With the Windows authentication option selected for database connection, the Administration Service uses its service account to authenticate with SQL Server. Additionally, if the Administration Service’s database server holds the Publisher role, and has a Subscriber with Windows authentication, the service account requires the appropriate permissions on the Subscriber SQL Server. For details, see the “SQL Server permissions” section in the Active Roles Quick Start Guide.
Given this role of the service account, you may need to specify a different service account with sufficient SQL Server permissions. Also, you may need to change the service account’s password. You can view or change the service account by using Active Roles Configuration Center as follows.
You can start Configuration Center by selecting Active Roles 7.4 Configuration Center on the Apps page or Start menu, depending upon the version of your Windows operating system. For detailed instructions, see “Running Configuration Center” in the Active Roles Administrator Guide.
If the Publisher has a Subscriber that uses Windows authentication, it is required that the SQL Server Agent logon account on the Publisher SQL Server have appropriate access permissions on the Subscriber SQL Server. For details, see the “SQL Server permissions” section in the Active Roles Quick Start Guide.
Given these requirements of the SQL Server Agent logon account, you may encounter a situation where you need to specify a different logon account with sufficient access permissions. You may also need to change password for the logon account. This section provides instructions on how to change the SQL Server Agent logon account.
You can specify the name and password of the SQL Server Agent logon account by using SQL Server Configuration Manager:
This section provides information on how to repair Active Roles replication if it fails due to insufficient permissions of Replication Agents. The credentials used by Replication Agents to access a given SQL Server depend on authentication mode of the Administration Service connection to that SQL Server:
The following sub-sections elaborate on each of these two options.
If the Administration Service uses Windows authentication, Replication Agents connect to SQL Server in the security context of the SQL Server Agent service. Therefore, the SQL Server Agent logon account must have sufficient permissions for replication to work properly (see the “SQL Server permissions” section in the Active Roles Quick Start Guide.
If the SQL Server Agent logon account does not have the appropriate permissions, is deleted, or has the password changed, Active Roles replication fails. To resolve this problem, give the required permissions to the logon account, or configure the SQL Server Agent service to log on with a different account that has the appropriate permissions. For instructions on how to configure the SQL Server Agent service to log on with a given account, see Changing the SQL Server Agent logon account earlier in this document.
You can use the following instructions to verify that the Replication Agents are configured properly. The instructions vary depending on whether the SQL Server holds the Publisher or Subscriber role. In both cases, you should connect to the Publisher SQL Server using SQL Server Management Studio.
If the Administration Service connects to the Publisher SQL Server using Windows authentication, follow these steps to verify that the Replication Agents are configured properly:
If the Administration Service connects to the Subscriber SQL Server using Windows authentication, follow these steps to verify that the Replication Agents are configured properly:
|
NOTE: You must have Management Studio connected to the Publisher SQL Server, regardless of whether you are managing Replication Agents for the Publisher or for a Subscriber. |
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy