• State Verified Answer
  • Locked Locked
  • Replies 15 replies
  • Answers 1 answer
  • Subscribers 93 subscribers
  • Views 12055 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Initial domain sync fails for DC in untrusted domain

pacman_d
over 6 years ago

Hola,

 

Ok so I have AD sync working fine from our integrated domain, but when adding a domain where there is no trust, I am having issues getting the sync to work.

Couple of notes:

  • I am able to configure the connection in the Sync editor and browse the schema
  • When configuring the Job service for the domain controller in the DMZLAB domain, I am using SQL credentials that have the appropriate perms to the OIM SQL server instance in the LAB domain.
    • Assuming that a i have to use a SQL server cred with this being a domain with out a trust to the domain that the OIM DB is installed.
  • I can see the server in the JobQueue editor and get the configuration version and and refresh the time, etc...
  • SQL server is listening on TCPIP and NamedPipes, etc.
  • Not that it should matter, but all of the appropriate SPNs are defined in the directory in the source domain for the SQL instance.

  • The DMZLAB job server is configured with Machine Roles: (Active Directory and Job Server)
  • The DMZLAB Job server is configured with Server Functions: (Active Directory Connector)

So generally, it appears that all is good with this DMZLAB job server, but when I trigger the initial sync, the Full Projection process kicks off, and after several seconds I get the following error in the DMZLAB server log:

2017-10-06 10:05:31 -04:00 - \DMZLABDCL01 - VI.Projector.JobComponent.ProjectorComponent - 533e6817-ffaf-4699-8a16-181671acbd7e: Errors occured
    [2134003] Error executing synchronization.
    [810143] Database error 18452: Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
    [System.Data.SqlClient.SqlException] Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
       at StdioProcessor.StdioProcessor._Execute(Job job)
       at VI.Projector.JobComponent.ProjectorComponent.Activate(String task)
       at VI.Projector.JobComponent.ProjectorComponent._FullProjection()
       ---- Start of Inner Exception ----
       at VI.Projector.JobComponent.ProjectorComponent._FullProjection()
       at VI.Projector.JobComponent.ProjectorComponent.get_Session()
       at VI.JobService.JobComponents.DbJobComponent.get_ConnectData()
       at VI.JobService.JobComponents.DbJobComponent._ConnectToDatabase()
       at VI.Base.SyncActions.Do[T](Func`1 function)
       at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
       ---- Start of Inner Exception ----
       at VI.DB.DbApp.<ConnectAsync>d__5.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.Base.TaskExtensions.<Convert>d__1`2.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.DataAccess.DbSessionFactoryImpl.<CreateAsync>d__3.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.DataAccess.PhysicalConnectionPool.<CreateAsync>d__9.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.DataAccess.PhysicalConnectionPool.<GetAsync>d__27.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.DataAccess.PhysicalConnectionPool.<_CreateNewBucketAsync>d__30.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.DataAccess.PhysicalConnectionPool._Bucket.<CreateAsync>d__11.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.DataAccess.PhysicalConnectionPool._Bucket.<TryInitializeAsync>d__15.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.DataAccess.DbFactoryBase.<_CreateAndOpenConnectionAsync>d__13.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.DataAccess.PhysicalMsSqlConnection.<OpenAsync>d__17.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at VI.DB.DataAccess.PhysicalConnectionBase.<OpenAsync>d__16.MoveNext()
       ---- Start of Inner Exception ----
       at VI.DB.DataAccess.PhysicalConnectionBase.<OpenAsync>d__16.MoveNext()
       at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
       at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
    --- End of stack trace from previous location where exception was thrown ---
       at System.Threading.Tasks.Task.Execute()
       at System.Threading.Tasks.ContinuationResultTaskFromResultTask`2.InnerInvoke()
       at System.Data.ProviderBase.DbConnectionFactory.<>c__DisplayClass0.<TryGetConnection>b__2(Task`1 _)
       at System.Data.ProviderBase.DbConnectionFactory.CreateNonPooledConnection(DbConnection owningConnection, DbConnectionPoolGroup poolGroup, DbConnectionOptions userOptions)
       at System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, DbConnectionPoolKey poolKey, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection, DbConnectionOptions userOptions)
       at System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, SqlCredential credential, Object providerInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString userConnectionOptions, SessionData reconnectSessionData, DbConnectionPool pool, String accessToken)
       at System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(TimeoutTimer timeout, SqlConnectionString connectionOptions, SqlCredential credential, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance)
       at System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean redirectedUserInstance, SqlConnectionString connectionOptions, SqlCredential credential, TimeoutTimer timeout)
       at System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, SecureString newSecurePassword, Boolean ignoreSniOpenTimeout, TimeoutTimer timeout, Boolean withFailover)
       at System.Data.SqlClient.SqlInternalConnectionTds.CompleteLogin(Boolean enlistOK)
       at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
       at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)
       at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
       at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)
2017-10-06 10:07:00 -04:00 - Info: Requesting process steps for queue \DMZLABDCL01.
2017-10-06 10:07:00 -04:00 - Info: Last process step request succeeded.

I have also gone directly to the local server instance and reconfigured the Job service editor with the SQL connection with the local account just in case the push from designer was setting it with an integrated connection even after specifying that I want to use a SQL account.

As always, I am assuming that I am missing something here and that you guys can straighten me out. This is an important use case for us and I plan to work this through the weekend so if I can get any insights from you guys that would be terrific.

Much appreciated!

Parents Reply Children
No Data