Hi Peter,
I agree with Raymond that the problem might be closely related to security.
Though I have not done this before, could you check if the following works
for you?
1. Let's say SQL in DMZ zone is SQL1.
2. We can push the subscription to SQL1 from original SQL Server. My point
is that SQL1 does not access original SQL Server. However, original SQL
Server has access to SQL1. You may need to use methods as Raymond described
(configure all replication connections to use standard security for logging
into remote SQL Servers).
I suggest you try this method and see if it works.
This posting is provided "AS IS" with no warranties, and confers no rights.
Regards,
Bill Cheng
Microsoft Support Engineer
--------------------
| From: Peter A. Schott <pschott@drivefinancial.com>
| Subject: Re: Trans replication to server not on domain, but on LAN?
| Date: Mon, 29 Sep 2003 17:05:37 -0500
| Message-ID: <kvahnvo3rosfgu6lguso0vdj1i2o91v1ru@4ax.com>
| References: <hdg6nvgf9qqev02ts2b8lneo1g8rodrhsv@4ax.com>
<OJKZb9FhDHA.524@tk2msftngp13.phx.gbl>
| X-Newsreader: Forte Agent 1.93/32.576 English (American)
| MIME-Version: 1.0
| Content-Type: text/plain; charset=us-ascii
| Content-Transfer-Encoding: 7bit
| Newsgroups: microsoft.public.sqlserver.replication
| NNTP-Posting-Host: drivefinancial.com 65.105.152.62
| Lines: 1
| Path: cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: cpmsftngxa06.phx.gbl microsoft.public.sqlserver.replication:43779
| X-Tomcat-NG: microsoft.public.sqlserver.replication
|
| Well, I think I'm in for some long work. We want to avoid any issues with
| possible security breaches on this machine and thus want to put it in the
DMZ
| and not have it joined to the domain. That way, even if this machine is
| hacked, they won't be able to do much else with it as it won't have any
domain
| permissions.
|
| I was just wondering what I might run into doing this and wondered if
anyone
| else had done something similar.
|
| Thanks for your time,
|
| -Peter Schott
|
[quoted text, click to view] | "Raymond Mak [MSFT]" <rmak@online.microsoft.com> wrote:
|
| > Hi Peter,
| >
| > First of all, I must admit that I am no expert in such scenarios
although
| > the first thing that comes to my mind is that integrated security will
| > likely not work across machines in a domain-less LAN. As such, you will
| > probably need to configure all replication connections to use standard
| > security for logging into remote SQL Servers. Access to snapshot files
from
| > the distribution agent may also prove problematic if you are using pull
| > subscriptions as the distirbution agent is likely to be running under a
| > local account on the subscriber machine which the remote distributor
machine
| > hosting the snapshot files will have trouble authenticating. There are
| > multiple ways to setup the environment so a pull subscription agent can
| > access the snapshot files in a domain-less LAN but almost of them are a
bit
| > of a hassle.
| >
| > -Raymond
|
|
