Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Peculiar behaviour with connection test and login
#1
Hi, 

I've run across a behaviour with logins to our SQL database, that i find quite peculiar and i was wondering if you could elaborate on it?
Our suspicion is that MFA might be the culprit to the scenario below

A bit of context:
  • We're using ASG2018P5 - As requested in this forum post.
  • Our domain credentials are MFA enabled, while the SQL SA is not.
  • Our ASG DB is hosted in Azure and we use a VPN to create a connection between the ASG client (workstations) and the SQL DB.
  • The VPN prompts for domain credentials and MFA authentication, then stores the MFA token for a little while.

When we attempt to configure a new environment and we try to login to an existing database, we cannot use our domain credentials for the initial database connection test as it fails like seen in these screenshots:

[Image: u4P2Bwv.png][Image: DPMvKKq.png]


We can however use a SQL SA account, which functions just fine and allows us to finish the configuration of the new environment. 

[Image: gbD8UDh.png][Image: xoIRAFL.png]

Upon selecting 'Connect' for the new environment, we can then login using the domain credentials that we tried to use earlier. 

[Image: R1gtZHH.png]


The primary concern is that each user that needs to access the DB in the future will need to use the SQL SA for the initial setup, which we find highly disturbing and not very secure.
Could you please assist or perhaps explain the intended behaviour?

Best regards, 
Mark
Reply
#2
I think I answered nearly the same question some days ago (but can't find it currently) - and as I remember it is not allowed to use AZURE Domain Accounts for an SQL server - don't ask me why - I found this on a Microsoft site - perhaps it will be solved in the future, but currently it seems to be limited or better not working with this constellation. You do not need to use sa user for all - you can create your own local account - in online help it is described which permissions an sql user needs to work probably (Read Database environments => Permissions for sql user)
Regards/Gruss
Oliver
Reply




Users browsing this thread: 1 Guest(s)