workgroup computer, that domain would be just your computer.
Talk to your domain admin to see if they can make that happen.
I managed to solve it by running the following command from the same folder as the software:
runas /netonly /user:<Username and Domain> <name of exe>