Hi,
I have set up an Active Directory, Certificate Services on Windows 2003
Server. I am running SQL 2000 Server. AD and Certificate Services were
installed correctly.
My goal is to be able to use SSL when connecting to SQL Server via Query
Analyzer. I also want to keep the SQL Server installation under a "Domain
User" account with as little privileges as possible.
My problem is that SQL Server will not start when "Domain User" is only a
"member of" "Users" group. It starts when I make "Domain User" a "member of"
"Administrators". It seems that the SSL "forced encryption" will only work
with "Administrator" privileges which is the total access to control the
server, and this is not safe.
Does it mean that SSL "forced encryption" will only work under a "Domain
User" that is a "member" of "Administrators"? Is there another "Group" with
limited privileges that I could assign the "Domain User" to?
How else could I have the SSL work and SQL server installation in a "Domain
User" account?
I have tried so many different things. Wasted one week already. Nothing
works. There was some MS bug bulletin saying that this problem was fixed
with SQL 2000 service pack 2. I have service pack 3a installed. It still
does not work. The log shows the same errors as on the MS fix buletin that
was supposed to be fixed by that sevice pack. I've tried with Windows 2003
Srv, Win 2000 Srv. SQL Standard, Enterprise. I just cant get it to run. Can
you offer some more specific clues? It is so depressing and dissapointing.
Here is the MS buletin that I mentioned:
http://support.microsoft.com/defaul...kb;en-us;314636
Thank you for your help.As long as the account that is starting the service requested the
certificate you should be fine. See my other post.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment