INF: Replication and Windows NT Server Network Configuration
ID: Q160563
|
The information in this article applies to:
-
Microsoft SQL Server versions 6.0, 6.5
SUMMARY
As explained in the "Administrator's Companion," replication can be set up
between two computers running SQL Server, regardless of the Windows NT
Server configuration. This article addresses different configurations with
respect to Windows NT Server domains, and describes recommended
configurations.
MORE INFORMATION
This article explains the different Windows NT Server dependencies with
respect to SQL Server replication, such as remote procedure calls (RPCs),
the SQL Executive Startup Account, Network Setup, and Windows NT Server
Domain Setup.
Replication and Remote Procedure Calls
SQL Server runs under Windows NT Server and makes use of RPCs to accomplish
replication-related tasks. Replication uses RPCs for both setup and
replicating transactions. Additionally, any server (publisher, distributor
or subscriber) can invoke the RPC to run on any other server. Because it
uses the Windows NT Server RPC mechanism, this functionality relies on
network name resolution for the successful execution of the RPC. For
network name resolution to succeed, the SQL Server name and Windows NT
Server name must match. In SQL Server 6.5, if the names are different, an
advanced configuration entry can be made for the RPCs to work. For more
information, see the "Replication and Invalid SQL Server Names" section of
"What's New in SQL Server 6.5."
Replication and the SQL Executive Account
Replication setup requires that the SQL Executive service be started under
an account other than "LocalSystemAccount." This account can be either a
local account on the computer running Windows NT Server, or a domain
account (if this server is a member of a Windows NT Server domain). If the
servers participating in replication are in different domains, domain trust
relationships should be established to start SQL Executive service on a
server that is a member of one domain under a user account from a different
domain.
If the account on the distributor that starts the SQL Executive service has
administrative privileges on the subscriber, the distribution process uses
a trusted connection (integrated security) to connect to the subscriber and
gets system administrator (SA) privileges on the subscriber. If a user
account from one domain must be given privileges on a server participating
in a different domain, then that domain must trust the domain on which the
user account exists.
If the account on the distributor that starts the SQL Executive service
does NOT have administrative privileges on the subscriber, the distribution
task uses a SQL Server logon called "repl_publisher" to connect to
subscriber. This account is aliased to the database owner (DBO) on the
subscribing database during replication setup. In order for this procedure
to work successfully, the servers must be able to see each other at the
network level.
Replication and Network Setup
Because SQL Server replication uses trusted connections, it requires a
secure Network Library such as named pipes or multi-protocol. Because
replication-related tasks run on the distribution server under the context
of the SQL Executive service, the default network in the Client
Configuration Utility on the server must be either named pipes or multi-
protocol.
Windows NT Server Setup
Computers running Windows NT Server that run SQL Server participating in
replication can be workgroup servers, members of a Windows NT Server domain
(either the same domain or different domains) or any combination. The
configuration of Windows NT Server dictates how network name resolution
will work. The following sections discuss the different requirements,
mechanisms, and problems related to setting up replication.
Workgroup Servers
I. Computers are in the same workgroup:
If the computers running Windows NT Server that run SQL Server
participating in replication belong to the same workgroup, replication can
be set up normally. Because the computers running Windows NT Server belong
to the same workgroup, the network name resolution happens through
broadcast, and is reliable (if done within the local subnet). If any
routers are involved, name resolution should be forced using either LMHosts
lookup or WINS. See the Windows NT Server documentation for details on
LMHosts or WINS setup, and determine the best approach.
II. Computers are in different workgroups:
If the computers running Windows NT Server belong to different workgroups,
they may not be aware of other servers at the network level. In such cases,
network name resolution should be forced, using either LMHosts lookup or
WINS.
Servers Participating in a Domain
I. Computers are in the same domain:
If both servers are members of the same domain, network name resolution is
guaranteed, and this takes care of the replication requirements of RPCs.
This configuration ensures that the publisher, distributor and subscriber
know the each other's network addresses, and ensures that any server can
invoke an RPC on any other server. Also, with this configuration, the
account under which SQL Executive is started on the distributor can easily
be given administrative privileges on all servers because it is a member of
the same domain. Therefore, the replication tasks will use integrated
security and get SA access to the publisher and subscriber.
II. Computers are members of different domains:
Bidirectional trust relationships are recommended if the servers
participating in replication belong to different domains. This ensures that
network name resolution will work. The following diagram illustrates a
bidirectional trust relationship:
trusts trusts
Publisher <-------------> Distributor <------------> Subscriber
If bidirectional trust relationships cannot be established, it is a good
idea to at least set up a one-way trust. The subscribing domain should
trust the distributing domain. If the publishing domain is different from
the distributor domain, the publisher domain should trust the distributor
domain. Most of the RPCs are initiated at the publisher or distributor.
Some are initiated at the subscriber and run at the distributor or
publisher server (hence the trust direction). The following diagram
illustrates the appropriate one-way trust relationship
trusts trusts
Publisher -------------> Distributor <------------ Subscriber
If no trusts can be established, replication can still be installed and
will work properly as long as network name resolution is assured. This can
be accomplished by using LMHosts lookup, DNS or WINS. For details on DNS or
WINS or LMHosts setup, see your Windows NT Server documentation.
This can be accomplished by creating matching NT userids in each domain
which will be used to start the SQLExecutive service on the distributor
and grant access on the subscriber. These NT userids must have identical
usernames and passwords and have appropriate permissions on both the
distributor and subscriber.
Workgroup/Domain Combination
If one server is a workgroup server and another is a member of a domain,
force network name resolution using LMHosts lookup, WINS, or DNS (if the
publisher server is a member of a domain).
Additional query words:
repl netbios
Keywords : kbinterop kbnetwork kbusage SSrvLAN SSrvRep
Version : 6.0 6.5
Platform : WINDOWS
Issue type :
Last Reviewed: April 7, 1999