Re: OLAP and VPN / authentication / trust

Hi Michael,

I think we have zeroed in on the problem.

You need Network 2 to trust Network 1 users to access the resources on
Network 2. This is the essence of a "Trust Relationship". You cannot create
trusts between the servers - you must create a One-way or Two-Way Forest
Trust. Search MSDN for "forest trust".

You will need assistance from someone with full Domain admins rights on both
sides if you do not have these rights yourself.

I hope this helps you.

--
JimL


"Michael" wrote:

Hello.

Thanks for help!

- Are these 2 different Active directory Forrests or domains?
Yes, to complete different forrests/domains.

- Do you already have a Trust relationship between the domains and it just
seems to not be working for this authentication issue?
There is no trust. I am not familiar with this. Can I create a trust on
SERVER1 to trust SERVER2? How?

- When you try to connect without using the credentials in the connection
string... Are you instead logging into the PC with the user id from the
other
network like Network2\username?
When I not provide the username/password in the string I just get the error
something like "could not connect". I am logged on to the SERVER2 as local
domain user (from SERVER2).

Michael



"JimL" <JimL@xxxxxxxxxxxxxxxxxxxxxxxxx> schrieb im Newsbeitrag
news:F20C7EAD-81CA-4A8D-A266-18633AB49207@xxxxxxxxxxxxxxxx
Michael,

I'm not familiar enough with all the groups to direct to you to a more
appropriate one. However, I am willing to continue to assist here as long
as
it is helpful for you.

- Are these 2 different Active directory Forrests or domains?

- Do you already have a Trust relationship between the domains and it just
seems to not be working for this authentication issue?

- When you try to connect without using the credentials in the connection
string... Are you instead logging into the PC with the user id from the
other
network like Network2\username?


--
JimL


"Michael" wrote:

Hello.

Yes it is an trust / authentication problem, but no routing or DNS
problem.

If this is not the right group any idea where to post my problem?

Thanks a lot
Michael

"JimL" <JimL@xxxxxxxxxxxxxxxxxxxxxxxxx> schrieb im Newsbeitrag
news:8E31260E-0456-471E-A311-650DF7941EB2@xxxxxxxxxxxxxxxx
That's helpful info.

So you are on Network1 with a vpn connecting your network to Network 2.
You
attempt to connect to a SQL server on Network2 using credentials like
Network2\username.

Are these two different domains? perhaps the problem here is the
domains
need to have a trust set up between them in order for Integrated
Security
to
work? But it works when the vpn is between the 2 servers so I'm not too
sure
here.

I don;t think this is an OLAP client/excel issue. I think you are going
to
find the problem in good old-fashioned network troubleshooting -
routing,
DNS, trust relationships, etc.

Let us know if you have any other clues!
--
JimL


"Michael" wrote:

Hello.

Yes, basic routing is ok. I can ping and I can use the SQL server when
I
supply user credentials. So this is all fine. I have tried both, SQL
servername and IP adress. It all points to be the user name & password
and
not the routing.

The username/password I use is a domain user account from the
"distant"
network with the SQL Server running.

Thanks
Michael


"JimL" <JimL@xxxxxxxxxxxxxxxxxxxxxxxxx> schrieb im Newsbeitrag
news:628D3D84-CAFE-4BB9-B524-E6DECAE85796@xxxxxxxxxxxxxxxx
Hi Michael,

First things first:

- With the Site-Site VPN active, have you first checked for basic
routing
functionality, pinging, etc? Are you doing everything by IP address
or
are
you using SQL server server names?

Finally, when you enter a user name/password in the connection
string,
is
this a SQL user account, Local server account, or a domain user
account?


--
JimL


"Michael" wrote:

Hello Group.

I have a question about authentication for excel olap via VPN.

SERVER 1: SQL Server 2005 IP segment "distant" (192.168.1.44)
SERVER 2: Excel 2007 OLAP Query IP segment "local" on Windows 2003
Terminal Server (10.0.0.X)


------------------------
Access string on SERVER2 in Excel file:

Provider=MSOLAP.3;Cache Authentication=False;Persist Security
Info=True;User
ID="";Initial Catalog=multi;Data Source=192.168.1.44;Impersonation
Level=Impersonate;Location=192.168.1.44;Mode=ReadWrite;Protection
Level=Pkt
Privacy;Auto Synch Period=20000;Default Isolation Mode=0;Default
MDX
Visual
Mode=0;MDX Compatibility=1;MDX Unique Name Style=0;Non Empty
Threshold=0;SQLQueryMode=Calculated;Safety Options=2;Secured Cell
Value=0;SQL Compatibility=0;Compression Level=0;Real Time
Olap=False;MDX
Missing Member Mode=Error;Packet Size=4096

---------------------

When I open a Microsoft VPN connection from SERVER2 to SERVER1
(local
IP
adress from SERVER1 on VPN adapter on SERVER2, i.e. 192.168.1.55!)
everything works.

When I have a site-site VPN to access SERVER1 from SERVER2 (no
local
IP
adress from 192.168.1.X, no authentication from SERVER2) it does
not
work.
If I add username & password in the access string the query works,
but
I
am
looking for a solution without username & password.

Is there a way to define something that the SQL Server on SERVER1
trusts
SERVER2 for the OLAP query?

Thanks
Michael












.

Relevant Pages

  • Re: Cached user credentials and logon to different domain
    ... No there is no no trust between domains - and there is no possible way make ... as domains are completly separated (no network connection) ... >> map a shared drive on our domain server though a VPN tunnel. ... please direct all replies ONLY to the Microsoft public ...
    (microsoft.public.windows.server.active_directory)
  • RE: Users unable to browse trusted domain
    ... If I go into server manager on the NT4 Domain Controller, ... This is since I created the trust to the 2003 Domain and migrated one ... you might not have permission to use this network ...
    (microsoft.public.windows.server.migration)
  • Re: What is the best way to administering two separate forests?
    ... Now that you mentioned a trust relationship, it actually makes sense to do ... development and SQL Server management for them. ... network and network resources i.e. Exchange, SQL Server, applications, etc. ... We will just have a separate logical network with a separate ...
    (microsoft.public.win2000.networking)
  • Re: SharePoint Services
    ... IT does not support our Access app explicitly as the app is considered ... The app is a 'split' mde with only the BE sitting on the network ... server will work to speed up the app. ... As I stated moving the backend data to SQL server will usually slow it ...
    (comp.databases.ms-access)
  • Re: What is the best way to administering two separate forests?
    ... If you are going to have a number of users require access to the other forest, ... Setting up the trust will require that the domains have dns name resolution between ... network browsing, then configure the wins servers to be replication partners with the ... > development and SQL Server management for them. ...
    (microsoft.public.win2000.networking)
Loading