INF: Replication and Windows NT Server Network Configuration

ID: Q160563

The information in this article applies to:

Microsoft SQL Server versions 6.0, 6.5

SUMMARY

As explained in the "Administrator's Companion," replication can be set up between two computers running SQL Server, regardless of the Windows NT Server configuration. This article addresses different configurations with respect to Windows NT Server domains, and describes recommended configurations.

MORE INFORMATION

This article explains the different Windows NT Server dependencies with respect to SQL Server replication, such as remote procedure calls (RPCs), the SQL Executive Startup Account, Network Setup, and Windows NT Server Domain Setup.

Replication and Remote Procedure Calls

SQL Server runs under Windows NT Server and makes use of RPCs to accomplish replication-related tasks. Replication uses RPCs for both setup and replicating transactions. Additionally, any server (publisher, distributor or subscriber) can invoke the RPC to run on any other server. Because it uses the Windows NT Server RPC mechanism, this functionality relies on network name resolution for the successful execution of the RPC. For network name resolution to succeed, the SQL Server name and Windows NT Server name must match. In SQL Server 6.5, if the names are different, an advanced configuration entry can be made for the RPCs to work. For more information, see the "Replication and Invalid SQL Server Names" section of "What's New in SQL Server 6.5."

Replication and the SQL Executive Account

Replication setup requires that the SQL Executive service be started under an account other than "LocalSystemAccount." This account can be either a local account on the computer running Windows NT Server, or a domain account (if this server is a member of a Windows NT Server domain). If the servers participating in replication are in different domains, domain trust relationships should be established to start SQL Executive service on a server that is a member of one domain under a user account from a different domain.

If the account on the distributor that starts the SQL Executive service has administrative privileges on the subscriber, the distribution process uses a trusted connection (integrated security) to connect to the subscriber and gets system administrator (SA) privileges on the subscriber. If a user account from one domain must be given privileges on a server participating in a different domain, then that domain must trust the domain on which the user account exists.

If the account on the distributor that starts the SQL Executive service does NOT have administrative privileges on the subscriber, the distribution task uses a SQL Server logon called "repl_publisher" to connect to subscriber. This account is aliased to the database owner (DBO) on the subscribing database during replication setup. In order for this procedure to work successfully, the servers must be able to see each other at the network level.

Replication and Network Setup

Because SQL Server replication uses trusted connections, it requires a secure Network Library such as named pipes or multi-protocol. Because replication-related tasks run on the distribution server under the context of the SQL Executive service, the default network in the Client Configuration Utility on the server must be either named pipes or multi- protocol.

Windows NT Server Setup

Computers running Windows NT Server that run SQL Server participating in replication can be workgroup servers, members of a Windows NT Server domain (either the same domain or different domains) or any combination. The configuration of Windows NT Server dictates how network name resolution will work. The following sections discuss the different requirements, mechanisms, and problems related to setting up replication.

Workgroup Servers

I. Computers are in the same workgroup:

If the computers running Windows NT Server that run SQL Server participating in replication belong to the same workgroup, replication can be set up normally. Because the computers running Windows NT Server belong to the same workgroup, the network name resolution happens through broadcast, and is reliable (if done within the local subnet). If any routers are involved, name resolution should be forced using either LMHosts lookup or WINS. See the Windows NT Server documentation for details on LMHosts or WINS setup, and determine the best approach.

II. Computers are in different workgroups:

If the computers running Windows NT Server belong to different workgroups, they may not be aware of other servers at the network level. In such cases, network name resolution should be forced, using either LMHosts lookup or WINS.

Servers Participating in a Domain

I. Computers are in the same domain:

If both servers are members of the same domain, network name resolution is guaranteed, and this takes care of the replication requirements of RPCs. This configuration ensures that the publisher, distributor and subscriber know the each other's network addresses, and ensures that any server can invoke an RPC on any other server. Also, with this configuration, the account under which SQL Executive is started on the distributor can easily be given administrative privileges on all servers because it is a member of the same domain. Therefore, the replication tasks will use integrated security and get SA access to the publisher and subscriber.

II. Computers are members of different domains:

Bidirectional trust relationships are recommended if the servers participating in replication belong to different domains. This ensures that network name resolution will work. The following diagram illustrates a bidirectional trust relationship:


               trusts                      trusts
Publisher  <-------------> Distributor <------------> Subscriber

If bidirectional trust relationships cannot be established, it is a good idea to at least set up a one-way trust. The subscribing domain should trust the distributing domain. If the publishing domain is different from the distributor domain, the publisher domain should trust the distributor domain. Most of the RPCs are initiated at the publisher or distributor. Some are initiated at the subscriber and run at the distributor or publisher server (hence the trust direction). The following diagram illustrates the appropriate one-way trust relationship


              trusts                      trusts
Publisher  -------------> Distributor <------------ Subscriber

If no trusts can be established, replication can still be installed and will work properly as long as network name resolution is assured. This can be accomplished by using LMHosts lookup, DNS or WINS. For details on DNS or WINS or LMHosts setup, see your Windows NT Server documentation.

This can be accomplished by creating matching NT userids in each domain which will be used to start the SQLExecutive service on the distributor and grant access on the subscriber. These NT userids must have identical usernames and passwords and have appropriate permissions on both the distributor and subscriber.

Workgroup/Domain Combination

If one server is a workgroup server and another is a member of a domain, force network name resolution using LMHosts lookup, WINS, or DNS (if the publisher server is a member of a domain).

Additional query words: repl netbios


Keywords          : kbinterop kbnetwork kbusage SSrvLAN SSrvRep 
Version           : 6.0 6.5
Platform          : WINDOWS 
Issue type        :

Last Reviewed: April 7, 1999