Re: IAS logging SQL server drops authentication if no connection w

Hi James,

Another option is to also enable local file logging, so that both local and
SQL logging are occuring simultaneously. If SQL logging fails, the fact
that IAS can log to a local file keeps authentication going.

That is the case, we are logging also to a local file but when the sql
connection drops it stops authenticating, and drops all requests.
Any ideas?

Greetings,

Marc


"James McIllece [MS]" wrote:

=?Utf-8?B?TWFyYyBKb25rZXJz?= <Marc Jonkers@xxxxxxxxxxxxxxxxxxxxxxxxx>
wrote in news:B1EB40A3-2D7F-4899-BA6B-AC982078FCD2@xxxxxxxxxxxxx:

Hi,

We have IAS configured to log to a central SQL server. When there is
no connection between the SQL and IAS server, the authentication
requests are dropped on the IAS. Resulting in a lot of things not
working. Is there a solution for this, if the IAS cannot log to SQL
that authentication still occurs?

Thx,

Marc Jonkers


Hi Marc --

IAS was intentionally designed so that authentication fails if logging
fails; the reason is that you would have a big security hole if there were
no logging during an attack and would not be able to track down whoever was
initiating the attack.

There are several SQL server logging scenarios presented in the IAS SQL
Server Logging whitepaper that can assist in preventing this failure of
service in circumstances where the connection between the servers is lost.
You can install SQL Server on the IAS server or you can install MSDE 2000
on the IAS server, then replicate records to a central SQL Server (if you
have more than one IAS server that is logging to SQL).

Another option is to also enable local file logging, so that both local and
SQL logging are occuring simultaneously. If SQL logging fails, the fact
that IAS can log to a local file keeps authentication going.

For more info, see "Deploying SQL Server Logging with Windows Server 2003
Internet Authentication Service (IAS)" at
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E4357F7-4070-
4902-95F1-3AD411D963B2&displaylang=en


--
James McIllece, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • ISA Server Logging Questions
    ... there are issues logging to a SQL database on ISA ... are true for both ISA Server 2000 and 2004? ...
    (microsoft.public.isa)
  • Re: IASLogs
    ... What version of Windows Server are you using? ... for SQL Server logging, logging to text/database compatible format, or ... What are your accounting settings in IAS (i.e. ...
    (microsoft.public.internet.radius)
  • Re: ISA Connection to SQL Logging DB Drops
    ... troubleshooting logging issues: ... Starting Saturday the connection between ISA and the SQL DB ... > I check the SQL Database to make sure the USERID is good and that the ISA ... I then go over to the ISA storage server console and the the ...
    (microsoft.public.isa)
  • Re: IAS logging SQL server drops authentication if no connection with
    ... We have IAS configured to log to a central SQL server. ... IAS was intentionally designed so that authentication fails if logging ...
    (microsoft.public.internet.radius)
  • Re: ISA 04 EE und SQL Protokollierung
    ... man z.B. 2 ISA EE Arrays mit je 2 ISA Servern oder auch nur ein Array mit 2 Servern aufbauen möchte? ... Server oder lieber MSDE? ... Groessere Installation (gerade im EE Umfeld SQL Logging) und wenn Logging nur "Nebensache" ist, ...
    (microsoft.public.de.german.isaserver)